# $Revision: 1.8 $ # $Header: /cvs/enterprise/data/lra/onsite/config/product.cfg.onsite.template.public,v 1.8 2001/06/22 17:50:03 buildman Exp $ # This file holds products for customer that pay for a ceremony # to create their own CA, but that CA is within VeriSign's # public hierarchy. These products differ from those in # product.cfg.onsite.template in that these contain a CPS # reference and Policy Statement, and the originator does not # contain the subdir_name (that was needed only because the early # private customers' products were put in the main product.cfg # file, and they needed to be uniquely named). # the field 'minimum operator required' is added for OA account only CLASS1-VeriSignOnSiteNetscape-VeriSign OnSite: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error.standard validity period : 365 delivery format : PKCS#7 MIME pickup signing : yes check db : yes two-step : yes check db : yes valid overlapping period : 30 minimum operator required : 2 } same-as { CLASS1-VeriSignOnSiteNetscape-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteNetscape-VeriSign OnSite Auto Auth: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } error message : error.standard validity period : 365 delivery format : PKCS#7 MIME pickup signing : yes check db : yes two-step : no check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteNetscape-VeriSign OnSite Auto Auth-Renewal, } # the field 'minimum operator required' is added for OA account only CLASS1-VeriSignOnSiteMSIE-VeriSign OnSite: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : yes check db : yes two-step : yes check db : yes valid overlapping period : 30 minimum operator required : 2 } same-as { CLASS1-VeriSignOnSiteMSIE-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteMSIE-VeriSign OnSite Auto Auth: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : yes check db : yes two-step : no check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteMSIE-VeriSign OnSite Auto Auth-Renewal, } CLASS1-VeriSignOnSiteCRS-VeriSign OnSite CRS: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : no check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite CRS-Renewal, } CLASS1-VeriSignOnSiteCRSOne-VeriSign OnSite CRS: Digital ID Class 1 - Affiliate Client Authentication { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : no valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRSOne-VeriSign OnSite CRS-Renewal, } CLASS1-VeriSignOnSiteCRSTwo-VeriSign OnSite CRS: Digital ID Class 2 - Affiliate Client Authentication { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : no valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRSTwo-VeriSign OnSite CRS-Renewal, } CLASS1-VeriSignOnSiteCRSThree-VeriSign OnSite CRS: Digital ID Class 3 - Affiliate Client Authentication { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : no valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRSThree-VeriSign OnSite CRS-Renewal, } # the field 'minimum operator required' is added for OA account only CLASS1-VeriSignOnSiteCRS-VeriSign OnSite: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error.standard validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 minimum operator required : 2 } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteCSR-VeriSign OnSite: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsiteCSR.enduser, deferattc.onsite.enduser error message : error.standard validity period : 365 delivery format : Base64 PKCS#7 INDEF two-step : yes check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCSR-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteCRSOne-VeriSign OnSite: Digital ID Class 1 - Affiliate Client Authentication { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error.standard validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRSOne-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteCRSTwo-VeriSign OnSite: Digital ID Class 2 - Affiliate Client Authentication { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error.standard validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRSTwo-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteCRSThree-VeriSign OnSite: Digital ID Class 3 - Affiliate Client Authentication { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error.standard validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 } same-as { CLASS1-VeriSignOnSiteCRSThree-VeriSign OnSite-Renewal, } #------------------------ KEY MANAGER PRODUCTS ------------- CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Signing CRS: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" standard: keyUsage/0: digitalSignature custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : yes check db : yes two-step : no check db : yes valid overlapping period : 30 store key usage in db : yes } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Signing CRS-Renewal, } CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Signing: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" standard: keyUsage/0: digitalSignature custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } defer message : defer.onsite.NSMS.enduser.signing error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 store key usage in db : yes } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Signing-Renewal, } CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Encryption CRS: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" standard: keyUsage/0: keyEncipherment custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : yes check db : yes two-step : no check db : yes valid overlapping period : 30 store key usage in db : yes } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Encryption CRS-Renewal, } CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Encryption: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" standard: keyUsage/0: keyEncipherment custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } defer message : defer.onsite.NSMS.enduser.encryption error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 store key usage in db : yes } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite Encryption-Renewal, } CLASS1-VeriSignOnSiteCRS-VeriSign OnSite OneKey CRS: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" standard: keyUsage/0: digitalSignature, keyEncipherment custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : yes check db : yes two-step : no check db : yes valid overlapping period : 30 store key usage in db : yes } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite OneKey CRS-Renewal, } CLASS1-VeriSignOnSiteCRS-VeriSign OnSite OneKey: Digital ID Class 2 - OnSite Subscriber { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" standard: keyUsage/0: digitalSignature, keyEncipherment custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 } distinguished name { Add Issuer: no corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 PolicyStatement: AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } defer message : defer.onsite.NSMS.enduser.encryption error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : no check db : yes two-step : yes check db : yes valid overlapping period : 30 store key usage in db : yes } same-as { CLASS1-VeriSignOnSiteCRS-VeriSign OnSite OneKey-Renewal, } ### Auth Bureau CLASS1-VeriSignOnSiteABNetscape-VeriSign OnSite: Digital ID Class 3 - Affiliated Individual OnSite { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no country: AT_COUNTRY, VT_PRINTABLE_STRING, 1 state: AT_STATE, VT_T61_STRING, 1 locality: AT_LOCALITY, VT_T61_STRING, 1 rating: AT_ORG_UNIT, VT_T61_STRING, 1 "Persona Validated to VTN Class 3 Affiliated Individual Standards": AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 "Member, " + member_corp_company: AT_ORG_UNIT, VT_T61_STRING, 1 corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 "Terms of Use at www.verisign.com/rpa (c)00": AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error.standard validity period : 365 delivery format : PKCS#7 MIME pickup signing : yes check db : yes two-step : yes valid overlapping period : 30 minimum operator required : 2 } same-as { CLASS1-VeriSignOnSiteABNetscape-VeriSign OnSite-Renewal, } CLASS1-VeriSignOnSiteABMSIE-VeriSign OnSite: Digital ID Class 3 - Affiliated Individual OnSite { signing unit : signingserver signingserver : HWC2VTN issuer string : CN = Safescrypt Class 1 Consumer Individual Subscriber CA, OU = Terms of use at https://www.safescrypt.com/rpa (c)02, OU = VeriSign Trust Network, O = Safescrypt Limited subject alt name : CN = C1C2-1-1 root : issuerSerial = cf32781db7227ca147c92bc8e680ed16 format : V3 signature algorithm : SA_SHA1_WITH_RSA_ENCRYPTION extensions { standard: basicConstraints/0: FALSE standard: crlDistributionPoints/0: uri, "http://onsitecrl.safescrypt.com/SafescryptClass1ConsumerIndividualSubscriber/LatestCRL.crl" custom: standard.32/0/file: verisignCPSReference custom: netscape.1.1/0/constant: BIT0 custom: verisign_pki.6.9/0/boolean: TRUE } distinguished name { Add Issuer: no country: AT_COUNTRY, VT_PRINTABLE_STRING, 1 state: AT_STATE, VT_T61_STRING, 1 locality: AT_LOCALITY, VT_T61_STRING, 1 rating: AT_ORG_UNIT, VT_T61_STRING, 1 "Persona Validated to VTN Class 3 Affiliated Individual Standards": AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 "Member, " + member_corp_company: AT_ORG_UNIT, VT_T61_STRING, 1 corp_company: AT_ORGANIZATION, VT_T61_STRING, 1 org_unit: AT_ORG_UNIT, VT_T61_STRING, 1 "Terms of Use at www.verisign.com/rpa (c)00": AT_ORG_UNIT, VT_PRINTABLE_STRING, 1 employeeID: AT_ORG_UNIT, VT_T61_STRING, 1 mailStop: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field4: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field5: AT_ORG_UNIT, VT_T61_STRING, 1 additional_field6: AT_ORG_UNIT, VT_T61_STRING, 1 jobTitle: AT_TITLE, VT_T61_STRING, 1 common_name: AT_COMMON_NAME, VT_PRINTABLE_STRING, 1 mail_email: AT_EMAIL_ADDRESS, VT_IA5_STRING, 1, CHECK_EMBED_MAIL } confirmation message : confirm.onsite.enduser defer message : defer.onsite.NSMS.enduser error message : error validity period : 365 delivery format : Base64 PKCS#7 pickup signing : yes check db : yes two-step : yes valid overlapping period : 30 minimum operator required : 2 } same-as { CLASS1-VeriSignOnSiteABMSIE-VeriSign OnSite-Renewal, }