Corrected Test CA configuration
This commit is contained in:
parent
0564320d73
commit
221af7524f
|
@ -9,4 +9,7 @@ target
|
|||
*.iml
|
||||
**/log4j2-debug.xml
|
||||
**/.checkstyle
|
||||
*.bak
|
||||
*.bak
|
||||
/test-CA/newcerts/
|
||||
/test-CA/serial.txt*
|
||||
/test-CA/index.txt*
|
||||
|
|
|
@ -1,16 +1,27 @@
|
|||
= SSL key / cert material (optional)
|
||||
= SSL key / cert material
|
||||
|
||||
Execute in the project root
|
||||
|
||||
# Issue a certificate request
|
||||
---
|
||||
openssl req -config openssl.cnf -new -nodes -sha256 -days 36500 \
|
||||
-subj '/O=Apache Software Foundation/OU=HttpComponents Project/CN=test-httpd/emailAddress=dev@hc.apache.org/' \
|
||||
-keyout server-key.pem -out server-certreq.pem
|
||||
openssl req -config test-CA/openssl.cnf -new -nodes -sha256 -days 36500 \
|
||||
-subj '/O=Apache Software Foundation/OU=HttpComponents Project/CN=localhost/emailAddress=dev@hc.apache.org/' \
|
||||
-addext 'subjectAltName = DNS:localhost,DNS:test-httpd' \
|
||||
-keyout httpclient5-testing/src/test/resources/docker/server-key.pem \
|
||||
-out httpclient5-testing/src/test/resources/docker/server-certreq.pem
|
||||
---
|
||||
# Verify the request
|
||||
---
|
||||
openssl req -in server-certreq.pem -text -noout
|
||||
openssl req -in httpclient5-testing/src/test/resources/docker/server-certreq.pem -text -noout
|
||||
---
|
||||
# Sign new certificate with the test CA key
|
||||
---
|
||||
openssl ca -config openssl.cnf -days 36500 -out server-cert.pem -in server-certreq.pem && rm server-certreq.pem
|
||||
openssl ca -config test-CA/openssl.cnf -days 36500 \
|
||||
-out httpclient5-testing/src/test/resources/docker/server-cert.pem \
|
||||
-in httpclient5-testing/src/test/resources/docker/server-certreq.pem \
|
||||
&& rm httpclient5-testing/src/test/resources/docker/server-certreq.pem
|
||||
---
|
||||
|
||||
# Create JKS store with the Test CA cert
|
||||
keytool -import -trustcacerts -alias test-ca -file test-CA/ca-cert.pem -keystore httpcore5-testing/src/test/resources/test-ca.jks -storepass nopassword
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
V 21161223094143Z 01 unknown /O=Apache Software Foundation/OU=HttpComponents Project/CN=test-httpd/emailAddress=dev@hc.apache.org
|
|
@ -1,355 +0,0 @@
|
|||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
# Policies used by the TSA examples.
|
||||
tsa_policy1 = 1.2.3.4.1
|
||||
tsa_policy2 = 1.2.3.4.5.6
|
||||
tsa_policy3 = 1.2.3.4.5.7
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = . # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir # default place for new certs.
|
||||
|
||||
certificate = ../../../test-CA/ca-cert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = ../../../test-CA/ca-key.pem # The private key
|
||||
RANDFILE = ../../../test-CA/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = default # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_match
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
organizationName = match
|
||||
organizationalUnitName = match
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
|
||||
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
|
||||
string_mask = utf8only
|
||||
|
||||
req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Apache Software Foundation
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = HttpComponents Project
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_max = 64
|
||||
commonName_default = test-httpd
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 64
|
||||
emailAddress_default = dev@hc.apache.org
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = A challenge password
|
||||
challengePassword_min = 4
|
||||
challengePassword_max = 20
|
||||
|
||||
unstructuredName = An optional company name
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This is required for TSA certificates.
|
||||
# extendedKeyUsage = critical,timeStamping
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[ alt_names ]
|
||||
DNS.1 = test-httpd
|
||||
DNS.2 = localhost
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
|
||||
# Extensions for a typical CA
|
||||
|
||||
|
||||
# PKIX recommendation.
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
|
||||
authorityKeyIdentifier=keyid:always,issuer
|
||||
|
||||
# This is what PKIX recommends but some broken software chokes on critical
|
||||
# extensions.
|
||||
#basicConstraints = critical,CA:true
|
||||
# So we do this instead.
|
||||
basicConstraints = CA:true
|
||||
|
||||
# Key usage: this is typical for a CA certificate. However since it will
|
||||
# prevent it being used as an test self-signed certificate it is best
|
||||
# left out by default.
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
|
||||
# Some might want this also
|
||||
# nsCertType = sslCA, emailCA
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
# subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
# issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
[ proxy_cert_ext ]
|
||||
# These extensions should be added when creating a proxy certificate
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This really needs to be in place for it to be a proxy certificate.
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
||||
|
||||
####################################################################
|
||||
[ tsa ]
|
||||
|
||||
default_tsa = tsa_config1 # the default TSA section
|
||||
|
||||
[ tsa_config1 ]
|
||||
|
||||
# These are used by the TSA reply generation only.
|
||||
dir = ./demoCA # TSA root directory
|
||||
serial = $dir/tsaserial # The current serial number (mandatory)
|
||||
crypto_device = builtin # OpenSSL engine to use for signing
|
||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
||||
# (optional)
|
||||
certs = $dir/cacert.pem # Certificate chain to include in reply
|
||||
# (optional)
|
||||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
|
||||
|
||||
default_policy = tsa_policy1 # Policy if request did not specify it
|
||||
# (optional)
|
||||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
||||
digests = md5, sha1 # Acceptable message digests (mandatory)
|
||||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
||||
clock_precision_digits = 0 # number of digits after dot. (optional)
|
||||
ordering = yes # Is ordering defined for timestamps?
|
||||
# (optional, default: no)
|
||||
tsa_name = yes # Must the TSA name be included in the reply?
|
||||
# (optional, default: no)
|
||||
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
||||
# (optional, default: no)
|
|
@ -1 +0,0 @@
|
|||
02
|
|
@ -1,35 +1,35 @@
|
|||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 1 (0x1)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Serial Number: 0 (0x0)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: O=Apache Software Foundation, OU=HttpComponents Project, CN=Test CA/emailAddress=dev@hc.apache.org
|
||||
Validity
|
||||
Not Before: Jan 16 09:41:43 2017 GMT
|
||||
Not After : Dec 23 09:41:43 2116 GMT
|
||||
Subject: O=Apache Software Foundation, OU=HttpComponents Project, CN=test-httpd/emailAddress=dev@hc.apache.org
|
||||
Not Before: Oct 20 19:14:02 2024 GMT
|
||||
Not After : Sep 26 19:14:02 2124 GMT
|
||||
Subject: O=Apache Software Foundation, OU=HttpComponents Project, CN=localhost/emailAddress=dev@hc.apache.org
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:da:55:cb:73:c3:42:cf:c1:4e:6e:d9:74:b8:f8:
|
||||
1c:3f:1a:de:8d:72:3a:c4:62:f7:eb:e4:72:5b:9b:
|
||||
9e:65:09:0e:f4:9b:f0:bd:29:d5:af:a9:d1:5f:82:
|
||||
99:53:49:1f:7a:5c:6f:6c:0f:a2:48:68:c7:53:3e:
|
||||
9b:9f:b2:c2:eb:8f:6b:38:c4:6a:75:52:55:60:9d:
|
||||
60:40:9b:a4:79:c6:c7:ae:1c:6c:d9:c8:b6:5b:cb:
|
||||
d4:af:78:45:0e:57:62:04:48:1d:d2:f3:c1:98:ac:
|
||||
64:1f:ae:8d:30:78:ec:52:b3:03:6c:4b:1c:b1:87:
|
||||
56:5e:a4:c3:3c:54:6b:05:22:95:30:c8:0c:d4:d4:
|
||||
43:f0:eb:5b:58:29:5c:ce:98:97:cc:86:7a:8a:fd:
|
||||
70:0e:c0:55:57:21:2e:4a:f5:5d:be:ba:6e:76:99:
|
||||
6a:c7:9d:9f:5f:31:63:9c:ae:b5:03:75:6c:ec:d7:
|
||||
e8:75:6b:e4:5d:23:30:e7:c8:b9:86:ec:9d:73:e8:
|
||||
06:43:6a:66:51:57:84:bd:75:1b:c8:4d:6b:9c:11:
|
||||
79:36:bf:dd:d4:a8:0d:ce:6b:c3:d7:7e:0e:f5:b0:
|
||||
78:c1:80:96:d5:45:73:ca:86:8e:7e:0f:85:43:6e:
|
||||
26:0d:20:3a:72:12:80:73:60:a2:90:a1:13:30:27:
|
||||
d5:35
|
||||
00:9d:12:0f:d0:8a:7e:0a:e4:76:b8:08:af:3f:5f:
|
||||
0f:b4:4c:70:24:22:4e:8f:8f:55:ec:ae:31:6c:e2:
|
||||
05:68:df:c5:c0:4d:e9:a5:ed:d9:4e:71:ed:e7:3c:
|
||||
51:ac:0a:fe:21:96:7c:0c:7b:2f:fa:6f:4f:73:69:
|
||||
38:a0:25:a7:4c:d0:69:fc:a2:8d:94:cb:4f:9e:c7:
|
||||
1f:a3:b2:5b:94:5f:20:3c:61:4d:73:a6:9c:a4:7c:
|
||||
72:25:26:ee:a6:d0:d8:f0:49:e7:b3:e0:f5:4d:de:
|
||||
6e:54:80:b9:54:8c:37:9d:d2:c0:ac:8b:43:03:8d:
|
||||
9c:c9:ac:91:f9:31:4f:6d:e9:2d:d5:de:b9:c4:34:
|
||||
de:67:3d:1a:4e:25:43:5e:ee:8e:01:67:d6:b2:4a:
|
||||
49:53:f9:d3:0c:93:5d:a9:1f:52:f7:23:93:1d:73:
|
||||
3a:d4:e1:dd:2b:a2:d1:65:b1:ef:69:12:1a:fc:6b:
|
||||
24:7c:96:6b:d2:27:21:4e:38:04:af:e4:d1:f6:4e:
|
||||
b2:8a:a4:59:b6:c8:c5:21:d5:c0:d6:d8:7e:58:b2:
|
||||
4e:3a:9e:6f:81:8a:1a:0e:0e:61:69:15:cb:7a:19:
|
||||
1a:37:62:3b:96:b3:3b:20:11:b7:1e:a6:63:39:2b:
|
||||
0c:c2:2b:77:7b:0d:21:ef:42:26:71:ce:76:49:cb:
|
||||
68:33
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
|
@ -37,52 +37,49 @@ Certificate:
|
|||
Netscape Comment:
|
||||
OpenSSL Generated Certificate
|
||||
X509v3 Subject Key Identifier:
|
||||
01:1E:40:80:D8:79:41:3D:8D:69:D6:E5:6C:DF:34:5D:8E:D7:07:D1
|
||||
38:19:4F:BF:C1:71:41:FE:78:91:B0:09:39:8B:AD:D7:05:B9:D9:82
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:03:E4:E7:DA:0F:64:DB:13:1E:BD:85:AB:76:BC:29:CA:2F:A7:C7:4B
|
||||
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Non Repudiation, Key Encipherment
|
||||
03:E4:E7:DA:0F:64:DB:13:1E:BD:85:AB:76:BC:29:CA:2F:A7:C7:4B
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:test-httpd, DNS:localhost
|
||||
DNS:localhost, DNS:test-httpd
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
88:be:99:32:13:9b:3f:89:59:65:19:2a:0e:1e:7d:9f:29:c5:
|
||||
d6:7e:82:db:18:2c:cb:b9:71:ef:ac:8b:31:0e:7c:b1:f9:7a:
|
||||
b5:60:2f:08:63:e1:1e:f5:d0:fe:e4:b7:4e:98:de:1b:01:22:
|
||||
35:35:1c:ab:39:aa:25:d5:77:42:4c:eb:f6:d7:88:ba:14:27:
|
||||
05:ae:08:b8:80:69:3c:e1:c6:d3:d1:26:1e:76:c7:a9:b2:2b:
|
||||
c3:2e:f6:27:db:3d:6c:2e:5c:ac:b1:2b:06:b0:8c:0b:74:3a:
|
||||
72:dc:15:48:20:df:23:b1:2f:60:ba:e3:80:da:36:dc:aa:f6:
|
||||
87:4a:c9:82:74:40:4a:f9:cc:95:d9:2b:2b:20:c8:fd:b5:87:
|
||||
14:f6:13:1b:38:e6:7e:13:84:0b:c1:24:fe:dd:18:0c:ca:df:
|
||||
fb:71:5d:ea:aa:fb:ca:20:54:0b:7b:40:93:20:c5:4b:af:a6:
|
||||
89:86:2f:49:d7:83:0e:4e:47:be:5f:f9:34:f9:38:7f:25:18:
|
||||
05:0c:26:5e:aa:4c:c6:70:d2:27:5d:20:ef:8a:51:b6:86:8c:
|
||||
66:26:3d:36:8b:b0:b9:e0:cb:17:22:a5:b6:30:a0:c4:ae:9f:
|
||||
80:fb:7b:f1:55:f8:2f:61:b8:1e:f8:eb:2c:86:a3:53:6c:bd:
|
||||
c5:af:a2:1f
|
||||
Signature Value:
|
||||
07:59:06:b5:60:2d:55:ce:09:bd:f1:46:19:ef:e5:90:fa:b8:
|
||||
bf:da:08:ac:cd:96:9e:06:e4:b2:dc:1c:92:bf:b4:c0:ee:84:
|
||||
d5:39:92:43:84:bc:c7:c9:ea:6d:c0:90:f5:0c:d3:df:09:c2:
|
||||
c3:44:6b:5e:4d:fe:7f:6b:04:f9:58:9f:b3:e8:2f:ad:9a:09:
|
||||
91:b7:3c:dc:2b:ff:6c:db:9f:c8:63:aa:33:0e:3a:93:8e:2a:
|
||||
99:c4:c0:c0:5a:a1:d1:a2:79:ac:07:cf:f6:aa:f7:f3:7a:42:
|
||||
9a:99:47:7c:9e:a3:7a:0c:bd:59:d1:07:18:de:f5:64:71:53:
|
||||
83:99:38:bf:12:30:8d:89:49:8d:4b:c9:58:03:5e:6d:86:58:
|
||||
f3:32:a9:e0:24:18:0f:60:79:5a:54:8b:9e:be:9d:68:41:24:
|
||||
4b:2b:f8:d0:21:74:9e:bc:ea:f9:0c:c0:f9:56:e2:2c:ff:69:
|
||||
71:03:5c:76:d2:ea:f6:9c:05:4f:d2:28:7c:99:a1:5d:aa:ab:
|
||||
9b:31:82:ce:11:69:08:1c:5a:2c:86:92:4c:82:86:9a:ed:9f:
|
||||
f4:fe:c6:0b:df:1b:15:38:13:9c:3b:46:75:d8:ce:b0:ae:6e:
|
||||
64:3f:1b:b4:0b:1a:fb:bc:67:f4:aa:8e:e3:42:e1:3e:6e:e7:
|
||||
5f:98:64:2e
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEIDCCAwigAwIBAgIBATANBgkqhkiG9w0BAQsFADB6MSMwIQYDVQQKDBpBcGFj
|
||||
MIIEEjCCAvqgAwIBAgIBADANBgkqhkiG9w0BAQsFADB6MSMwIQYDVQQKDBpBcGFj
|
||||
aGUgU29mdHdhcmUgRm91bmRhdGlvbjEfMB0GA1UECwwWSHR0cENvbXBvbmVudHMg
|
||||
UHJvamVjdDEQMA4GA1UEAwwHVGVzdCBDQTEgMB4GCSqGSIb3DQEJARYRZGV2QGhj
|
||||
LmFwYWNoZS5vcmcwIBcNMTcwMTE2MDk0MTQzWhgPMjExNjEyMjMwOTQxNDNaMH0x
|
||||
LmFwYWNoZS5vcmcwIBcNMjQxMDIwMTkxNDAyWhgPMjEyNDA5MjYxOTE0MDJaMHwx
|
||||
IzAhBgNVBAoMGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMR8wHQYDVQQLDBZI
|
||||
dHRwQ29tcG9uZW50cyBQcm9qZWN0MRMwEQYDVQQDDAp0ZXN0LWh0dHBkMSAwHgYJ
|
||||
KoZIhvcNAQkBFhFkZXZAaGMuYXBhY2hlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBANpVy3PDQs/BTm7ZdLj4HD8a3o1yOsRi9+vkclubnmUJDvSb
|
||||
8L0p1a+p0V+CmVNJH3pcb2wPokhox1M+m5+ywuuPazjEanVSVWCdYECbpHnGx64c
|
||||
bNnItlvL1K94RQ5XYgRIHdLzwZisZB+ujTB47FKzA2xLHLGHVl6kwzxUawUilTDI
|
||||
DNTUQ/DrW1gpXM6Yl8yGeor9cA7AVVchLkr1Xb66bnaZasedn18xY5yutQN1bOzX
|
||||
6HVr5F0jMOfIuYbsnXPoBkNqZlFXhL11G8hNa5wReTa/3dSoDc5rw9d+DvWweMGA
|
||||
ltVFc8qGjn4PhUNuJg0gOnISgHNgopChEzAn1TUCAwEAAaOBqzCBqDAJBgNVHRME
|
||||
AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
|
||||
ZTAdBgNVHQ4EFgQUAR5AgNh5QT2NadblbN80XY7XB9EwHwYDVR0jBBgwFoAUA+Tn
|
||||
2g9k2xMevYWrdrwpyi+nx0swCwYDVR0PBAQDAgXgMCAGA1UdEQQZMBeCCnRlc3Qt
|
||||
aHR0cGSCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAiL6ZMhObP4lZZRkq
|
||||
Dh59nynF1n6C2xgsy7lx76yLMQ58sfl6tWAvCGPhHvXQ/uS3TpjeGwEiNTUcqzmq
|
||||
JdV3Qkzr9teIuhQnBa4IuIBpPOHG09EmHnbHqbIrwy72J9s9bC5crLErBrCMC3Q6
|
||||
ctwVSCDfI7EvYLrjgNo23Kr2h0rJgnRASvnMldkrKyDI/bWHFPYTGzjmfhOEC8Ek
|
||||
/t0YDMrf+3Fd6qr7yiBUC3tAkyDFS6+miYYvSdeDDk5Hvl/5NPk4fyUYBQwmXqpM
|
||||
xnDSJ10g74pRtoaMZiY9NouwueDLFyKltjCgxK6fgPt78VX4L2G4HvjrLIajU2y9
|
||||
xa+iHw==
|
||||
dHRwQ29tcG9uZW50cyBQcm9qZWN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxIDAeBgkq
|
||||
hkiG9w0BCQEWEWRldkBoYy5hcGFjaGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAnRIP0Ip+CuR2uAivP18PtExwJCJOj49V7K4xbOIFaN/FwE3p
|
||||
pe3ZTnHt5zxRrAr+IZZ8DHsv+m9Pc2k4oCWnTNBp/KKNlMtPnscfo7JblF8gPGFN
|
||||
c6acpHxyJSbuptDY8Enns+D1Td5uVIC5VIw3ndLArItDA42cyayR+TFPbekt1d65
|
||||
xDTeZz0aTiVDXu6OAWfWskpJU/nTDJNdqR9S9yOTHXM61OHdK6LRZbHvaRIa/Gsk
|
||||
fJZr0ichTjgEr+TR9k6yiqRZtsjFIdXA1th+WLJOOp5vgYoaDg5haRXLehkaN2I7
|
||||
lrM7IBG3HqZjOSsMwit3ew0h70Imcc52SctoMwIDAQABo4GeMIGbMAkGA1UdEwQC
|
||||
MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
|
||||
MB0GA1UdDgQWBBQ4GU+/wXFB/niRsAk5i63XBbnZgjAfBgNVHSMEGDAWgBQD5Ofa
|
||||
D2TbEx69hat2vCnKL6fHSzAgBgNVHREEGTAXgglsb2NhbGhvc3SCCnRlc3QtaHR0
|
||||
cGQwDQYJKoZIhvcNAQELBQADggEBAAdZBrVgLVXOCb3xRhnv5ZD6uL/aCKzNlp4G
|
||||
5LLcHJK/tMDuhNU5kkOEvMfJ6m3AkPUM098JwsNEa15N/n9rBPlYn7PoL62aCZG3
|
||||
PNwr/2zbn8hjqjMOOpOOKpnEwMBaodGieawHz/aq9/N6QpqZR3yeo3oMvVnRBxje
|
||||
9WRxU4OZOL8SMI2JSY1LyVgDXm2GWPMyqeAkGA9geVpUi56+nWhBJEsr+NAhdJ68
|
||||
6vkMwPlW4iz/aXEDXHbS6vacBU/SKHyZoV2qq5sxgs4RaQgcWiyGkkyChprtn/T+
|
||||
xgvfGxU4E5w7RnXYzrCubmQ/G7QLGvu8Z/SqjuNC4T5u51+YZC4=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDaVctzw0LPwU5u
|
||||
2XS4+Bw/Gt6NcjrEYvfr5HJbm55lCQ70m/C9KdWvqdFfgplTSR96XG9sD6JIaMdT
|
||||
PpufssLrj2s4xGp1UlVgnWBAm6R5xseuHGzZyLZby9SveEUOV2IESB3S88GYrGQf
|
||||
ro0weOxSswNsSxyxh1ZepMM8VGsFIpUwyAzU1EPw61tYKVzOmJfMhnqK/XAOwFVX
|
||||
IS5K9V2+um52mWrHnZ9fMWOcrrUDdWzs1+h1a+RdIzDnyLmG7J1z6AZDamZRV4S9
|
||||
dRvITWucEXk2v93UqA3Oa8PXfg71sHjBgJbVRXPKho5+D4VDbiYNIDpyEoBzYKKQ
|
||||
oRMwJ9U1AgMBAAECggEBAIEr4wthCUUKs5GHW7QXLfbzuZlrbHNFrjHEXRfvkJ1r
|
||||
54o2PA5eEsszp+hexsFscJAe4djHwxYdz1djogSwaPueRSw3oFg61sIrOYffzUYy
|
||||
oW5T6N5MDf9vLyyE9i4O6rFnzSVCC1Z9H1tTFLsJv58Jw8utAJPTYvjpd4xY0Vwe
|
||||
SqT/ZdIB9Cb+3R46+yJdcUWFUqpzKXOWZ1JH1b3nOpaLeyXJX0Xau7oyTxh/8hjg
|
||||
+2DV9VI9LEKqzIV96iSsMzk28y9Iio7OW4x/vEDdpf9izmCSU8o2zLNHGBSvnUxM
|
||||
wHH3pO96fmOBwq/vQkwZ7I2Y+LiL0nrukUiGpaxBz0ECgYEA95LdkhdS+Ou8hEJt
|
||||
o9cILbTP+vK4NzhKhA1tRsWylNjuv8Bp/MwM1OvRInEwl05VenG3Fbm2AsDerQEQ
|
||||
b+aFPK+l78ZMlRZ945my9Q+jk3qYxmhl0j7mz+GdYt0MoKRyDe30wkk/cCPpwdhe
|
||||
GF8Tvk7EjfGoDFiuf8wCyMEF9+UCgYEA4cQrtQLztRBZBeO+r0Wx1r6AjEKNBMPl
|
||||
FYHh9qfAsRqF452xa331ftNjyPV2vmGdjVTU0FQgbf6ZSK5kCqyVTk9QHZdt65ds
|
||||
vqdpOS9FocWZOV6qTaIVoSJY804ZZJKVB+97HrFOHxPnOn0uJvtk/3x0awOoSu0I
|
||||
TCU/MXNk8xECgYEAn48aGlPJ+AAGqb8eZp/p93s3J+dS7tPqwpzctuYnqGL/zLm4
|
||||
FWN1Sa0KRoZo6Ltlv9qWQvxD4BZp7VpoO5Z4fJo/+f710IiEbjHa8rI3nI9A827J
|
||||
YO2FWKlyBAuvXcFeeLfKLYWDy0R6HaLTUiXE1bxyVYFP61Ukcd0MVlKBBDkCgYAM
|
||||
KC0WVS9cW6H/kDDvbThTUPTJGLhRPl8ylkjdqFDW+I+nHxGzsResGaPw6U7Yl5cN
|
||||
SjkfcrhAVApbAJEAhiSQD/NHdKUFn6TKa2deHe6I9IP4s+FFxumVQK07hMQXR1Fh
|
||||
GQMvNur2/3JfEuiOTtE0dLYsIQlJ55Ofzg2mEwmnkQKBgQCjtelLDrPJn8x/7NzW
|
||||
L4/5xv3zHsjKxpvyn6jmP0s9wz2Dxeh4VzMudflw3y0l02bMLyPacQcaU9l5DKgP
|
||||
WRGD7a9Yig0dx/gHCjX+QMdKvgNR6Pi7iJiD15THsZB3L1ZpzjNGr/ENxn/Xx6VC
|
||||
bCjMxWkkzDr0xYCRr3FzQ1iEkg==
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCdEg/Qin4K5Ha4
|
||||
CK8/Xw+0THAkIk6Pj1XsrjFs4gVo38XATeml7dlOce3nPFGsCv4hlnwMey/6b09z
|
||||
aTigJadM0Gn8oo2Uy0+exx+jsluUXyA8YU1zppykfHIlJu6m0NjwSeez4PVN3m5U
|
||||
gLlUjDed0sCsi0MDjZzJrJH5MU9t6S3V3rnENN5nPRpOJUNe7o4BZ9aySklT+dMM
|
||||
k12pH1L3I5MdczrU4d0rotFlse9pEhr8ayR8lmvSJyFOOASv5NH2TrKKpFm2yMUh
|
||||
1cDW2H5Ysk46nm+BihoODmFpFct6GRo3YjuWszsgEbcepmM5KwzCK3d7DSHvQiZx
|
||||
znZJy2gzAgMBAAECggEAB11ucmfcCyS1UGHP3dfWQ60F4RvetSqSa9urI6Dhgg5k
|
||||
FmVQ3F/vvZboAdy5M6j8S5Tj0i4AjOylPBMl/ZRmaNqo7ZitrNlvrVFG8YUOeEGR
|
||||
oGMrn42jcK8JJybRL+9BDNtaSvv0ZKdWYw36IrXEcdkNAcox5TvBq081NQsT32Jp
|
||||
2/dZB6yDlxTD8NVf1mzaeO0v+VxbRvPQ7HY9o0F1FVxBot/NjidU/fQwSSg2lFNq
|
||||
K+u9q5W2e0Ca2KYEV7tHpOJMmMKH6kOYjM+UiQpPWXiuClcf+LbCsj4v3a5MrlsM
|
||||
fdDFMnddn6cvM3RP/lpELCqSgkzTM3srAFydY6wMEQKBgQDPUOQaxo/xPYVAGW/Q
|
||||
THbQjfA7fZweWNT2EmB3PsDA/79TtkKgFF/kuSoq5AOYcQOP3Q0qZF9DjeIhL0tK
|
||||
WZxV9Y24q/EfnLpZOjui+SHu+RA6paFYveKcy7Mj3E5A/D3qKwDIPYX/K195LaEd
|
||||
Pll5hiWcwWIqj1bEerqPSIvSqQKBgQDB9JeR/kPvnNFXnXtUQ/o0w42GKr1Gx5HW
|
||||
iiNllS5OwOGKXif8+T+liJ2eUFJ5lFb6eZhTSdWEUqygDDE00XDwnjUQm4tvBK/3
|
||||
vfAkpT6RDtLZ7rIWXHXN+45MTl6LhSBYNphZK6UFY4JvtJSweRbXl8OnK1peENTE
|
||||
OOvvpRNJewKBgBwc1QHIgUZuWD5r9Jyjcc0wIi5/Bweadi50KX6iFNNXGuPIKFq6
|
||||
yJIkhdJRHyex05DTofBosf5gJBTp6+TGKAwEA1bSgh0OTLrCycl8zRwxzACX6zw0
|
||||
a6FlggJP4pCvY9n4QN/mb+A9SnINPPbROKLhDQKnup8Y1uRH3DqH1OYZAoGBAKO6
|
||||
MPT5+ilcbM+UThbNJ3rBFUgL7inAsFi11bmb3DJ42iuu3fzL/zFiiQOqdGTTlzTr
|
||||
zm2Ip2iDTdvxTtxybO+B7fOuCl9WSqFMwlp877sOE2oK+GSt+ng+gVni0ibe43Xz
|
||||
6Fll4XESFnrrqpTqMyEdqPkGPMupU6KtFmX/KK/fAoGAdYADpMf467obKaUPOvR+
|
||||
wPUjCQlopCK6wCFE2kuEv3e64NOpN7VJ1GHzro4DsaxndBHhG3+Pml3fnoclZgYP
|
||||
9LVY/rduV+2xwP6GVd5iLSFKtaXPGVxkGPKEgX6842Z6i7BLUQZQyWHr19UEkgFj
|
||||
RB0YbKKxrC01hpdKKHWMlHU=
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
|
@ -52,7 +52,7 @@ default_ca = CA_default # The default ca section
|
|||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = ./demoCA # Where everything is kept
|
||||
dir = ./test-CA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
|
@ -60,13 +60,13 @@ database = $dir/index.txt # database index file.
|
|||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
certificate = $dir/ca-cert.pem # The CA certificate
|
||||
serial = $dir/serial.txt # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
private_key = $dir/ca-key.pem# The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
|
@ -76,7 +76,7 @@ name_opt = ca_default # Subject Name options
|
|||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
# copy_extensions = copy
|
||||
copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
|
@ -95,8 +95,8 @@ policy = policy_match
|
|||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
|
|
Loading…
Reference in New Issue