[Version] | |
Signature="$Windows NT$ | |
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
; 2.5.29.19 == Basic Constraints for CA | |
[Strings] | |
szOID_BASIC_CONSTRAINTS2 = "2.5.29.19" | |
[EnhancedKeyUsageExtension] | |
OID = 1.3.6.1.4.1.311.76.9.21.1 | |
[NewRequest] | |
Subject = "CN=TestEKUParsingIssuingCA" | |
Exportable = true | |
KeyLength = 256 | |
HashAlgorithm = sha256 | |
KeyUsage = "CERT_KEY_CERT_SIGN_KEY_USAGE" | |
KeyUsageProperty = "NCRYPT_ALLOW_SIGNING_FLAG" | |
MachineKeySet = True | |
RequestType = cert | |
ValidityPeriodUnits = 20 | |
ValidityPeriod = Years | |
ProviderName = "Microsoft Software Key Storage Provider" | |
KeyAlgorithm = "ECDSA_P256" | |
[Extensions] | |
%szOID_BASIC_CONSTRAINTS2% = "{text}" | |
_continue_ = "ca=True" | |
Critical=%szOID_BASIC_CONSTRAINTS2% | |
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
; This extension is so the this CA is only allowed to | |
; issue end-entity certs. | |
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
[BasicConstraintsExtension] | |
PathLength=0 | |
; | |
; Surface Firmware Signing EKU | |
; | |
[Extensions] | |
2.5.29.37 = "{text}" | |
_continue_ = "1.3.6.1.4.1.311.76.9.21.1" | |