1# 2# CRL verfication of certs obtained from SSL sites 3# 4globals 5certNetFetchEnable = false 6crlNetFetchEnable = true 7useSystemAnchors = true 8# alternate these two on successful runs, flip either one for failure 9allowUnverified = true 10requireCrlIfPresent = false 11end 12### 13### all these (until further notice) get CRLs from crl.verisign.com 14### 15echo "=================================" 16test = "www.amazon.com" 17revokePolicy = crl 18cert = amazon_v3.100.cer 19cert = amazon_v3.101.cer 20sslHost = www.amazon.com 21requireCrlIfPresent = true 22end 23echo "=================================" 24test = "www.cduniverse.com" 25revokePolicy = crl 26cert = cduniverse_v3.100.cer 27cert = cduniverse_v3.101.cer 28sslHost = www.cduniverse.com 29allowUnverified = false 30end 31echo "=================================" 32test = "store.apple.com" 33revokePolicy = crl 34allowUnverified = false 35cert = apple_v3.100.cer 36cert = apple_v3.101.cer 37sslHost = store.apple.com 38end 39echo "=================================" 40test = "www.wellsfargo.com" 41revokePolicy = crl 42allowUnverified = false 43cert = wellsfargo_v3.100.cer 44cert = wellsfargo_v3.101.cer 45sslHost = www.wellsfargo.com 46end 47 48#echo "=================================" 49# 50# this server's cert has expired and they don't have a new one yet 51# 52#test = "www.xdss.com" 53#revokePolicy = crl 54#requireOcspIfPresent = true 55#cert = xdss_v3.100.cer 56#cert = xdss_v3.101.cer 57#sslHost = www.xdss.com 58#end 59echo "=================================" 60test = "www.verisign.com" 61revokePolicy = crl 62allowUnverified = false 63cert = verisign_v3.100.cer 64cert = verisign_v3.101.cer 65# 66# This one is the root, which SSL server sent us. 67# Leave it in for variety. 68# 69cert = verisign_v3.102.cer 70sslHost = www.verisign.com 71end 72echo "=================================" 73test = "accounts.key.com" 74revokePolicy = crl 75allowUnverified = false 76cert = keybank_v3.100.cer 77cert = keybank_v3.101.cer 78# 79# This one is the root, which SSL server sent us. 80# Leave it in for variety. 81# 82cert = keybank_v3.102.cer 83sslHost = accounts.key.com 84end 85echo "=================================" 86test = "secure.authorize.net" 87revokePolicy = crl 88allowUnverified = false 89cert = secauth_v3.100.cer 90cert = secauth_v3.101.cer 91sslHost = secure.authorize.net 92end 93### 94### CRLs from crl.thawte.com 95### 96### 97### CRL from http://crl.geotrust.com, issued by Equifax 98### 99echo "=================================" 100test = "www.firstamlink.com" 101revokePolicy = crl 102cert = firstamlink_v3.100.cer 103sslHost = www.firstamlink.com 104requireCrlIfPresent = true 105end 106 107# 108# cert and CRL from entrust 109# temp disabled... 110# 111#echo "=================================" 112#test = "accesd.desjardins.com" 113#revokePolicy = crl 114#cert = entrust_v3.100.cer 115#cert = entrust_v3.101.cer 116#sslHost = accesd.desjardins.com 117#requireCrlIfPresent = true 118#end 119# 120# Secure Server Certification Authority 121# CRL http://SVRSecure-crl.verisign.com/SVRSecure.crl 122# 123echo "=================================" 124test = "www.netfile.state.co.us" 125revokePolicy = crl 126requireCrlIfPresent = true 127cert = netfile.state.co_v3.100.cer 128cert = netfile.state.co_v3.101.cer 129sslHost = www.netfile.state.co.us 130end 131