1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00
wget/testenv/certs
Tim Rühsen a0c30fc72b Added new test Test--https-crl.py to check --crl-file
For this test, a proper CA and server key/cert infrastructure
was needed. E.g. without CN being 127.0.0.1 a matching CRL file
couldn't be generated.
2014-11-11 15:07:20 +01:00
..
ca-cert.pem Added new test Test--https-crl.py to check --crl-file 2014-11-11 15:07:20 +01:00
ca-key.pem Added new test Test--https-crl.py to check --crl-file 2014-11-11 15:07:20 +01:00
README Added new test Test--https-crl.py to check --crl-file 2014-11-11 15:07:20 +01:00
server-cert.pem Added new test Test--https-crl.py to check --crl-file 2014-11-11 15:07:20 +01:00
server-crl.pem Added new test Test--https-crl.py to check --crl-file 2014-11-11 15:07:20 +01:00
server-key.pem Added new test Test--https-crl.py to check --crl-file 2014-11-11 15:07:20 +01:00

To create the server RSA private key:
$ certtool --generate-privkey --outfile server-key.pem --rsa

To create a self signed CA certificate:
$ certtool --generate-privkey --outfile ca-key.pem
$ certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem
Common name: GNU Wget
UID: 
Organizational unit name: Wget
Organization name: GNU
Locality name: 
State or province name: 
Country name (2 chars): 
Enter the subject's domain component (DC): 
This field should not be used in new certificates.
E-mail: 
Enter the certificate's serial number in decimal (default: 6079996172146959675): 

Activation/Expiration time.
The certificate will expire in (days): -1

Extensions.
Does the certificate belong to an authority? (y/N): y
Path length constraint (decimal, -1 for no constraint): 
Is this a TLS web client certificate? (y/N): 
Will the certificate be used for IPsec IKE operations? (y/N): 
Is this a TLS web server certificate? (y/N): y
Enter a dnsName of the subject of the certificate: 127.0.0.1
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n): 
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): 
Will the certificate be used to sign other certificates? (y/N): y
Will the certificate be used to sign CRLs? (y/N): y
Will the certificate be used to sign code? (y/N): 
Will the certificate be used to sign OCSP requests? (y/N): y
Will the certificate be used for time stamping? (y/N): 
Enter the URI of the CRL distribution point: 


To generate a server certificate using the private key only:
$ certtool --generate-certificate --load-privkey server-key.pem --outfile server-cert.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
Common name: 127.0.0.1
UID: 
Organizational unit name: Wget
Organization name: GNU
Locality name: 
State or province name: 
Country name (2 chars): 
Enter the subject's domain component (DC): 
This field should not be used in new certificates.
E-mail: 
Enter the certificate's serial number in decimal (default: 6079998890988883856): 

Activation/Expiration time.
The certificate will expire in (days): -1

Extensions.
Does the certificate belong to an authority? (y/N): 
Is this a TLS web client certificate? (y/N): y
Will the certificate be used for IPsec IKE operations? (y/N): 
Is this a TLS web server certificate? (y/N): 
Enter a dnsName of the subject of the certificate: localhost
Enter a dnsName of the subject of the certificate: 127.0.0.1
Enter a dnsName of the subject of the certificate: 
Enter a URI of the subject of the certificate: 
Enter the IP address of the subject of the certificate: 
Enter the e-mail of the subject of the certificate: 
Will the certificate be used for signing (required for TLS)? (Y/n): 
Will the certificate be used for encryption (not required for TLS)? (Y/n): 


To create a CRL for the server certificate:
$ certtool --generate-crl --load-ca-privkey ca-key.pem --load-ca-certificate ca-cert.pem --load-certificate server-cert.pem --outfile server-crl.pem
Generating a signed CRL...
Update times.
The certificate will expire in (days): -1
CRL Number (default: 6080006793650397145):