# This config is used by the Time Stamp Authority tests.
#
-RANDFILE = ./.rnd
-
# Extra OBJECT IDENTIFIER info:
oid_section = new_oids
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
-default_md = sha1 # which md to use.
+default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match
#----------------------------------------------------------------------
[ req ]
-default_bits = 1024
+default_bits = 2048
default_md = sha1
distinguished_name = $ENV::TSDNSECT
encrypt_rsa_key = no
certs = $dir/tsaca.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key1.pem # The TSA private key (optional)
-
+signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests = md5, sha1 # Acceptable message digests (mandatory)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
# (optional, default: no)
ess_cert_id_chain = yes # Must the ESS cert id chain be included?
# (optional, default: no)
+ess_cert_id_alg = sha256 # algorithm to compute certificate
+ # identifier (optional, default: sha1)
[ tsa_config2 ]
certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply
# (optional)
signer_key = $dir/tsa_key2.pem # The TSA private key (optional)
-
+signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
-digests = md5, sha1 # Acceptable message digests (mandatory)
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)