##// END OF EJS Templates
Added tag 4.1.3 for changeset 77eaf9539499
Added tag 4.1.3 for changeset 77eaf9539499

File last commit:

r29579:43f3c0df default
r32051:962f7cfb stable
Show More
README
45 lines | 1.8 KiB | text/plain | TextLexer
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Generate a private key (priv.pem):
$ openssl genrsa -out priv.pem 2048
Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
Gregory Szorc
tests: update test certificate generation instructions...
r29579 $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
-out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
$ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
-out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Now generate an expired certificate by turning back the system time:
Gregory Szorc
tests: update test certificate generation instructions...
r29579 $ faketime 2016-01-01T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
-out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Generate a certificate not yet active by advancing the system time:
Gregory Szorc
tests: update test certificate generation instructions...
r29579 $ faketime 2030-01-1T00:00:00Z \
openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
-out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
Gregory Szorc
tests: regenerate x509 test certificates...
r29526
Generate a passphrase protected client certificate private key:
$ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
Create a copy of the private key without a passphrase:
$ openssl rsa -in client-key.pem -passin pass:1234 -out client-key-decrypted.pem
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 Create a CSR and sign the key using the server keypair:
$ printf '.\n.\n.\n.\n.\n.\nhg-client@localhost\n.\n.\n' | \
openssl req -new -key client-key.pem -passin pass:1234 -out client-csr.pem
$ openssl x509 -req -days 9000 -in client-csr.pem -CA pub.pem -CAkey priv.pem \
-set_serial 01 -out client-cert.pem
Yuya Nishihara
tests: extract SSL certificates from test-https.t...
r29331
Gregory Szorc
tests: regenerate x509 test certificates...
r29526 When replacing the certificates, references to certificate fingerprints will
need to be updated in test files.
Fingerprints for certs can be obtained by running:
$ openssl x509 -in pub.pem -noout -sha1 -fingerprint
$ openssl x509 -in pub.pem -noout -sha256 -fingerprint