Add Test CA and simple certs for testing
This commit is contained in:
John Smith
20
files/test-ca/pki/ca.crt
Normal file
20
files/test-ca/pki/ca.crt
Normal file
@@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDVDCCAjygAwIBAgIUInouaHzfe4GFGlCYFmIi0AvWHEowDQYJKoZIhvcNAQEL
|
||||
BQAwGTEXMBUGA1UEAwwOVmVpbGlkIFRlc3QgQ0EwHhcNMjExMTIyMTM0OTE5WhcN
|
||||
MzExMTIwMTM0OTE5WjAZMRcwFQYDVQQDDA5WZWlsaWQgVGVzdCBDQTCCASIwDQYJ
|
||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqKTFn4FCcKWysW8NbQZwysKUlwI9kc
|
||||
S4CYy1+4eQC7Tn0eILG3+WfGCjAgRx72co+852NjsNnVwPVh8Xr7RdjyPscp4HTJ
|
||||
jObVC93GofiAKFld2038A3/rsA5DoXyiUj2/nhBdw+aO1yiBXdEw7tIUZLUJ46Ku
|
||||
QapuGXtL4xYXPAxhPhn5PY6xAWkar+6E9tv3g1BknxWlGmfulYaf1dAg2ra0Lswu
|
||||
fiZfepPq9iwhiUlOSo3sWy7ObF+3TxWlQxMpGC1LiAmA4XEyWp2tDOV90B98yLQK
|
||||
2pBhEexGaAJYy7DgZUNOV/WpjzLdDccXrQV9NoKXMOqsYC8MgDV2KjUCAwEAAaOB
|
||||
kzCBkDAdBgNVHQ4EFgQUXX+NrxpW0/TKPdNt71AR92SZbwIwVAYDVR0jBE0wS4AU
|
||||
XX+NrxpW0/TKPdNt71AR92SZbwKhHaQbMBkxFzAVBgNVBAMMDlZlaWxpZCBUZXN0
|
||||
IENBghQiei5ofN97gYUaUJgWYiLQC9YcSjAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
|
||||
AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfL9k5ZrsnFTXrcBsCNhgqll0dwutbn36
|
||||
RzpE6bKZwGAYU3irdFFM3+D2zxaN/H665yL07uLn+XxrgIEplHAao5NSSxeYDUJo
|
||||
5BV5rmnOy+bSDrSfEGvV0OA/WWhPVFAtq2SQnC6GW5YbmzaHIoOunEv2EQrg8yKP
|
||||
pgff16xi+XFuAsR7Z4Cpbkb687Z878a4UaSWP/knnJM8Tjjl2wwxxTbWOvK9hbG3
|
||||
3+L4G6xxXbgvXw2VR8rIUMK44u0xXb3Vwq4dHU6HZZwTNaEs41vNVrCZV45hu8NX
|
||||
ZmcNEdDTPZQ67n+R4pJnbxDFLbTFEU/NZiCjug0jtjzHeRxnAntDFw==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,88 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
12:ce:63:bd:90:f5:ab:de:6d:7f:d7:3e:f3:e6:bb
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: CN=Veilid Test CA
|
||||
Validity
|
||||
Not Before: Nov 22 13:52:16 2021 GMT
|
||||
Not After : Feb 25 13:52:16 2024 GMT
|
||||
Subject: CN=Veilid Test Certificate
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:cb:2e:7a:47:81:be:6f:6b:53:37:51:c1:50:68:
|
||||
5a:44:3d:ba:b9:9b:78:40:84:35:d4:0e:e8:41:a6:
|
||||
0e:0a:b9:34:ae:97:a3:37:3e:81:ed:6c:0f:f8:8a:
|
||||
8b:0b:1a:ed:06:97:57:6d:49:a5:ec:b4:c4:d8:6d:
|
||||
d2:57:c3:87:89:99:ee:b0:d7:c5:82:a1:dc:d5:98:
|
||||
b3:ef:10:da:c0:5c:38:a2:bb:15:3e:0e:5e:bc:a0:
|
||||
cd:a1:f0:07:67:bb:57:3f:89:cc:72:4f:bb:c0:a7:
|
||||
ed:ad:15:07:61:c2:b4:21:73:39:00:9b:8f:aa:04:
|
||||
1b:c4:9d:d4:00:44:87:b1:79:b4:e1:4e:01:3c:ee:
|
||||
a4:bb:f9:ad:5d:88:41:03:b4:bf:df:bf:71:24:ee:
|
||||
0b:69:59:55:dd:43:d1:91:04:de:98:9c:54:f2:ee:
|
||||
63:78:fe:76:19:bf:e6:5d:d6:58:81:3c:1b:02:3d:
|
||||
5d:cc:70:4a:c1:84:06:f6:1a:db:16:b0:e0:30:b0:
|
||||
3a:85:41:48:a1:88:c5:38:04:7b:03:c4:86:f0:da:
|
||||
1a:ff:bc:d1:ac:7f:cd:0c:e8:5a:42:5e:43:7f:0d:
|
||||
61:5d:41:67:0f:b8:07:47:21:93:44:b2:ab:fa:d8:
|
||||
69:bb:b9:6d:a1:56:6d:23:54:aa:49:67:e7:57:c6:
|
||||
e9:c7
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
X509v3 Subject Key Identifier:
|
||||
70:ED:B0:96:71:33:43:16:EF:32:FF:69:11:C9:F0:02:3F:6C:81:88
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:5D:7F:8D:AF:1A:56:D3:F4:CA:3D:D3:6D:EF:50:11:F7:64:99:6F:02
|
||||
DirName:/CN=Veilid Test CA
|
||||
serial:22:7A:2E:68:7C:DF:7B:81:85:1A:50:98:16:62:22:D0:0B:D6:1C:4A
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Key Encipherment
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:Veilid Test Certificate
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
b8:fc:ac:62:d6:95:af:09:db:24:7d:82:2c:02:e1:d0:7b:f5:
|
||||
69:03:a4:42:55:c6:0d:2a:f1:9d:0e:c4:9b:78:40:7d:0d:7d:
|
||||
ec:66:f6:c4:6d:06:d0:5b:58:de:ba:e6:67:ea:af:41:a3:87:
|
||||
b4:37:8b:a8:1f:51:ae:70:e0:0d:f5:51:0a:7a:b3:b3:1d:d1:
|
||||
77:92:63:35:ae:50:9e:04:3d:04:6e:f1:60:c8:e3:8f:1f:75:
|
||||
47:05:27:a0:ff:c5:1b:30:68:b2:f9:5b:e6:f2:81:0f:9b:f2:
|
||||
e8:8c:9d:b6:57:b2:c1:29:e7:d0:d0:88:b3:ba:8e:78:2e:ef:
|
||||
ce:03:a3:12:fa:b4:e9:4e:1f:de:1a:cb:77:72:6b:71:98:02:
|
||||
37:d2:b4:02:f0:2c:08:67:ca:75:0d:af:81:bf:f8:57:f8:d9:
|
||||
4a:93:4f:db:3c:e1:af:3e:ab:9c:fe:87:f0:3a:01:21:6a:5c:
|
||||
99:83:e3:03:47:98:15:23:24:b3:ee:29:27:f4:f1:34:c1:e4:
|
||||
f8:39:5a:92:da:c7:08:dc:71:87:1c:ff:67:e7:ef:24:bc:34:
|
||||
e3:4e:e0:16:12:84:60:d4:7f:a2:c0:5b:85:a9:c5:ef:78:0b:
|
||||
c3:64:cb:b4:05:eb:51:e5:c1:0f:60:da:5c:98:08:bf:5d:b9:
|
||||
1d:33:a7:26
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjjCCAnagAwIBAgIPEs5jvZD1q95tf9c+8+a7MA0GCSqGSIb3DQEBCwUAMBkx
|
||||
FzAVBgNVBAMMDlZlaWxpZCBUZXN0IENBMB4XDTIxMTEyMjEzNTIxNloXDTI0MDIy
|
||||
NTEzNTIxNlowIjEgMB4GA1UEAwwXVmVpbGlkIFRlc3QgQ2VydGlmaWNhdGUwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLLnpHgb5va1M3UcFQaFpEPbq5
|
||||
m3hAhDXUDuhBpg4KuTSul6M3PoHtbA/4iosLGu0Gl1dtSaXstMTYbdJXw4eJme6w
|
||||
18WCodzVmLPvENrAXDiiuxU+Dl68oM2h8Adnu1c/icxyT7vAp+2tFQdhwrQhczkA
|
||||
m4+qBBvEndQARIexebThTgE87qS7+a1diEEDtL/fv3Ek7gtpWVXdQ9GRBN6YnFTy
|
||||
7mN4/nYZv+Zd1liBPBsCPV3McErBhAb2GtsWsOAwsDqFQUihiMU4BHsDxIbw2hr/
|
||||
vNGsf80M6FpCXkN/DWFdQWcPuAdHIZNEsqv62Gm7uW2hVm0jVKpJZ+dXxunHAgMB
|
||||
AAGjgckwgcYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUcO2wlnEzQxbvMv9pEcnwAj9s
|
||||
gYgwVAYDVR0jBE0wS4AUXX+NrxpW0/TKPdNt71AR92SZbwKhHaQbMBkxFzAVBgNV
|
||||
BAMMDlZlaWxpZCBUZXN0IENBghQiei5ofN97gYUaUJgWYiLQC9YcSjATBgNVHSUE
|
||||
DDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwIgYDVR0RBBswGYIXVmVpbGlkIFRl
|
||||
c3QgQ2VydGlmaWNhdGUwDQYJKoZIhvcNAQELBQADggEBALj8rGLWla8J2yR9giwC
|
||||
4dB79WkDpEJVxg0q8Z0OxJt4QH0Nfexm9sRtBtBbWN665mfqr0Gjh7Q3i6gfUa5w
|
||||
4A31UQp6s7Md0XeSYzWuUJ4EPQRu8WDI448fdUcFJ6D/xRswaLL5W+bygQ+b8uiM
|
||||
nbZXssEp59DQiLO6jngu784DoxL6tOlOH94ay3dya3GYAjfStALwLAhnynUNr4G/
|
||||
+Ff42UqTT9s84a8+q5z+h/A6ASFqXJmD4wNHmBUjJLPuKSf08TTB5Pg5WpLaxwjc
|
||||
cYcc/2fn7yS8NONO4BYShGDUf6LAW4Wpxe94C8Nky7QF61HlwQ9g2lyYCL9duR0z
|
||||
pyY=
|
||||
-----END CERTIFICATE-----
|
||||
1
files/test-ca/pki/index.txt
Normal file
1
files/test-ca/pki/index.txt
Normal file
@@ -0,0 +1 @@
|
||||
V 240225135216Z 12CE63BD90F5ABDE6D7FD73EF3E6BB unknown /CN=Veilid Test Certificate
|
||||
1
files/test-ca/pki/index.txt.attr
Normal file
1
files/test-ca/pki/index.txt.attr
Normal file
@@ -0,0 +1 @@
|
||||
unique_subject = no
|
||||
0
files/test-ca/pki/index.txt.attr.old
Normal file
0
files/test-ca/pki/index.txt.attr.old
Normal file
0
files/test-ca/pki/index.txt.old
Normal file
0
files/test-ca/pki/index.txt.old
Normal file
88
files/test-ca/pki/issued/test.crt
Normal file
88
files/test-ca/pki/issued/test.crt
Normal file
@@ -0,0 +1,88 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
12:ce:63:bd:90:f5:ab:de:6d:7f:d7:3e:f3:e6:bb
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: CN=Veilid Test CA
|
||||
Validity
|
||||
Not Before: Nov 22 13:52:16 2021 GMT
|
||||
Not After : Feb 25 13:52:16 2024 GMT
|
||||
Subject: CN=Veilid Test Certificate
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:cb:2e:7a:47:81:be:6f:6b:53:37:51:c1:50:68:
|
||||
5a:44:3d:ba:b9:9b:78:40:84:35:d4:0e:e8:41:a6:
|
||||
0e:0a:b9:34:ae:97:a3:37:3e:81:ed:6c:0f:f8:8a:
|
||||
8b:0b:1a:ed:06:97:57:6d:49:a5:ec:b4:c4:d8:6d:
|
||||
d2:57:c3:87:89:99:ee:b0:d7:c5:82:a1:dc:d5:98:
|
||||
b3:ef:10:da:c0:5c:38:a2:bb:15:3e:0e:5e:bc:a0:
|
||||
cd:a1:f0:07:67:bb:57:3f:89:cc:72:4f:bb:c0:a7:
|
||||
ed:ad:15:07:61:c2:b4:21:73:39:00:9b:8f:aa:04:
|
||||
1b:c4:9d:d4:00:44:87:b1:79:b4:e1:4e:01:3c:ee:
|
||||
a4:bb:f9:ad:5d:88:41:03:b4:bf:df:bf:71:24:ee:
|
||||
0b:69:59:55:dd:43:d1:91:04:de:98:9c:54:f2:ee:
|
||||
63:78:fe:76:19:bf:e6:5d:d6:58:81:3c:1b:02:3d:
|
||||
5d:cc:70:4a:c1:84:06:f6:1a:db:16:b0:e0:30:b0:
|
||||
3a:85:41:48:a1:88:c5:38:04:7b:03:c4:86:f0:da:
|
||||
1a:ff:bc:d1:ac:7f:cd:0c:e8:5a:42:5e:43:7f:0d:
|
||||
61:5d:41:67:0f:b8:07:47:21:93:44:b2:ab:fa:d8:
|
||||
69:bb:b9:6d:a1:56:6d:23:54:aa:49:67:e7:57:c6:
|
||||
e9:c7
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
X509v3 Subject Key Identifier:
|
||||
70:ED:B0:96:71:33:43:16:EF:32:FF:69:11:C9:F0:02:3F:6C:81:88
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:5D:7F:8D:AF:1A:56:D3:F4:CA:3D:D3:6D:EF:50:11:F7:64:99:6F:02
|
||||
DirName:/CN=Veilid Test CA
|
||||
serial:22:7A:2E:68:7C:DF:7B:81:85:1A:50:98:16:62:22:D0:0B:D6:1C:4A
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Key Encipherment
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:Veilid Test Certificate
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
b8:fc:ac:62:d6:95:af:09:db:24:7d:82:2c:02:e1:d0:7b:f5:
|
||||
69:03:a4:42:55:c6:0d:2a:f1:9d:0e:c4:9b:78:40:7d:0d:7d:
|
||||
ec:66:f6:c4:6d:06:d0:5b:58:de:ba:e6:67:ea:af:41:a3:87:
|
||||
b4:37:8b:a8:1f:51:ae:70:e0:0d:f5:51:0a:7a:b3:b3:1d:d1:
|
||||
77:92:63:35:ae:50:9e:04:3d:04:6e:f1:60:c8:e3:8f:1f:75:
|
||||
47:05:27:a0:ff:c5:1b:30:68:b2:f9:5b:e6:f2:81:0f:9b:f2:
|
||||
e8:8c:9d:b6:57:b2:c1:29:e7:d0:d0:88:b3:ba:8e:78:2e:ef:
|
||||
ce:03:a3:12:fa:b4:e9:4e:1f:de:1a:cb:77:72:6b:71:98:02:
|
||||
37:d2:b4:02:f0:2c:08:67:ca:75:0d:af:81:bf:f8:57:f8:d9:
|
||||
4a:93:4f:db:3c:e1:af:3e:ab:9c:fe:87:f0:3a:01:21:6a:5c:
|
||||
99:83:e3:03:47:98:15:23:24:b3:ee:29:27:f4:f1:34:c1:e4:
|
||||
f8:39:5a:92:da:c7:08:dc:71:87:1c:ff:67:e7:ef:24:bc:34:
|
||||
e3:4e:e0:16:12:84:60:d4:7f:a2:c0:5b:85:a9:c5:ef:78:0b:
|
||||
c3:64:cb:b4:05:eb:51:e5:c1:0f:60:da:5c:98:08:bf:5d:b9:
|
||||
1d:33:a7:26
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjjCCAnagAwIBAgIPEs5jvZD1q95tf9c+8+a7MA0GCSqGSIb3DQEBCwUAMBkx
|
||||
FzAVBgNVBAMMDlZlaWxpZCBUZXN0IENBMB4XDTIxMTEyMjEzNTIxNloXDTI0MDIy
|
||||
NTEzNTIxNlowIjEgMB4GA1UEAwwXVmVpbGlkIFRlc3QgQ2VydGlmaWNhdGUwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLLnpHgb5va1M3UcFQaFpEPbq5
|
||||
m3hAhDXUDuhBpg4KuTSul6M3PoHtbA/4iosLGu0Gl1dtSaXstMTYbdJXw4eJme6w
|
||||
18WCodzVmLPvENrAXDiiuxU+Dl68oM2h8Adnu1c/icxyT7vAp+2tFQdhwrQhczkA
|
||||
m4+qBBvEndQARIexebThTgE87qS7+a1diEEDtL/fv3Ek7gtpWVXdQ9GRBN6YnFTy
|
||||
7mN4/nYZv+Zd1liBPBsCPV3McErBhAb2GtsWsOAwsDqFQUihiMU4BHsDxIbw2hr/
|
||||
vNGsf80M6FpCXkN/DWFdQWcPuAdHIZNEsqv62Gm7uW2hVm0jVKpJZ+dXxunHAgMB
|
||||
AAGjgckwgcYwCQYDVR0TBAIwADAdBgNVHQ4EFgQUcO2wlnEzQxbvMv9pEcnwAj9s
|
||||
gYgwVAYDVR0jBE0wS4AUXX+NrxpW0/TKPdNt71AR92SZbwKhHaQbMBkxFzAVBgNV
|
||||
BAMMDlZlaWxpZCBUZXN0IENBghQiei5ofN97gYUaUJgWYiLQC9YcSjATBgNVHSUE
|
||||
DDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwIgYDVR0RBBswGYIXVmVpbGlkIFRl
|
||||
c3QgQ2VydGlmaWNhdGUwDQYJKoZIhvcNAQELBQADggEBALj8rGLWla8J2yR9giwC
|
||||
4dB79WkDpEJVxg0q8Z0OxJt4QH0Nfexm9sRtBtBbWN665mfqr0Gjh7Q3i6gfUa5w
|
||||
4A31UQp6s7Md0XeSYzWuUJ4EPQRu8WDI448fdUcFJ6D/xRswaLL5W+bygQ+b8uiM
|
||||
nbZXssEp59DQiLO6jngu784DoxL6tOlOH94ay3dya3GYAjfStALwLAhnynUNr4G/
|
||||
+Ff42UqTT9s84a8+q5z+h/A6ASFqXJmD4wNHmBUjJLPuKSf08TTB5Pg5WpLaxwjc
|
||||
cYcc/2fn7yS8NONO4BYShGDUf6LAW4Wpxe94C8Nky7QF61HlwQ9g2lyYCL9duR0z
|
||||
pyY=
|
||||
-----END CERTIFICATE-----
|
||||
138
files/test-ca/pki/openssl-easyrsa.cnf
Normal file
138
files/test-ca/pki/openssl-easyrsa.cnf
Normal file
@@ -0,0 +1,138 @@
|
||||
# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = $ENV::EASYRSA_PKI # Where everything is kept
|
||||
certs = $dir # Where the issued certs are kept
|
||||
crl_dir = $dir # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir/certs_by_serial # default place for new certs.
|
||||
|
||||
certificate = $dir/ca.crt # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/ca.key # The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = basic_exts # The extensions to add to the cert
|
||||
|
||||
# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
|
||||
# is designed for will. In return, we get the Issuer attached to CRLs.
|
||||
crl_extensions = crl_ext
|
||||
|
||||
default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
|
||||
default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
|
||||
default_md = $ENV::EASYRSA_DIGEST # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# This allows to renew certificates which have not been revoked
|
||||
unique_subject = no
|
||||
|
||||
# A few different ways of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_anything
|
||||
|
||||
# For the 'anything' policy, which defines allowed DN fields
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
# Easy-RSA request handling
|
||||
# We key off $DN_MODE to determine how to format the DN
|
||||
[ req ]
|
||||
default_bits = $ENV::EASYRSA_KEY_SIZE
|
||||
default_keyfile = privkey.pem
|
||||
default_md = $ENV::EASYRSA_DIGEST
|
||||
distinguished_name = $ENV::EASYRSA_DN
|
||||
x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
|
||||
|
||||
# A placeholder to handle the $EXTRA_EXTS feature:
|
||||
#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
|
||||
|
||||
####################################################################
|
||||
# Easy-RSA DN (Subject) handling
|
||||
|
||||
# Easy-RSA DN for cn_only support:
|
||||
[ cn_only ]
|
||||
commonName = Common Name (eg: your user, host, or server name)
|
||||
commonName_max = 64
|
||||
commonName_default = $ENV::EASYRSA_REQ_CN
|
||||
|
||||
# Easy-RSA DN for org support:
|
||||
[ org ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = $ENV::EASYRSA_REQ_COUNTRY
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = $ENV::EASYRSA_REQ_CITY
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = $ENV::EASYRSA_REQ_ORG
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
|
||||
|
||||
commonName = Common Name (eg: your user, host, or server name)
|
||||
commonName_max = 64
|
||||
commonName_default = $ENV::EASYRSA_REQ_CN
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
|
||||
emailAddress_max = 64
|
||||
|
||||
####################################################################
|
||||
# Easy-RSA cert extension handling
|
||||
|
||||
# This section is effectively unused as the main script sets extensions
|
||||
# dynamically. This core section is left to support the odd usecase where
|
||||
# a user calls openssl directly.
|
||||
[ basic_exts ]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
|
||||
# The Easy-RSA CA extensions
|
||||
[ easyrsa_ca ]
|
||||
|
||||
# PKIX recommendations:
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This could be marked critical, but it's nice to support reading by any
|
||||
# broken clients who attempt to do so.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Limit key usage to CA tasks. If you really want to use the generated pair as
|
||||
# a self-signed cert, comment this out.
|
||||
keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# nsCertType omitted by default. Let's try to let the deprecated stuff die.
|
||||
# nsCertType = sslCA
|
||||
|
||||
# CRL extensions.
|
||||
[ crl_ext ]
|
||||
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
30
files/test-ca/pki/private/ca.key
Normal file
30
files/test-ca/pki/private/ca.key
Normal file
@@ -0,0 +1,30 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,63E22C921323D1B9A6C52515022B0A22
|
||||
|
||||
xeNTc40tJIc7hUflTNbz4ecGjv4Nk61jjBsT3cpqQmetpijltgve+T1JaEl2ValI
|
||||
ToHsRfvOErhdBLlnkOOpxRK9kxZJQsH+nNxUdX16LoPLmAar70fpZDYmocVhZtm0
|
||||
rjYu00eXapJV7mErWgRRg6Av8y4fMhDhhw8lhaWp+Wr91gv+EX9N8R7jXS5g58PW
|
||||
v9PQ/WRDsf7PQX0BARRYLRl+fQs7JD6nlnzV9W8liEjQifQ0qmzaWYx0Yo53XRj4
|
||||
+rw8CMnXFmU4pFM73qUskOmIDn56wf8Y8rADlTJJ28z+luiWwFotHP7ufiEaVXVr
|
||||
kOmlh3/ZN5y6KVfyx9ef3AZ+M7ZyYn8NepD98zRIuhVTBCDZ1Spk61yZuhP8FYgV
|
||||
gqJrwHxKSKHS0SJwM/o973iniQRIMDb40NXMZw5+nF1XWLqGesijdmLX4Dy/CQy0
|
||||
HVMZ+w99bZtAyogmJLv78QI6VtXOcZdm+IQIcBMflTy2AgEywENDce5hXzTqOFSH
|
||||
xtODTvbUD9XXjUEZCfv08fqHFYUnJ/8Sf0IWs4m52HirTOy7pBLXQi7fl1acM0Ky
|
||||
sVJmAfTmxSHY4c0dIT3U9zfkxGFWoTrvthWl4q7ss+n7W2Z0CNaKkCyvOZEoZkFV
|
||||
VTgDDaQN5BJ4bOAByiiRQ+lpkA2yVun606ASFfPNpbuD5cBa0Ei3mg6Wu/+4uGcl
|
||||
YoucGY1b0+kvhdIibNZNFfCYzbEa/rKzYBKV8aVWleyDLHCGnqZh4JG4fItbXvXz
|
||||
8c6Bis4h4+JhAWosDeMaumsAvwPw/ZQ1R0Xj9iFP2di0DSeTYGkoIn3P0/Yf+6ph
|
||||
q9Nlr0w0uqtnAiclrpgXdeBwawmgHF66Gi6VAt5JQHeNEQO6U1KGJz8f97F+xILl
|
||||
MSpUmxqBwe2lGCDILLqvAcj2kRKoOtuUQk+wSCArVxiKIeVwW7VX0I27s67Yi2CQ
|
||||
q2k96R8k90s9M7hzuFdlkp2vZ46MHqR1QLlzI3vWP/zkFxkFUtuko9CYCjYnGxaY
|
||||
VjoGyV1PoIbSGxu1/NR7b6aFGHHFI575L4gEr4lfa9iLK59GVcWvrzwuGRyrT2d2
|
||||
LLm5SF3HGu9uFPVDvYux9HROhIAh6B70pnYxP3nMg3DoyJdoGrtg+vSni7mkBF9J
|
||||
UOuQfqhC2KL93C1srunvPK5eLgRSPjRaHR045DQv+xPL0A7ciEtH4rgmZ1tZnU2W
|
||||
BFlFiDPebrVfx3qWthrsUkykZCAYG0XypumU2LipGQV1kavABGwmII0BXPIPXJA0
|
||||
UsBQOiZbGviBYvPAWTpi8c2Hd36XjEmwMXFgpDWZXXpiST9FWuAd49MMmepLy+JA
|
||||
98V3oaU65rn6Iqplp1rYac8ey2StGxLzl3GIC0gzHZvD6xaJWuyvG60hT4ZL1Zsw
|
||||
Ryo5NXMHvOxa5aCjkVTk5lf2a4AhAF+Fx2wIiAFxHrcplagVf7PLmqOgh+cJPhwD
|
||||
juR3wfKmBA2Z8ldCmuvgxhw/uSdQv/nx6swgPI7u8g3YOIs1/HnLWRp5w0dylXSf
|
||||
mxCcun42fcTY0OPyv1iC3EY/pHOTn4dInQNNhcCVExbqq4bFW836u5AfFBvBjbOA
|
||||
-----END RSA PRIVATE KEY-----
|
||||
30
files/test-ca/pki/private/test.key
Normal file
30
files/test-ca/pki/private/test.key
Normal file
@@ -0,0 +1,30 @@
|
||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIgpTGP+qhFisCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLU8ddNZ6jJ3BIIEyMB/nTIXTaUO
|
||||
n8Oe/ld7JjX1jeiQUuXP9oEYT0Ehi5F5IIQ3zUDUrJujJP+iMniX1OafmzmtcQGc
|
||||
pAmGLAyhJS3p5ILlzvZGjjF19QItKGDno/cwHjQMY0ldj1CfjdGf809DQRdo4q8H
|
||||
2jlGUmtMs83DhsxrlWf9Stia/4s/L+zOvpTaVFXn7UMvVtM2LXWF7GdyRIx6a5w4
|
||||
fXOA6FWGY4ZvSzfkadKJSgyGPEwOW51tLJ+BYZpstrSvgh3VWPtluH0zSFdlOH3t
|
||||
N5V5aQzjoeJyP7uTU09Vzp3zjux1uijmzMHnF2LSw8kGmPRIfWKF91LNn12TUNQu
|
||||
oQLkFWXYRIRBDcEKetr4zkOtvp/JPNOkX44D3Zexl2KhHBqG2hDyOQZ03QN+9H7h
|
||||
PUE4MAHsfx7s62sr7TJ/GHC170ZDtgj6HZAjxjs5D7lkPmKSQoods7sCENMadZiX
|
||||
G0ljz/FTHzpMhhpeaRFqQfE7B3F9K6yQttoxxjAhAX+mOD1ho6NSV7KDN1cESKXB
|
||||
4+afwxGV/Gp3tEk6aAbEz8ntqS+lAE1iOXLzbKPmzFs5CCXDs3/EvvLRh3MPtNkz
|
||||
LcNjFypDL4CCCrxlSVMWce6iouSWyiet+3iwr+YuDx+3U9iMYyTrtL0pQSGiC/3s
|
||||
LZloWf7sWT5zab+KSnhxCu3BsazSqShIRsC1lLziJGQnING1m1bw6nG0gph2vzSJ
|
||||
N/ewIANJkby6XP9e/vJipPyI7xHD2aHUQLBU+Zmc7GhZWgVoAfHs/OvqwmTG2wHX
|
||||
10LVpDX6Fr3wBSqsdtPKH7hNBS2Y/Q/plJk/KwyZ7qlby1SMUYj86vtvcZRG4gn/
|
||||
9Mp72//FqfMrvXaBSZKR3SdR6tZTjBY9w1hUJ/c1HfRQYPISgPU9zSSPgRZtrlwx
|
||||
3/FPp6i2YnfpAFWn9zFkFcUCqdEIWjK50K+v+JAUnD+7aCaznA4/yCAonXGjZwcj
|
||||
eVgk5TJ4OfCVx5JE+HLXDWJSU115rMOUYXm5Jpo/j+ZKakM3diU2opW5ocgrHUl2
|
||||
OwinKMiSwVK2NiLZyv4jcCJdyZI+CqvxqIU9X1fDbJP0v9pm3ANzyii6gPaO57e3
|
||||
NZfmrMSqdlIq93wNIi2oZD7hgKwTBj1p/zxOTbP+QY1Ku8oFfXcF9dh32BBL+cHa
|
||||
aza+RkkGzJ+qBRF6Ub7FmcY/y6r+eOvof+c4drTE5icKP5lzpB85ZuUduF535p5d
|
||||
Y4dy3MM2h/t4dk7xmWp5EAZRRvKBUd7SYyi3a+LyTtHGS8FKdRCENXQi47RUlAqO
|
||||
RpzAgYhchqnRDup2Tmu+MtDTPoOht55haM38kXJZ4LxACzPpYHQ6E37BT77K3Qjh
|
||||
HgLxi/Hr97ZxiuPl7Tq113ljEB5xX1RGgn+s3F+/xxFEJojvGdNJXFWtE2BMSBQb
|
||||
JhFkCyVYsqztBt6kLAJosYA0HornidYYwznswe+d+3ruHicax99JEA2m9xnB3LGy
|
||||
A9+SJCbhS9m+hO10KalW8nuUtX1lXP0ZmjuoYrLMLmv9ihH/CoxmHynMPgFVCXih
|
||||
RRGQmuS+PYBIFs1EShT04Ic280QT00un90ydaUZS3uad9qt7gNbNJ3UW3XqyWf14
|
||||
2Gscnl0IXL4gKNNUxKPeGg==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
15
files/test-ca/pki/reqs/test.req
Normal file
15
files/test-ca/pki/reqs/test.req
Normal file
@@ -0,0 +1,15 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICZzCCAU8CAQAwIjEgMB4GA1UEAwwXVmVpbGlkIFRlc3QgQ2VydGlmaWNhdGUw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLLnpHgb5va1M3UcFQaFpE
|
||||
Pbq5m3hAhDXUDuhBpg4KuTSul6M3PoHtbA/4iosLGu0Gl1dtSaXstMTYbdJXw4eJ
|
||||
me6w18WCodzVmLPvENrAXDiiuxU+Dl68oM2h8Adnu1c/icxyT7vAp+2tFQdhwrQh
|
||||
czkAm4+qBBvEndQARIexebThTgE87qS7+a1diEEDtL/fv3Ek7gtpWVXdQ9GRBN6Y
|
||||
nFTy7mN4/nYZv+Zd1liBPBsCPV3McErBhAb2GtsWsOAwsDqFQUihiMU4BHsDxIbw
|
||||
2hr/vNGsf80M6FpCXkN/DWFdQWcPuAdHIZNEsqv62Gm7uW2hVm0jVKpJZ+dXxunH
|
||||
AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAGe/0bWdwO5YGGfyQ5Gq+CTsEc1AW
|
||||
f5G6uUk55qK1AqpECy3K9YAdDDf3JKLkaVeWlT275TyLcU2qx+kzSIUdGDpvpFui
|
||||
E/vSfGcfZka7z2DSQfnsHvTy8odgMINPvcdZ6k8+ZsqLWPl6HE10QB0HqT7J1UVm
|
||||
/WZkwXKSWWMbDkXZXuGLIYxp7O+ZbweJLMBzWVCarwL7o4D0oWLj16Yta2s2Wn/5
|
||||
zkW9U4vM6W99t+xrZEfDo3reqYsr6i82cESUY0liTDFryYCF7BSmAbw4WPtWS8Qz
|
||||
DxVp8krxG0RlA/RGfwPYz828SCmgERijp9vHKUtQqx97OCo85Hw4kYtvJQ==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
138
files/test-ca/pki/safessl-easyrsa.cnf
Normal file
138
files/test-ca/pki/safessl-easyrsa.cnf
Normal file
@@ -0,0 +1,138 @@
|
||||
# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = /home/jsmith/code/veilid/files/test-ca/pki # Where everything is kept
|
||||
certs = /home/jsmith/code/veilid/files/test-ca/pki # Where the issued certs are kept
|
||||
crl_dir = /home/jsmith/code/veilid/files/test-ca/pki # Where the issued crl are kept
|
||||
database = /home/jsmith/code/veilid/files/test-ca/pki/index.txt # database index file.
|
||||
new_certs_dir = /home/jsmith/code/veilid/files/test-ca/pki/certs_by_serial # default place for new certs.
|
||||
|
||||
certificate = /home/jsmith/code/veilid/files/test-ca/pki/ca.crt # The CA certificate
|
||||
serial = /home/jsmith/code/veilid/files/test-ca/pki/serial # The current serial number
|
||||
crl = /home/jsmith/code/veilid/files/test-ca/pki/crl.pem # The current CRL
|
||||
private_key = /home/jsmith/code/veilid/files/test-ca/pki/private/ca.key # The private key
|
||||
RANDFILE = /home/jsmith/code/veilid/files/test-ca/pki/.rand # private random number file
|
||||
|
||||
x509_extensions = basic_exts # The extensions to add to the cert
|
||||
|
||||
# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
|
||||
# is designed for will. In return, we get the Issuer attached to CRLs.
|
||||
crl_extensions = crl_ext
|
||||
|
||||
default_days = 825 # how long to certify for
|
||||
default_crl_days= 180 # how long before next CRL
|
||||
default_md = sha256 # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# This allows to renew certificates which have not been revoked
|
||||
unique_subject = no
|
||||
|
||||
# A few different ways of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_anything
|
||||
|
||||
# For the 'anything' policy, which defines allowed DN fields
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
name = optional
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
# Easy-RSA request handling
|
||||
# We key off $DN_MODE to determine how to format the DN
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
default_md = sha256
|
||||
distinguished_name = cn_only
|
||||
x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
|
||||
|
||||
# A placeholder to handle the $EXTRA_EXTS feature:
|
||||
#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
|
||||
|
||||
####################################################################
|
||||
# Easy-RSA DN (Subject) handling
|
||||
|
||||
# Easy-RSA DN for cn_only support:
|
||||
[ cn_only ]
|
||||
commonName = Common Name (eg: your user, host, or server name)
|
||||
commonName_max = 64
|
||||
commonName_default = ChangeMe
|
||||
|
||||
# Easy-RSA DN for org support:
|
||||
[ org ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = US
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = California
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = San Francisco
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Copyleft Certificate Co
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = My Organizational Unit
|
||||
|
||||
commonName = Common Name (eg: your user, host, or server name)
|
||||
commonName_max = 64
|
||||
commonName_default = ChangeMe
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = me@example.net
|
||||
emailAddress_max = 64
|
||||
|
||||
####################################################################
|
||||
# Easy-RSA cert extension handling
|
||||
|
||||
# This section is effectively unused as the main script sets extensions
|
||||
# dynamically. This core section is left to support the odd usecase where
|
||||
# a user calls openssl directly.
|
||||
[ basic_exts ]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
|
||||
# The Easy-RSA CA extensions
|
||||
[ easyrsa_ca ]
|
||||
|
||||
# PKIX recommendations:
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# This could be marked critical, but it's nice to support reading by any
|
||||
# broken clients who attempt to do so.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Limit key usage to CA tasks. If you really want to use the generated pair as
|
||||
# a self-signed cert, comment this out.
|
||||
keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# nsCertType omitted by default. Let's try to let the deprecated stuff die.
|
||||
# nsCertType = sslCA
|
||||
|
||||
# CRL extensions.
|
||||
[ crl_ext ]
|
||||
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
1
files/test-ca/pki/serial
Normal file
1
files/test-ca/pki/serial
Normal file
@@ -0,0 +1 @@
|
||||
12CE63BD90F5ABDE6D7FD73EF3E6BC
|
||||
1
files/test-ca/pki/serial.old
Normal file
1
files/test-ca/pki/serial.old
Normal file
@@ -0,0 +1 @@
|
||||
0012ce63bd90f5abde6d7fd73ef3e6bb
|
||||
Reference in New Issue
Block a user