view ui/tests/data/NOTES @ 309:fa37384b86b6

Add trust "Trusted CA to issue server certificates" to certs on install.
author Sascha Wilde <wilde@intevation.de>
date Fri, 04 Apr 2014 09:53:55 +0200
parents a7317252a27c
children 534df06d5c67
line wrap: on
line source
Testkeys were created with:
    openssl genrsa -out testkey-priv.pem 3072
    openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout


Certificate List was created manually and contains:
    PCA-1-Verwaltung-08
    Intevation-Email-CA-2013
    Intevation-Server-CA-2010

Test files created with:

    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt
    cat list-valid.txt >> list-valid-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt
    cat list-valid.txt >> list-valid-other-signature.txt
    echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt
    cat list-valid.txt >> list-valid-sha1-signature.txt
    cp list-valid-signed.txt list-invalid-signed.txt
    tail -1 list-valid.txt >> list-invalid-signed.txt

# List with 0 created manually by placing a \0 in the signature

# Test server certificate:

    gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key
    cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_bp.key \
    not_before=20130101000000 not_after=20301231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem
    cat valid_ssl_bp.key >> valid_ssl_bp.pem

    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    cat valid_ssl_rsa.key >> valid_ssl_rsa.pem

# Test list certificates (using the rsa key)

for i in {1..30}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid.txt
done

for i in {1..15}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e R:${CERT}\\r >> list-valid.txt
done

http://wald.intevation.org/projects/trustbridge/