pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atst/tests/fixtures
History

README.md

Regenerating Fixture Certificates

You don't need to keep the key file generated by this process.

  1. Certificate with an email as subjectAltName:
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out artgarfunkel@uso.mil.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358" \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=email:artgarfunkel@uso.mil')
  1. Certificate with a DNS name as subjectAltName:
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out no-email.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358" \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=DNS:artgarfunkel.com')
  1. Certificate with no subjectAltName:
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out no-san.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358"