| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| badclient.key | 22-Oct-2020 | 916 | |
| badclient.pem | 22-Oct-2020 | 973 | |
| badserver.key | 22-Oct-2020 | 916 | |
| badserver.pem | 22-Oct-2020 | 973 | |
| ca-openssl.cnf | 22-Oct-2020 | 542 | |
| ca.key | 22-Oct-2020 | 912 | |
| ca.pem | 22-Oct-2020 | 855 | |
| client.key | 22-Oct-2020 | 920 | |
| client.pem | 22-Oct-2020 | 1K | |
| index.txt | 22-Oct-2020 | 0 | |
| openssl.cnf | 22-Oct-2020 | 10.7K | |
| README | 22-Oct-2020 | 2.6K | |
| server0.key | 22-Oct-2020 | 916 | |
| server0.pem | 22-Oct-2020 | 1.1K | |
| server1-openssl.cnf | 22-Oct-2020 | 2.8K | |
| server1.key | 22-Oct-2020 | 912 | |
| server1.pem | 22-Oct-2020 | 964 | |
README
1 The test credentials (CONFIRMEDTESTKEY) have been generated with the following 2 commands: 3 4 Bad credentials (badclient.* / badserver.*): 5 ============================================ 6 7 These are self-signed certificates: 8 9 $ openssl req -x509 -newkey rsa:1024 -keyout badserver.key -out badserver.pem \ 10 -days 3650 -nodes 11 12 When prompted for certificate information, everything is default except the 13 common name which is set to badserver.test.google.com. 14 15 16 Valid test credentials: 17 ======================= 18 19 The ca is self-signed: 20 ---------------------- 21 22 $ openssl req -x509 -new -newkey rsa:1024 -nodes -out ca.pem -config ca-openssl.cnf -days 3650 -extensions v3_req 23 When prompted for certificate information, everything is default. 24 25 client is issued by CA: 26 ----------------------- 27 28 $ openssl genrsa -out client.key.rsa 1024 29 $ openssl pkcs8 -topk8 -in client.key.rsa -out client.key -nocrypt 30 $ rm client.key.rsa 31 $ openssl req -new -key client.key -out client.csr 32 33 When prompted for certificate information, everything is default except the 34 common name which is set to testclient. 35 36 $ openssl ca -in client.csr -out client.pem -keyfile ca.key -cert ca.pem -verbose -config openssl.cnf -days 3650 -updatedb 37 $ openssl x509 -in client.pem -out client.pem -outform PEM 38 39 server0 is issued by CA: 40 ------------------------ 41 42 $ openssl genrsa -out server0.key.rsa 1024 43 $ openssl pkcs8 -topk8 -in server0.key.rsa -out server0.key -nocrypt 44 $ rm server0.key.rsa 45 $ openssl req -new -key server0.key -out server0.csr 46 47 When prompted for certificate information, everything is default except the 48 common name which is set to *.test.google.com.au. 49 50 $ openssl ca -in server0.csr -out server0.pem -keyfile ca.key -cert ca.pem -verbose -config openssl.cnf -days 3650 -updatedb 51 $ openssl x509 -in server0.pem -out server0.pem -outform PEM 52 53 server1 is issued by CA with a special config for subject alternative names: 54 ---------------------------------------------------------------------------- 55 56 $ openssl genrsa -out server1.key.rsa 1024 57 $ openssl pkcs8 -topk8 -in server1.key.rsa -out server1.key -nocrypt 58 $ rm server1.key.rsa 59 $ openssl req -new -key server1.key -out server1.csr -config server1-openssl.cnf 60 61 When prompted for certificate information, everything is default except the 62 common name which is set to *.test.google.com. 63 64 $ openssl ca -in server1.csr -out server1.pem -keyfile ca.key -cert ca.pem -verbose -config server1-openssl.cnf -days 3650 -extensions v3_req -updatedb 65 $ openssl x509 -in server1.pem -out server1.pem -outform PEM 66 67 Gotchas 68 ======= 69 70 You may have to delete and recreate the index.txt file so that it is empty when 71 running the `openssl ca` command. 72 73
