• Home
Name Date Size #Lines LOC

..--

BUILDD12-May-2024890 3229

READMED12-May-20243.4 KiB10073

badclient.keyD12-May-20241.7 KiB2928

badclient.pemD12-May-20241.3 KiB2322

badserver.keyD12-May-20241.7 KiB2928

badserver.pemD12-May-20241.3 KiB2322

ca-openssl.cnfD12-May-2024541 1815

ca.keyD12-May-20241.7 KiB2928

ca.pemD12-May-20241.2 KiB2120

client.keyD12-May-20241.7 KiB2928

client.pemD12-May-20241.1 KiB2120

multi-domain-openssl.cnfD12-May-2024879 3127

multi-domain.keyD12-May-20241.7 KiB2928

multi-domain.pemD12-May-20241.4 KiB2524

server0.keyD12-May-20241.7 KiB2928

server0.pemD12-May-20241.2 KiB2120

server1-openssl.cnfD12-May-2024790 2723

server1.keyD12-May-20241.7 KiB2928

server1.pemD12-May-20241.3 KiB2322

README

1The test credentials (CONFIRMEDTESTKEY) have been generated with the following
2commands:
3
4Bad credentials (badclient.* / badserver.*):
5============================================
6
7These are self-signed certificates:
8
9$ openssl req -x509 -newkey rsa:2048 -keyout badserver.key -out badserver.pem \
10  -days 3650 -nodes
11
12When prompted for certificate information, everything is default except the
13common name which is set to badserver.test.google.com.
14
15
16Valid test credentials:
17=======================
18
19The ca is self-signed:
20----------------------
21
22$ openssl req -x509 -new -newkey rsa:2048 -nodes -keyout ca.key -out ca.pem \
23  -config ca-openssl.cnf -days 3650 -extensions v3_req
24When prompted for certificate information, everything is default.
25
26client is issued by CA:
27-----------------------
28
29$ openssl genrsa -out client.key.rsa 2048
30$ openssl pkcs8 -topk8 -in client.key.rsa -out client.key -nocrypt
31$ openssl req -new -key client.key -out client.csr
32
33When prompted for certificate information, everything is default except the
34common name which is set to testclient.
35
36$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial -in client.csr \
37  -out client.pem -days 3650
38
39server0 is issued by CA:
40------------------------
41
42$ openssl genrsa -out server0.key.rsa 2048
43$ openssl pkcs8 -topk8 -in server0.key.rsa -out server0.key -nocrypt
44$ openssl req -new -key server0.key -out server0.csr
45
46When prompted for certificate information, everything is default except the
47common name which is set to *.test.google.com.au.
48
49$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial -in server0.csr \
50  -out server0.pem -days 3650
51
52server1 is issued by CA with a special config for subject alternative names:
53----------------------------------------------------------------------------
54
55$ openssl genrsa -out server1.key.rsa 2048
56$ openssl pkcs8 -topk8 -in server1.key.rsa -out server1.key -nocrypt
57$ openssl req -new -key server1.key -out server1.csr -config server1-openssl.cnf
58
59When prompted for certificate information, everything is default except the
60common name which is set to *.test.google.com.
61
62$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial -in server1.csr \
63  -out server1.pem -extensions req_ext -extfile server1-openssl.cnf -days 3650
64
65multi-domain is a self-signed certificate having multiple subject alternative names:
66----------------------------------------------------------------------------
67
68$ openssl genrsa -out multi-domain.key.rsa 2048
69$ openssl pkcs8 -topk8 -in multi-domain.key.rsa -out multi-domain.key -nocrypt
70$ openssl req -new -key multi-domain.key -out multi-domain.csr -config
71multi-domain-openssl.cnf
72$ openssl req -x509 -new -extensions v3_req -key multi-domain.key -out
73multi-domain.pem -days 3650 -config multi-domain-openssl.cnf
74
75Clean up:
76---------
77$ rm *.rsa
78$ rm *.csr
79$ rm ca.srl
80
81Sync up with other repositories
82===============================
83
84Copies of these keys (except for multi-domain) exist in multiple locations across all the grpc repos
85(e.g., see the following partial list). You need to be careful when updating
86the keys.
87
88grpc-dart/interop/
89grpc-dotnet/testassets/Certs/InteropTests/
90grpc-go/testdata/
91grpc-java/testing/src/main/resources/certs/
92grpc-node/test/data/
93src/csharp/Grpc.IntegrationTesting/data/
94src/objective-c/tests/TestCertificates.bundle/
95src/php/tests/data/
96src/python/grpcio_tests/tests/interop/credentials/
97src/python/grpcio_tests/tests/unit/credentials/
98src/ruby/spec/testdata/
99test/core/end2end/data/
100