Télécharger - Site personnel de Serge Moutou
Télécharger - Site personnel de Serge Moutou
Télécharger - Site personnel de Serge Moutou
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
emailAddress_max = 40<br />
[CA_ROOT]<br />
nsComment<br />
subjectKeyI<strong>de</strong>ntifier<br />
authorityKeyI<strong>de</strong>ntifier<br />
basicConstraints<br />
keyUsage<br />
[CA_SSL]<br />
nsComment<br />
basicConstraints<br />
subjectKeyI<strong>de</strong>ntifier<br />
authorityKeyI<strong>de</strong>ntifier<br />
issuerAltName<br />
keyUsage<br />
nsCertType<br />
[SERVER_RSA_SSL]<br />
nsComment<br />
subjectKeyI<strong>de</strong>ntifier<br />
authorityKeyI<strong>de</strong>ntifier<br />
issuerAltName<br />
subjectAltName<br />
basicConstraints<br />
keyUsage<br />
nsCertType<br />
exten<strong>de</strong>dKeyUsage<br />
= "CA Racine"<br />
= hash<br />
= keyid,issuer:always<br />
= critical,CA:TRUE,pathlen:1<br />
= keyCertSign, cRLSign<br />
= "CA SSL"<br />
= critical,CA:TRUE,pathlen:0<br />
= hash<br />
= keyid,issuer:always<br />
= issuer:copy<br />
= keyCertSign, cRLSign<br />
= sslCA<br />
= "Certificat Serveur SSL"<br />
= hash<br />
= keyid,issuer:always<br />
= issuer:copy<br />
= DNS:www.webserver.com, DNS:www.webserver-bis.com<br />
= critical,CA:FALSE<br />
= digitalSignature, nonRepudiation, keyEncipherment<br />
= server<br />
= serverAuth<br />
[CLIENT_RSA_SSL]<br />
nsComment<br />
= "Certificat Client SSL"<br />
subjectKeyI<strong>de</strong>ntifier = hash<br />
authorityKeyI<strong>de</strong>ntifier = keyid,issuer:always<br />
issuerAltName = issuer:copy<br />
subjectAltName = critical,email:copy,email:userbis@domain.com,email:user-ter@domain.com<br />
basicConstraints = critical,CA:FALSE<br />
keyUsage<br />
= digitalSignature, nonRepudiation<br />
nsCertType<br />
= client<br />
exten<strong>de</strong>dKeyUsage = clientAuth<br />
ANNEXE 2 : Certificats racines.<br />
### Attention ###<br />
(1) Les certificats qui suivent sont intégrés à IE 5.0 : cela ne signifie pas qu'ils sont dignes <strong>de</strong> confiance<br />
Les certificats à conserver sont donc à choisir avec le plus grand soin.<br />
(2) <strong>Télécharger</strong> ainsi <strong>de</strong> tels certificats est contraire au fon<strong>de</strong>ment même <strong>de</strong>s PKI...<br />
#################<br />
153 /163