Name | Date | Size | #Lines | LOC | ||
---|---|---|---|---|---|---|
.. | - | - | ||||
README | D | 03-May-2024 | 2.6 KiB | 73 | 49 | |
badclient.key | D | 03-May-2024 | 916 | 17 | 16 | |
badclient.pem | D | 03-May-2024 | 973 | 18 | 17 | |
badserver.key | D | 03-May-2024 | 916 | 17 | 16 | |
badserver.pem | D | 03-May-2024 | 973 | 18 | 17 | |
ca-openssl.cnf | D | 03-May-2024 | 542 | 19 | 15 | |
ca.key | D | 03-May-2024 | 912 | 17 | 16 | |
ca.pem | D | 03-May-2024 | 855 | 16 | 15 | |
client.key | D | 03-May-2024 | 920 | 17 | 16 | |
client.pem | D | 03-May-2024 | 1 KiB | 19 | 18 | |
index.txt | D | 03-May-2024 | 0 | |||
openssl.cnf | D | 03-May-2024 | 10.7 KiB | 360 | 270 | |
server0.key | D | 03-May-2024 | 916 | 17 | 16 | |
server0.pem | D | 03-May-2024 | 1.1 KiB | 19 | 18 | |
server1-openssl.cnf | D | 03-May-2024 | 2.8 KiB | 83 | 69 | |
server1.key | D | 03-May-2024 | 912 | 17 | 16 | |
server1.pem | D | 03-May-2024 | 964 | 17 | 16 |
README
1The test credentials (CONFIRMEDTESTKEY) have been generated with the following 2commands: 3 4Bad credentials (badclient.* / badserver.*): 5============================================ 6 7These are self-signed certificates: 8 9$ openssl req -x509 -newkey rsa:1024 -keyout badserver.key -out badserver.pem \ 10 -days 3650 -nodes 11 12When prompted for certificate information, everything is default except the 13common name which is set to badserver.test.google.com. 14 15 16Valid test credentials: 17======================= 18 19The ca is self-signed: 20---------------------- 21 22$ openssl req -x509 -new -newkey rsa:1024 -nodes -out ca.pem -config ca-openssl.cnf -days 3650 -extensions v3_req 23When prompted for certificate information, everything is default. 24 25client is issued by CA: 26----------------------- 27 28$ openssl genrsa -out client.key.rsa 1024 29$ openssl pkcs8 -topk8 -in client.key.rsa -out client.key -nocrypt 30$ rm client.key.rsa 31$ openssl req -new -key client.key -out client.csr 32 33When prompted for certificate information, everything is default except the 34common name which is set to testclient. 35 36$ openssl ca -in client.csr -out client.pem -keyfile ca.key -cert ca.pem -verbose -config openssl.cnf -days 3650 -updatedb 37$ openssl x509 -in client.pem -out client.pem -outform PEM 38 39server0 is issued by CA: 40------------------------ 41 42$ openssl genrsa -out server0.key.rsa 1024 43$ openssl pkcs8 -topk8 -in server0.key.rsa -out server0.key -nocrypt 44$ rm server0.key.rsa 45$ openssl req -new -key server0.key -out server0.csr 46 47When prompted for certificate information, everything is default except the 48common name which is set to *.test.google.com.au. 49 50$ openssl ca -in server0.csr -out server0.pem -keyfile ca.key -cert ca.pem -verbose -config openssl.cnf -days 3650 -updatedb 51$ openssl x509 -in server0.pem -out server0.pem -outform PEM 52 53server1 is issued by CA with a special config for subject alternative names: 54---------------------------------------------------------------------------- 55 56$ openssl genrsa -out server1.key.rsa 1024 57$ openssl pkcs8 -topk8 -in server1.key.rsa -out server1.key -nocrypt 58$ rm server1.key.rsa 59$ openssl req -new -key server1.key -out server1.csr -config server1-openssl.cnf 60 61When prompted for certificate information, everything is default except the 62common name which is set to *.test.google.com. 63 64$ openssl ca -in server1.csr -out server1.pem -keyfile ca.key -cert ca.pem -verbose -config server1-openssl.cnf -days 3650 -extensions v3_req -updatedb 65$ openssl x509 -in server1.pem -out server1.pem -outform PEM 66 67Gotchas 68======= 69 70You may have to delete and recreate the index.txt file so that it is empty when 71running the `openssl ca` command. 72 73