pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

readme for regenerating client cert fixtures

Browse Source
This commit is contained in:
dandds 2018-08-09 14:53:42 -04:00
parent cd3be9c7c0
commit 52fc5a9414
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
tests/fixtures/README.md vendored Normal file
View File

@ -0,0 +1,46 @@
# Regenerating Fixture Certificates
You don't need to keep the key file generated by this process.
1. Certificate with an email as subjectAltName:
```
openssl req -x509 \
-newkey rsa:4096 \
-sha256 \
-nodes \
-days 3650 \
-keyout _foo.key \
-out artgarfunkel@uso.mil.crt \
-subj "/CN=GARFUNKEL.ART.G.5892460358" \
-extensions SAN \
-config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=email:artgarfunkel@uso.mil')
```
2. Certificate with a DNS name as subjectAltName:
```
openssl req -x509 \
-newkey rsa:4096 \
-sha256 \
-nodes \
-days 3650 \
-keyout _foo.key \
-out no-email.crt \
-subj "/CN=GARFUNKEL.ART.G.5892460358" \
-extensions SAN \
-config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=DNS:artgarfunkel.com')
```
3. Certificate with no subjectAltName:
```
openssl req -x509 \
-newkey rsa:4096 \
-sha256 \
-nodes \
-days 3650 \
-keyout _foo.key \
-out no-san.crt \
-subj "/CN=GARFUNKEL.ART.G.5892460358"
```