| Name | Date | Size | #Lines | LOC | ||
|---|---|---|---|---|---|---|
| .. | - | - | ||||
| README | H A D | 25-Apr-2025 | 2.5 KiB | 75 | 52 | |
| badclient.key | H A D | 25-Apr-2025 | 1.7 KiB | 29 | 28 | |
| badclient.pem | H A D | 25-Apr-2025 | 1.3 KiB | 23 | 22 | |
| badserver.key | H A D | 25-Apr-2025 | 1.7 KiB | 29 | 28 | |
| badserver.pem | H A D | 25-Apr-2025 | 1.3 KiB | 23 | 22 | |
| ca-openssl.cnf | H A D | 25-Apr-2025 | 542 | 19 | 15 | |
| ca.key | H A D | 25-Apr-2025 | 1.7 KiB | 29 | 28 | |
| ca.pem | H A D | 25-Apr-2025 | 1.2 KiB | 21 | 20 | |
| client.key | H A D | 25-Apr-2025 | 1.7 KiB | 29 | 28 | |
| client.pem | H A D | 25-Apr-2025 | 1.1 KiB | 21 | 20 | |
| ecdsa.key | H A D | 25-Apr-2025 | 237 | 6 | 5 | |
| index.txt | HD | 25-Apr-2025 | 0 | |||
| openssl.cnf | H A D | 25-Apr-2025 | 10.7 KiB | 360 | 270 | |
| server0.key | H A D | 25-Apr-2025 | 1.7 KiB | 29 | 28 | |
| server0.pem | H A D | 25-Apr-2025 | 1.2 KiB | 21 | 20 | |
| server1-openssl.cnf | H A D | 25-Apr-2025 | 2.8 KiB | 83 | 69 | |
| server1.key | H A D | 25-Apr-2025 | 1.7 KiB | 29 | 28 | |
| server1.pem | H A D | 25-Apr-2025 | 1.3 KiB | 23 | 22 |
README
1The test credentials (CONFIRMEDTESTKEY) have been generated with the following 2commands: 3 4Bad credentials (badclient.* / badserver.*): 5============================================ 6 7These are self-signed certificates: 8 9$ openssl req -x509 -newkey rsa:2048 -keyout badserver.key -out badserver.pem \ 10 -days 3650 -nodes 11 12When prompted for certificate information, everything is default except the 13common name which is set to badserver.test.google.com. 14 15 16Valid test credentials: 17======================= 18 19The ca is self-signed: 20---------------------- 21 22$ openssl req -x509 -new -newkey rsa:2048 -nodes -keyout ca.key -out ca.pem \ 23 -config ca-openssl.cnf -days 3650 -extensions v3_req 24When prompted for certificate information, everything is default. 25 26client is issued by CA: 27----------------------- 28 29$ openssl genrsa -out client.key.rsa 2048 30$ openssl pkcs8 -topk8 -in client.key.rsa -out client.key -nocrypt 31$ openssl req -new -key client.key -out client.csr 32 33When prompted for certificate information, everything is default except the 34common name which is set to testclient. 35 36$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial -in client.csr \ 37 -out client.pem -days 3650 38 39server0 is issued by CA: 40------------------------ 41 42$ openssl genrsa -out server0.key.rsa 2048 43$ openssl pkcs8 -topk8 -in server0.key.rsa -out server0.key -nocrypt 44$ openssl req -new -key server0.key -out server0.csr 45 46When prompted for certificate information, everything is default except the 47common name which is set to *.test.google.com.au. 48 49$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial -in server0.csr \ 50 -out server0.pem -days 3650 51 52server1 is issued by CA with a special config for subject alternative names: 53---------------------------------------------------------------------------- 54 55$ openssl genrsa -out server1.key.rsa 2048 56$ openssl pkcs8 -topk8 -in server1.key.rsa -out server1.key -nocrypt 57$ openssl req -new -key server1.key -out server1.csr -config server1-openssl.cnf 58 59When prompted for certificate information, everything is default except the 60common name which is set to *.test.google.com. 61 62$ openssl x509 -req -CA ca.pem -CAkey ca.key -CAcreateserial -in server1.csr \ 63 -out server1.pem -extensions req_ext -extfile server1-openssl.cnf -days 3650 64 65ecdsa.key is used to test keys with algorithm other than RSA: 66---------------------------------------------------------------------------- 67$ openssl ecparam -name secp256k1 -genkey -noout -out ecdsa.pem 68$ openssl pkcs8 -topk8 -in ecdsa.pem -out ecdsa.key -nocrypt 69 70Clean up: 71--------- 72$ rm *.rsa 73$ rm *.csr 74$ rm ca.srl 75