diff --git a/tests/cfg/pki/CAtsa.cnf b/tests/cfg/pki/CAtsa.cnf new file mode 100644 index 0000000..f5a275b --- /dev/null +++ b/tests/cfg/pki/CAtsa.cnf @@ -0,0 +1,163 @@ + +# +# This config is used by the Time Stamp Authority tests. +# + +RANDFILE = ./.rnd + +# Extra OBJECT IDENTIFIER info: +oid_section = new_oids + +TSDNSECT = ts_cert_dn +INDEX = 1 + +[ new_oids ] + +# Policies used by the TSA tests. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#---------------------------------------------------------------------- +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +dir = ./demoCA +certs = $dir/certs # Where the issued certs are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +default_days = 365 # how long to certify for +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = supplied +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#---------------------------------------------------------------------- +[ req ] +default_bits = 1024 +default_md = sha1 +distinguished_name = $ENV::TSDNSECT +encrypt_rsa_key = no +prompt = no +# attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +string_mask = nombstr + +[ ts_ca_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Budapest +organizationName = Gov-CA Ltd. +commonName = ca1 + +[ ts_cert_dn ] +countryName = HU +stateOrProvinceName = Budapest +localityName = Buda +organizationName = Hun-TSA Ltd. +commonName = tsa$ENV::INDEX + +[ tsa_cert ] + +# TSA server cert is not a CA cert. +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ non_tsa_cert ] + +# This is not a CA cert and not a TSA cert, either (timeStamping usage missing) +basicConstraints=CA:FALSE + +# The following key usage flags are needed for TSA server certificates. +keyUsage = nonRepudiation, digitalSignature +# timeStamping is not supported by this certificate +# extendedKeyUsage = critical,timeStamping + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3_ca ] + +# Extensions for a typical CA + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = critical,CA:true +keyUsage = cRLSign, keyCertSign + +#---------------------------------------------------------------------- +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert1.pem # The TSA signing certificate + # (optional) +certs = $dir/tsaca.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key1.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = yes # Must the ESS cert id chain be included? + # (optional, default: no) + +[ tsa_config2 ] + +# This configuration uses a certificate which doesn't have timeStamping usage. +# These are used by the TSA reply generation only. +dir = . # TSA root directory +serial = $dir/tsa_serial # The current serial number (mandatory) +signer_cert = $dir/tsa_cert2.pem # The TSA signing certificate + # (optional) +certs = $dir/demoCA/cacert.pem# Certificate chain to include in reply + # (optional) +signer_key = $dir/tsa_key2.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) diff --git a/tests/cfg/pki/build-ca b/tests/cfg/pki/build-ca deleted file mode 100755 index bce29a6..0000000 --- a/tests/cfg/pki/build-ca +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# -# Build a root certificate -# - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --initca $* diff --git a/tests/cfg/pki/build-dh b/tests/cfg/pki/build-dh deleted file mode 100755 index 4beb127..0000000 --- a/tests/cfg/pki/build-dh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -# Build Diffie-Hellman parameters for the server side -# of an SSL/TLS connection. - -if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then - $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} -else - echo 'Please source the vars script first (i.e. "source ./vars")' - echo 'Make sure you have edited it to reflect your configuration.' -fi diff --git a/tests/cfg/pki/build-inter b/tests/cfg/pki/build-inter deleted file mode 100755 index 87bf98d..0000000 --- a/tests/cfg/pki/build-inter +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Make an intermediate CA certificate/private key pair using a locally generated -# root certificate. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --inter $* diff --git a/tests/cfg/pki/build-key b/tests/cfg/pki/build-key deleted file mode 100755 index 6c0fed8..0000000 --- a/tests/cfg/pki/build-key +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Make a certificate/private key pair using a locally generated -# root certificate. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact $* diff --git a/tests/cfg/pki/build-key-pass b/tests/cfg/pki/build-key-pass deleted file mode 100755 index 8ef8307..0000000 --- a/tests/cfg/pki/build-key-pass +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Similar to build-key, but protect the private key -# with a password. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --pass $* diff --git a/tests/cfg/pki/build-key-pkcs12 b/tests/cfg/pki/build-key-pkcs12 deleted file mode 100755 index ba90e6a..0000000 --- a/tests/cfg/pki/build-key-pkcs12 +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Make a certificate/private key pair using a locally generated -# root certificate and convert it to a PKCS #12 file including the -# the CA certificate as well. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --pkcs12 $* diff --git a/tests/cfg/pki/build-key-server b/tests/cfg/pki/build-key-server deleted file mode 100755 index fee0194..0000000 --- a/tests/cfg/pki/build-key-server +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -# Make a certificate/private key pair using a locally generated -# root certificate. -# -# Explicitly set nsCertType to server using the "server" -# extension in the openssl.cnf file. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --server $* diff --git a/tests/cfg/pki/build-req b/tests/cfg/pki/build-req deleted file mode 100755 index 559d512..0000000 --- a/tests/cfg/pki/build-req +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Build a certificate signing request and private key. Use this -# when your root certificate and key is not available locally. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --csr $* diff --git a/tests/cfg/pki/build-req-pass b/tests/cfg/pki/build-req-pass deleted file mode 100755 index b73ee1b..0000000 --- a/tests/cfg/pki/build-req-pass +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Like build-req, but protect your private key -# with a password. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --csr --pass $* diff --git a/tests/cfg/pki/clean-all b/tests/cfg/pki/clean-all deleted file mode 100755 index b1d0237..0000000 --- a/tests/cfg/pki/clean-all +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Initialize the $KEY_DIR directory. -# Note that this script does a -# rm -rf on $KEY_DIR so be careful! - -if [ "$KEY_DIR" ]; then - rm -rf "$KEY_DIR" - mkdir "$KEY_DIR" && \ - chmod go-rwx "$KEY_DIR" && \ - touch "$KEY_DIR/index.txt" && \ - echo 01 >"$KEY_DIR/serial" -else - echo 'Please source the vars script first (i.e. "source ./vars")' - echo 'Make sure you have edited it to reflect your configuration.' -fi diff --git a/tests/cfg/pki/create_tsa_certs b/tests/cfg/pki/create_tsa_certs new file mode 100755 index 0000000..b1eeaea --- /dev/null +++ b/tests/cfg/pki/create_tsa_certs @@ -0,0 +1,48 @@ +#!/bin/sh + +error () { + + echo "TSA test failed!" >&2 + exit 1 +} + + +create_ca () { + + echo "Creating a new CA for the TSA tests..." + TSDNSECT=ts_ca_dn + export TSDNSECT + openssl req -new -x509 -nodes \ + -out tsaca.pem -keyout tsacakey.pem + test $? != 0 && error +} + +create_tsa_cert () { + + INDEX=$1 + export INDEX + EXT=$2 + TSDNSECT=ts_cert_dn + export TSDNSECT + + openssl req -new \ + -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem + test $? != 0 && error +echo Using extension $EXT + openssl x509 -req \ + -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \ + -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \ + -extfile $OPENSSL_CONF -extensions $EXT + test $? != 0 && error +} + +echo "Creating CA for TSA tests..." +create_ca + +echo "Creating tsa_cert1.pem TSA server cert..." +create_tsa_cert 1 tsa_cert + +echo "Creating tsa_cert2.pem non-TSA server cert..." +create_tsa_cert 2 non_tsa_cert + +OPENSSL_CONF="./CAtsa.cnf" diff --git a/tests/cfg/pki/inherit-inter b/tests/cfg/pki/inherit-inter deleted file mode 100755 index 1fe3539..0000000 --- a/tests/cfg/pki/inherit-inter +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -# Build a new PKI which is rooted on an intermediate certificate generated -# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should -# have independent vars settings, and must use a different KEY_DIR directory -# from the parent. This tool can be used to generate arbitrary depth -# certificate chains. -# -# To build an intermediate CA, follow the same steps for a regular PKI but -# replace ./build-key or ./pkitool --initca with this script. - -# The EXPORT_CA file will contain the CA certificate chain and should be -# referenced by the OpenVPN "ca" directive in config files. The ca.crt file -# will only contain the local intermediate CA -- it's needed by the easy-rsa -# scripts but not by OpenVPN directly. -EXPORT_CA="export-ca.crt" - -if [ $# -ne 2 ]; then - echo "usage: $0 " - echo "parent-key-dir: the KEY_DIR directory of the parent PKI" - echo "common-name: the common name of the intermediate certificate in the parent PKI" - exit 1; -fi - -if [ "$KEY_DIR" ]; then - cp "$1/$2.crt" "$KEY_DIR/ca.crt" - cp "$1/$2.key" "$KEY_DIR/ca.key" - - if [ -e "$1/$EXPORT_CA" ]; then - PARENT_CA="$1/$EXPORT_CA" - else - PARENT_CA="$1/ca.crt" - fi - cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" - cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" -else - echo 'Please source the vars script first (i.e. "source ./vars")' - echo 'Make sure you have edited it to reflect your configuration.' -fi diff --git a/tests/cfg/pki/keys/01.pem b/tests/cfg/pki/keys/01.pem deleted file mode 100644 index 8236ff8..0000000 --- a/tests/cfg/pki/keys/01.pem +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:07:32 2016 GMT - Not After : Aug 24 17:07:32 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=-h/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:b4:af:eb:bb:05:0d:4d:a8:a1:7b:65:79:1f:a2: - ad:8b:af:d5:2d:75:92:38:e7:0d:79:68:4a:6a:03: - 0a:c6:3a:93:fd:e3:9a:e7:f5:18:8f:07:c7:c9:30: - aa:db:6c:7e:18:84:09:9c:69:32:5b:55:40:a1:1f: - 1d:49:f1:cd:12:ec:aa:55:ad:fd:a0:13:60:d4:ed: - e6:6b:15:19:2a:a4:d5:a0:06:62:1c:36:f0:69:b5: - 13:df:5d:5d:8a:90:2e:42:75:94:00:2f:61:d4:ef: - 08:b7:37:fb:98:4e:b6:b9:4c:3b:cc:f2:05:21:8e: - 1e:1d:8e:a9:dc:d1:e0:f8:2b:31:8b:db:cf:fd:66: - e2:ed:cb:da:b3:3e:e4:92:17:18:c1:31:9f:ae:35: - 3c:c6:01:1e:35:fe:8c:74:6e:14:43:0b:bb:40:15: - 32:3d:10:46:c6:f6:54:d8:26:ac:c2:98:ee:a0:66: - ed:81:69:3f:b8:2d:2b:f3:fa:3f:0d:6d:c4:9f:8c: - 4d:82:f1:01:d6:66:1f:73:49:80:cd:73:bd:22:f1: - 12:51:f1:fe:e6:8f:e0:be:32:99:74:50:3b:dc:8f: - ae:74:a0:58:64:b8:b7:40:b3:d5:f0:a8:19:20:cb: - 7b:86:47:45:96:ae:f4:4a:f3:39:7d:ff:19:8e:50: - 98:63 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - B4:F1:77:6A:ED:D2:67:AB:19:75:00:B5:DE:02:04:8C:F4:7E:4B:87 - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:-h - Signature Algorithm: sha256WithRSAEncryption - 0b:b4:40:74:21:70:12:4f:e9:b5:30:d0:2c:64:d9:fc:1a:01: - ac:9e:79:cf:a7:92:c7:27:c4:d8:55:e7:3f:ec:f6:11:36:07: - 17:44:53:4c:f4:09:78:93:5b:ec:31:3c:08:d8:15:49:00:b6: - fc:5f:f5:46:d5:4e:d0:7f:a0:c3:9d:6c:43:cf:52:fa:22:cf: - 14:ff:8e:92:68:90:23:22:41:6d:b9:5e:65:c0:81:56:61:63: - e4:73:33:7d:5d:43:49:9d:bb:d9:48:58:d0:65:f9:e9:bf:90: - 15:30:51:dc:e2:27:c4:5b:4d:e7:46:4c:49:05:3a:f7:9b:dc: - f3:70:56:b4:69:24:25:92:33:48:eb:fe:07:95:5c:eb:4d:e6: - 45:a3:27:5e:75:59:62:a4:3e:18:66:30:17:58:15:87:f0:63: - b9:d6:bd:01:e2:a9:a8:de:34:0d:5b:ab:41:8f:7a:f4:5a:c1: - 7c:fa:5c:7d:cf:ab:8a:cb:36:53:12:fc:97:11:c5:b8:d0:a8: - 7d:fc:f2:2f:74:95:c5:c0:62:cc:57:2a:8e:1f:9d:72:90:7e: - 9b:d5:5a:cf:26:ff:3e:3a:cb:80:c7:e7:c6:77:d9:ef:e1:a5: - 42:8f:9e:f7:15:2b:62:9c:8c:6a:35:36:3e:08:71:c6:06:44: - eb:43:4f:02 ------BEGIN CERTIFICATE----- -MIIFWjCCBEKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDczMloXDTI2MDgy -NDE3MDczMlowgakxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQswCQYDVQQDEwItaDEQMA4GA1UEKRMHRWFzeVJT -QTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/ruwUNTaihe2V5H6Kti6/VLXWSOOcNeWhK -agMKxjqT/eOa5/UYjwfHyTCq22x+GIQJnGkyW1VAoR8dSfHNEuyqVa39oBNg1O3m -axUZKqTVoAZiHDbwabUT311dipAuQnWUAC9h1O8Itzf7mE62uUw7zPIFIY4eHY6p -3NHg+Csxi9vP/Wbi7cvasz7kkhcYwTGfrjU8xgEeNf6MdG4UQwu7QBUyPRBGxvZU -2CaswpjuoGbtgWk/uC0r8/o/DW3En4xNgvEB1mYfc0mAzXO9IvESUfH+5o/gvjKZ -dFA73I+udKBYZLi3QLPV8KgZIMt7hkdFlq70SvM5ff8ZjlCYYwIDAQABo4IBfDCC -AXgwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVk -IENlcnRpZmljYXRlMB0GA1UdDgQWBBS08Xdq7dJnqxl1ALXeAgSM9H5LhzCB6wYD -VR0jBIHjMIHggBTjK+R0z5u8bm3mUh0RBPxmHyVKc6GBvKSBuTCBtjELMAkGA1UE -BhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNV -BAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQx -GDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8G -CSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA+S/Giw7x654wEwYDVR0l -BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GA1UdEQQGMASCAi1oMA0GCSqG -SIb3DQEBCwUAA4IBAQALtEB0IXAST+m1MNAsZNn8GgGsnnnPp5LHJ8TYVec/7PYR -NgcXRFNM9Al4k1vsMTwI2BVJALb8X/VG1U7Qf6DDnWxDz1L6Is8U/46SaJAjIkFt -uV5lwIFWYWPkczN9XUNJnbvZSFjQZfnpv5AVMFHc4ifEW03nRkxJBTr3m9zzcFa0 -aSQlkjNI6/4HlVzrTeZFoydedVlipD4YZjAXWBWH8GO51r0B4qmo3jQNW6tBj3r0 -WsF8+lx9z6uKyzZTEvyXEcW40Kh9/PIvdJXFwGLMVyqOH51ykH6b1VrPJv8+OsuA -x+fGd9nv4aVCj573FStinIxqNTY+CHHGBkTrQ08C ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/02.pem b/tests/cfg/pki/keys/02.pem deleted file mode 100644 index 60814a2..0000000 --- a/tests/cfg/pki/keys/02.pem +++ /dev/null @@ -1,99 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:14 2016 GMT - Not After : Aug 24 17:08:14 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:d3:50:7a:93:b7:10:8e:d2:2e:31:30:f6:10:9f: - bc:d6:db:ab:f0:4c:96:46:d2:bf:b2:2a:a0:f6:f7: - 5c:48:83:66:54:75:3e:a3:25:20:89:2d:f7:9a:c5: - 32:12:b1:32:a0:99:27:f4:9c:f0:e8:a2:19:9b:83: - a6:e1:aa:42:0a:f4:0b:81:a2:9c:3e:f2:5a:1c:ad: - 5e:f8:24:12:e9:ec:75:cc:43:7c:6b:16:9a:5f:aa: - 9e:39:b5:9f:2c:3e:b0:3f:cd:31:7f:90:46:a9:60: - 74:d3:e0:18:e8:ee:0e:71:bf:37:bc:fe:2b:94:33: - 61:3d:01:02:ed:f8:b8:66:6a:9f:76:c0:06:c8:06: - 2b:70:5e:87:d2:17:b7:cd:aa:40:1f:ae:af:a4:c7: - 3f:60:bc:be:54:ee:30:4e:fe:8e:2d:32:27:5c:f9: - af:2f:f9:f1:d2:2b:08:b5:6d:89:8b:84:3e:e9:d4: - e8:0b:c4:d7:5f:07:4e:96:5c:a2:4b:63:ef:a8:49: - 55:39:55:34:1d:b5:ce:8e:5d:13:69:8d:52:d5:1e: - 30:f9:ed:73:0b:2b:7d:8c:e1:c0:93:a9:28:20:d7: - f0:ec:04:37:bf:4b:85:0e:e2:3a:e8:54:ad:d9:e3: - 27:8f:c7:43:8e:65:e1:f9:51:f0:c3:96:f2:0e:8d: - 83:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - FF:2D:69:50:05:46:A3:95:F4:A3:E0:2E:34:39:EF:9B:BC:E2:F0:86 - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:ts.uts-server.org - Signature Algorithm: sha256WithRSAEncryption - d2:ff:65:c8:fe:69:7d:fd:99:b9:4e:4c:c3:fe:ff:97:74:59: - a1:89:b6:47:b3:10:79:76:ee:7b:0b:26:7e:db:cd:fd:e1:52: - 4b:94:78:3e:72:ba:8c:58:48:4f:67:ef:05:29:9e:7b:1a:07: - 82:72:27:67:78:ef:43:e1:67:08:73:2c:11:e1:91:f4:4e:73: - 5a:a8:09:61:9f:33:d1:33:c7:43:10:8b:a9:e8:16:63:97:e9: - 81:63:74:f4:5a:b5:fc:88:46:a6:c9:c4:89:23:1d:ac:4a:02: - 3f:29:ae:59:a2:6f:37:a1:27:e1:6e:34:c8:99:35:0b:50:5e: - bc:3d:64:01:7e:5e:4e:ee:79:48:a9:e6:26:bb:2d:f8:18:88: - ea:22:df:8e:7b:71:24:c1:6b:17:26:4c:96:0c:d0:d2:b4:29: - 9a:1d:9a:ae:26:2b:aa:95:a9:9b:15:58:a6:9a:c4:5b:48:64: - ff:e0:e6:fb:53:37:0d:20:83:94:95:4e:5a:b9:3c:62:47:bc: - fb:6d:0a:eb:f2:b1:9c:d7:ee:30:9b:07:9f:1a:27:1f:e0:bb: - 5e:36:4b:06:19:10:89:43:14:98:fc:cd:52:82:48:59:cc:77: - 64:bd:ff:e7:b4:b1:00:ad:7a:94:c6:47:c7:f9:32:25:ad:2c: - 14:e6:1c:df ------BEGIN CERTIFICATE----- -MIIFeDCCBGCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDgxNFoXDTI2MDgy -NDE3MDgxNFowgbgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MRowGAYDVQQDExF0cy51dHMtc2VydmVyLm9yZzEQ -MA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t -YWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01B6k7cQjtIuMTD2 -EJ+81tur8EyWRtK/siqg9vdcSINmVHU+oyUgiS33msUyErEyoJkn9Jzw6KIZm4Om -4apCCvQLgaKcPvJaHK1e+CQS6ex1zEN8axaaX6qeObWfLD6wP80xf5BGqWB00+AY -6O4Ocb83vP4rlDNhPQEC7fi4ZmqfdsAGyAYrcF6H0he3zapAH66vpMc/YLy+VO4w -Tv6OLTInXPmvL/nx0isItW2Ji4Q+6dToC8TXXwdOllyiS2PvqElVOVU0HbXOjl0T -aY1S1R4w+e1zCyt9jOHAk6koINfw7AQ3v0uFDuI66FSt2eMnj8dDjmXh+VHww5by -Do2DeQIDAQABo4IBizCCAYcwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz -eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT/LWlQBUajlfSj -4C40Oe+bvOLwhjCB6wYDVR0jBIHjMIHggBTjK+R0z5u8bm3mUh0RBPxmHyVKc6GB -vKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5G -cmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdh -bml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UE -KRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA -+S/Giw7x654wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBwGA1Ud -EQQVMBOCEXRzLnV0cy1zZXJ2ZXIub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQDS/2XI -/ml9/Zm5TkzD/v+XdFmhibZHsxB5du57CyZ+28394VJLlHg+crqMWEhPZ+8FKZ57 -GgeCcidneO9D4WcIcywR4ZH0TnNaqAlhnzPRM8dDEIup6BZjl+mBY3T0WrX8iEam -ycSJIx2sSgI/Ka5Zom83oSfhbjTImTULUF68PWQBfl5O7nlIqeYmuy34GIjqIt+O -e3EkwWsXJkyWDNDStCmaHZquJiuqlambFVimmsRbSGT/4Ob7UzcNIIOUlU5auTxi -R7z7bQrr8rGc1+4wmwefGicf4LteNksGGRCJQxSY/M1SgkhZzHdkvf/ntLEArXqU -xkfH+TIlrSwU5hzf ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/03.pem b/tests/cfg/pki/keys/03.pem deleted file mode 100644 index 19d8795..0000000 --- a/tests/cfg/pki/keys/03.pem +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:43 2016 GMT - Not After : Aug 24 17:08:43 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c8:00:8c:27:a0:52:ac:87:1f:e5:b4:1c:2d:be: - af:a0:8b:aa:ea:1b:8d:02:30:41:00:1b:3a:34:dc: - 6f:04:5d:9f:c5:59:6f:a5:fa:d5:1e:3c:0e:22:52: - 10:1e:7e:b2:48:b1:65:cd:0c:be:55:60:0e:98:d2: - 34:8d:e9:9b:50:a2:98:92:6b:6a:09:db:9e:f6:f7: - 80:22:d1:8b:f3:71:6e:bd:53:b3:fb:23:70:4e:01: - 20:73:75:12:20:87:37:d3:ca:e5:0b:ff:ba:5e:bd: - ad:cd:ff:05:e2:91:31:7c:b1:99:34:ef:d2:6f:1e: - 22:fe:77:e9:40:ac:8b:dc:f0:e8:23:04:f6:b7:b3: - 60:34:2c:82:df:3c:3d:ca:14:52:d8:8a:57:1f:40: - 1b:70:a2:ac:65:df:54:87:ba:7d:85:7b:d8:93:bd: - 8e:85:fc:de:9a:0b:6a:88:52:b2:27:1b:0c:16:e0: - 87:ba:7c:c9:94:a3:f7:10:79:88:0e:96:b4:a7:40: - 76:00:58:b1:5a:ab:50:89:55:f6:f8:48:4f:76:66: - e5:1c:fa:bb:7a:59:57:df:33:57:7b:d4:0c:36:7f: - d6:6e:0a:40:a2:06:b7:c0:f2:31:f7:55:11:20:74: - cf:68:b2:b2:96:74:4c:58:a0:3e:ec:ee:8e:df:d1: - 51:ff - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - 6D:48:DA:1F:19:A2:88:71:0F:3D:80:5D:AB:44:5C:F5:06:B5:BB:0B - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:tsa1 - Signature Algorithm: sha256WithRSAEncryption - a2:b6:e1:66:78:ff:d0:f1:53:58:2f:8a:26:0b:c1:7f:71:f8: - 9a:d1:fa:70:f8:5b:b7:ce:da:79:92:52:0b:5f:d1:ed:c1:86: - eb:bc:29:f7:ed:0f:5b:c4:10:ab:a3:ce:9e:97:c8:a0:c8:5c: - af:bc:f2:58:77:00:59:69:85:2f:a1:16:92:45:b8:a9:3b:8d: - 8c:bd:1a:bb:08:07:79:6d:6a:e9:8b:7c:fb:fb:0e:72:0a:e1: - fa:4c:ca:d5:d6:99:fc:2c:5f:1d:8a:28:38:da:bd:d4:88:36: - a2:a4:1a:e5:f9:77:72:e6:ed:13:62:31:19:79:ec:ad:9e:b5: - d1:92:7a:cf:f8:e0:ad:56:dd:5b:68:c6:64:c5:32:51:83:0e: - 89:17:14:22:29:53:09:bb:49:06:3a:f1:02:8f:de:fc:94:59: - 82:3d:d1:97:d8:70:53:ff:b5:0d:04:6f:2a:3f:30:50:7b:b1: - 61:b3:a3:10:ee:94:dd:de:b8:ac:7c:0d:a4:af:f6:c2:8a:74: - dd:e8:95:db:ee:ab:d5:ef:68:0a:96:7c:46:05:93:12:93:d8: - 84:5a:6d:38:ff:69:40:51:84:29:62:91:62:7b:af:17:18:b7: - bb:59:19:89:89:89:5d:75:54:92:bf:75:2f:7e:e4:fb:eb:a7: - ae:b5:a2:2f ------BEGIN CERTIFICATE----- -MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0M1oXDTI2MDgy -NDE3MDg0M1owgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2ExMRAwDgYDVQQpEwdFYXN5 -UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAIwnoFKshx/ltBwtvq+gi6rqG40CMEEA -Gzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y0jSN6ZtQopiSa2oJ2572 -94Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N/wXikTF8sZk079JvHiL+ -d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl31SHun2Fe9iTvY6F/N6a -C2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJVfb4SE92ZuUc+rt6WVff -M1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s7o7f0VH/AgMBAAGjggF+ -MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG1I2h8ZoohxDz2AXatEXPUGtbsLMIHr -BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV -HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMTAN -BgkqhkiG9w0BAQsFAAOCAQEAorbhZnj/0PFTWC+KJgvBf3H4mtH6cPhbt87aeZJS -C1/R7cGG67wp9+0PW8QQq6POnpfIoMhcr7zyWHcAWWmFL6EWkkW4qTuNjL0auwgH -eW1q6Yt8+/sOcgrh+kzK1daZ/CxfHYooONq91Ig2oqQa5fl3cubtE2IxGXnsrZ61 -0ZJ6z/jgrVbdW2jGZMUyUYMOiRcUIilTCbtJBjrxAo/e/JRZgj3Rl9hwU/+1DQRv -Kj8wUHuxYbOjEO6U3d64rHwNpK/2wop03eiV2+6r1e9oCpZ8RgWTEpPYhFptOP9p -QFGEKWKRYnuvFxi3u1kZiYmJXXVUkr91L37k++unrrWiLw== ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/04.pem b/tests/cfg/pki/keys/04.pem deleted file mode 100644 index 6bbeef4..0000000 --- a/tests/cfg/pki/keys/04.pem +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:44 2016 GMT - Not After : Aug 24 17:08:44 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9b:34:5c:6b:ac:10:e9:63:50:cd:f5:f1:9e:80: - a8:be:ed:4f:21:25:7c:54:67:8f:f0:c1:16:57:ad: - 1c:c7:14:90:8c:8d:1f:b4:e4:91:3b:fd:2c:44:a1: - c3:7d:1d:f5:cb:54:c2:45:a4:e3:e9:07:14:60:60: - 63:07:d7:6d:92:2b:99:5a:c3:c1:91:87:92:b5:6d: - 4b:d0:22:cd:62:13:34:9a:d1:c6:8f:e6:f6:df:50: - ba:1a:51:80:b8:2e:c9:dc:03:79:3d:97:a9:89:ce: - 91:68:e4:dc:90:7d:f3:aa:74:2d:48:2b:40:f5:cf: - ba:d5:e8:07:d2:34:74:e0:31:c6:e1:0c:df:89:25: - c9:49:34:f6:0d:e8:1c:05:54:4c:eb:79:7b:04:bb: - e8:1e:f9:c3:dc:f8:d7:6f:d1:c3:77:a5:97:78:45: - 1c:82:5a:52:a5:26:3e:4b:78:9e:6d:f8:75:3e:40: - b9:69:d6:e8:3f:ea:d7:6b:6e:e9:d3:a9:10:a4:92: - 5e:96:e2:d8:f3:7e:2e:35:f2:81:85:b9:6d:9c:14: - 02:38:c3:53:0f:a1:84:ef:c3:62:13:7f:10:0f:e4: - 2e:43:4d:d0:48:06:5b:38:e4:49:e1:35:13:f6:d6: - 83:1e:1c:f4:10:21:29:45:e3:48:47:01:9c:6a:4d: - b6:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - 6E:12:12:1A:40:9F:52:2F:48:9C:B5:EE:DC:BF:20:B7:7A:30:02:DC - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:tsa2 - Signature Algorithm: sha256WithRSAEncryption - 89:6d:03:f4:e6:29:77:ae:b4:82:de:7b:d6:39:56:10:2f:64: - f7:68:58:6e:3b:cf:9f:96:ab:a3:66:b0:53:80:98:88:c2:70: - 3a:7e:de:d6:3f:69:ff:09:56:22:4f:b3:61:c3:43:ed:73:7f: - 9f:29:10:31:31:ba:d6:78:a2:bc:7d:45:2c:5f:5a:8a:77:62: - 3e:d8:38:fb:41:3c:54:8b:67:29:c5:d7:5a:a9:d3:a9:52:53: - 81:eb:0b:55:9e:4e:f3:73:b5:f9:87:0d:a9:59:c4:2a:66:36: - 47:bc:02:78:12:5b:12:7f:f5:c2:1c:a3:be:d0:bc:3e:72:1e: - 96:f2:a4:16:71:d8:0f:af:76:1d:44:bd:1c:ef:e9:6a:09:00: - 79:61:b1:20:83:61:1f:13:00:69:30:c6:ae:3b:31:a3:6c:db: - 67:52:5d:ef:44:14:eb:53:b4:79:39:62:53:a6:d5:ea:96:ee: - 2c:5f:38:9f:04:32:0c:39:24:e7:1c:04:79:ea:27:90:1f:e2: - b3:ed:93:a1:92:5c:c6:fa:d5:58:1f:9e:3a:a5:32:01:ce:b8: - 61:f6:fa:bd:ff:37:1c:3f:30:54:8e:69:13:91:1b:95:6c:43: - c7:23:47:c8:2b:c1:97:00:d4:9b:46:52:ae:b4:dd:da:a6:13: - a5:6b:07:dc ------BEGIN CERTIFICATE----- -MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0NFoXDTI2MDgy -NDE3MDg0NFowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2EyMRAwDgYDVQQpEwdFYXN5 -UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNFxrrBDpY1DN9fGegKi+7U8hJXxUZ4/w -wRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRgYGMH122SK5law8GRh5K1 -bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo5NyQffOqdC1IK0D1z7rV -6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc+Ndv0cN3pZd4RRyCWlKl -Jj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi418oGFuW2cFAI4w1MPoYTv -w2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hHAZxqTbYLAgMBAAGjggF+ -MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG4SEhpAn1IvSJy17ty/ILd6MALcMIHr -BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV -HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMjAN -BgkqhkiG9w0BAQsFAAOCAQEAiW0D9OYpd660gt571jlWEC9k92hYbjvPn5aro2aw -U4CYiMJwOn7e1j9p/wlWIk+zYcND7XN/nykQMTG61niivH1FLF9aindiPtg4+0E8 -VItnKcXXWqnTqVJTgesLVZ5O83O1+YcNqVnEKmY2R7wCeBJbEn/1whyjvtC8PnIe -lvKkFnHYD692HUS9HO/pagkAeWGxIINhHxMAaTDGrjsxo2zbZ1Jd70QU61O0eTli -U6bV6pbuLF84nwQyDDkk5xwEeeonkB/is+2ToZJcxvrVWB+eOqUyAc64Yfb6vf83 -HD8wVI5pE5EblWxDxyNHyCvBlwDUm0ZSrrTd2qYTpWsH3A== ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/05.pem b/tests/cfg/pki/keys/05.pem deleted file mode 100644 index 8b33bf7..0000000 --- a/tests/cfg/pki/keys/05.pem +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 5 (0x5) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:56 2016 GMT - Not After : Aug 24 17:08:56 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=clt1/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:d5:f2:1c:23:59:41:87:a7:68:06:7d:2f:5f:aa: - 88:16:4a:91:59:11:7f:d9:28:d1:ec:d6:c9:bc:b0: - 6b:90:ee:44:94:44:e7:d4:b9:11:48:f7:f1:ca:9e: - f8:ce:02:44:b2:7b:90:3d:e1:97:42:b1:02:fe:ab: - 1c:2a:89:81:50:81:42:9f:7f:87:41:87:be:b5:bc: - c0:9f:33:81:26:81:86:24:a9:4c:72:6c:7f:e9:a8: - 71:1f:aa:45:4a:38:bd:c8:57:c4:25:8c:47:14:d0: - e0:60:4b:07:ee:bb:52:b9:95:d3:66:24:c4:6b:79: - 36:83:af:6b:b8:01:8f:67:f2:81:7f:3e:fe:c3:4f: - 72:ac:06:65:43:39:0f:fc:5f:71:bc:5c:12:f6:36: - ef:27:61:a0:32:4c:d1:cd:e1:15:e2:64:b5:fd:fd: - 54:d5:63:45:a1:96:9a:38:50:c5:b7:7e:0e:fb:96: - d9:a7:a7:4f:58:58:af:a1:17:50:fa:66:62:43:1e: - 8a:38:6a:7c:54:3f:8d:5a:12:5c:e3:cc:95:55:25: - 9b:ee:bc:33:40:3a:54:cb:39:3e:6c:17:30:79:fa: - 24:ba:1c:5a:54:ff:b0:30:11:d4:aa:92:5a:d7:a6: - 39:16:45:d7:74:fe:40:9c:d4:cd:f4:74:34:95:ef: - 4a:99 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - DC:E2:70:D0:59:39:F5:F5:E0:48:E2:A9:5F:35:D2:98:34:EA:20:FB - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:clt1 - Signature Algorithm: sha256WithRSAEncryption - ad:80:83:dd:ac:17:9c:da:ca:71:c6:99:13:c7:b5:b7:b4:69: - a9:fa:0f:dd:fa:b6:4f:a2:19:10:3a:ea:7e:37:e1:a8:29:a0: - 45:76:7e:d2:a8:08:17:f6:4a:ad:9e:31:ad:b1:b4:e5:5a:3f: - 4a:e3:2f:e3:fa:37:0e:3d:04:ca:aa:9a:8d:4e:6f:a2:35:ae: - 48:37:9e:a3:cc:83:21:34:34:2f:e2:71:c6:51:a1:5b:46:ad: - d5:10:26:ea:e2:4b:18:df:8e:e2:ab:ac:e3:3b:a2:a7:fb:99: - f2:0e:05:3b:76:38:f0:18:fd:44:93:c1:06:79:1d:d5:c3:a6: - bf:c1:0a:98:d8:81:9a:66:a9:85:42:c0:fe:dd:ff:ef:21:6e: - 00:9f:68:0a:df:97:c8:5e:f3:d6:c1:fb:06:d6:40:3d:14:59: - a7:3a:f5:c9:70:fd:b1:93:88:5f:18:45:5d:58:97:60:6a:aa: - a6:6e:74:de:0e:ba:cc:9b:bf:35:3c:b3:f6:0c:1c:48:7c:5d: - 70:73:db:73:db:28:a9:b8:bc:1a:1e:b8:1c:d5:36:03:f3:22: - 91:d1:e7:8d:eb:36:00:f9:10:b2:16:2b:65:e4:6e:1a:9e:5f: - cd:f0:fd:9f:39:8f:71:35:de:5c:57:a8:1a:d0:fa:25:12:80: - fb:9a:da:bb ------BEGIN CERTIFICATE----- -MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg1NloXDTI2MDgy -NDE3MDg1NlowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwRjbHQxMRAwDgYDVQQpEwdFYXN5 -UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8hwjWUGHp2gGfS9fqogWSpFZEX/ZKNHs -1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+qxwqiYFQgUKff4dBh761 -vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBgSwfuu1K5ldNmJMRreTaD -r2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAyTNHN4RXiZLX9/VTVY0Wh -lpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41aElzjzJVVJZvuvDNAOlTL -OT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30dDSV70qZAgMBAAGjggF+ -MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNzicNBZOfX14EjiqV810pg06iD7MIHr -BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV -HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEY2x0MTAN -BgkqhkiG9w0BAQsFAAOCAQEArYCD3awXnNrKccaZE8e1t7RpqfoP3fq2T6IZEDrq -fjfhqCmgRXZ+0qgIF/ZKrZ4xrbG05Vo/SuMv4/o3Dj0EyqqajU5vojWuSDeeo8yD -ITQ0L+JxxlGhW0at1RAm6uJLGN+O4qus4zuip/uZ8g4FO3Y48Bj9RJPBBnkd1cOm -v8EKmNiBmmaphULA/t3/7yFuAJ9oCt+XyF7z1sH7BtZAPRRZpzr1yXD9sZOIXxhF -XViXYGqqpm503g66zJu/NTyz9gwcSHxdcHPbc9soqbi8Gh64HNU2A/MikdHnjes2 -APkQshYrZeRuGp5fzfD9nzmPcTXeXFeoGtD6JRKA+5rauw== ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/ca.crt b/tests/cfg/pki/keys/ca.crt deleted file mode 100644 index c482b08..0000000 --- a/tests/cfg/pki/keys/ca.crt +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFEjCCA/qgAwIBAgIJAPkvxosO8eueMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTYwODI2MTcwNjMx -WhcNMjYwODI0MTcwNjMxWjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw -EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG -A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv -biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0 -Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NZs05qa -+/07CjD+XWYienpCY0MSwQIWfzdMMCYhj9XdLYVS78Qt543nQ+KFdlIUvXKZteMz -0eYhPrRuqO+IJqBY/c35HLbz1RWhPta7UzUY2iFK+b2ja55KJvpoTESXWhrX5dNS -qzkuoYScn8FDADWbT04kcJmJYwcCucZl++as8yNQrNgOeItZbj9xiFpkq8Xy0aQ0 -U0G7+Ip1+Z3TNzP/sZ5Jg5CIuZhs7+pkoFqrEJhSpjAdAXb5ZdioLsqE7sDSyeVa -8RM6a9y3fVAGY45/oZ02i/cAoWz9Oe4702QnhxHwdwEBF3JOHwdDDhrZdF9PmCKB -4cMZ+8gCs8vIewIDAQABo4IBHzCCARswHQYDVR0OBBYEFOMr5HTPm7xubeZSHREE -/GYfJUpzMIHrBgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5 -MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j -aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph -dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF -YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aL -DvHrnjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAP8mlnPOO15Xsl -DBAI3/PD7HbgPfQCq/7mOkW+QFFMOZ4HqZcgdVUM/yhkzpEQJBrQgYr4X1I48D8N -bdcG8JEEOXwgj/xu1M+buZIeh0vBQ1j4zNjzYhcho5kiUwW8vVvHyFhugfZUpQZL -WnR8GTP00/XuBNqTuXBnBzT8/MTBec4TDPfG7f0Tyosypvg9R8TYuZmYU8qdpVMA -W4JxpVGmCyUTi/7gQnntpUm7fbCwD166/phJXU5tuMyDdNuejd3mmkM4euHpL07m -CD5kizBstiHWRrb0vOzvZenZg8pCzJjSTJhfA1gPd4z1XUYN5HRWqqcE2UiR88b+ -OChbJBgi ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/ca.key b/tests/cfg/pki/keys/ca.key deleted file mode 100644 index 53888de..0000000 --- a/tests/cfg/pki/keys/ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDU1mzTmpr7/TsK -MP5dZiJ6ekJjQxLBAhZ/N0wwJiGP1d0thVLvxC3njedD4oV2UhS9cpm14zPR5iE+ -tG6o74gmoFj9zfkctvPVFaE+1rtTNRjaIUr5vaNrnkom+mhMRJdaGtfl01KrOS6h -hJyfwUMANZtPTiRwmYljBwK5xmX75qzzI1Cs2A54i1luP3GIWmSrxfLRpDRTQbv4 -inX5ndM3M/+xnkmDkIi5mGzv6mSgWqsQmFKmMB0Bdvll2KguyoTuwNLJ5VrxEzpr -3Ld9UAZjjn+hnTaL9wChbP057jvTZCeHEfB3AQEXck4fB0MOGtl0X0+YIoHhwxn7 -yAKzy8h7AgMBAAECggEAPoNQaYJifRruqVqki2hBPjoEn8UGkBv94ZWrUgURHH8T -PJiJOJUlanp6b6zryEnpf49WaF74THFMWG+EhSf9lGLKYJmLzoxJ5883kg5d7N2O -lBrtO5cgla5jVzl7QtNupO93dDByeooMETKzEhUgicI1AMER4OSnvqdDfK8yKx8X -ej3/t/7zoH4+WCZuRuJs6yo8KdVckr0Kc7T/9aksr3mk8aq/o4FvBMBMswVki5UF -bw6veVmvvpW+Dy3Z8nmsov1QKi4GgHG0ZorgezwaUp7xVdzWsd1EpVNFWKBJ2s0G -WBn/A3ihTom8BUICqQNSfPVxUUKkR+CzuqeWN6QegQKBgQDym/+vHWuLlAQMNj1J -Cp0ql4DlaGQGCgyJBYObHTk7H03/D3ZyQj1olJ/NCYWY9txXyEVtqvGejKWkhyHR -VS1/K/EB4xkacTC0mXxn8CaN3wM2+ayIZCS1FVLILhvSSNhSThy2FoR5pZ1CVGmC -RooCO3g4B45TazTS8nyXk9qsQQKBgQDglcJ6xBgGeJDW5vOdwtH2lxgEKsou5XsV -tRJ7p7LvrKyi+ZcFCqZi1qIvlRR8fbsd25mFPRZXgxhDDMIFud9sxO1TSEDWslcK -cKYKBU0KCxqScZHmwv/P6IH1y68OW//85JUBYf53k4TesX5GQ+brx4a7+c3d9+EZ -GHA7nca1uwKBgQCFWFLHOB9lPzyeTa2PmOLbhxwUezUG0L0lDr/QINbU9RbUivYq -RNglxBK1CnfApGZlZTEr3togr+NXM+LVgMCZ9lfoFp80lmQTz4y+QBOgxKOqsr4u -1QQL96VhW151TQ6A5mgHeQblKa7uxyCatxSht3gTK6wBk5ocG6V5Vo3JQQKBgEHj -TeIsg4vqdTvHF/PRwz2gCFi4oQZvJtQwglKq2XE9bIyHwwmknTnkFEL3bsIzNOFG -mtyfFl3oRQbuyEFbzbOgdqv3R6Z1Pdn/QIcyFO78YPhTv2U/EkPRx8bv0dTZotlz -yk9Ui45TRij7U7uTkjzcFagyWnZjkbOGGu8yk6ifAoGBAJn8JqkQLryz/eAzM9vw -YIjEXxh4pqvflQtlD5rK+PSxceq7pDObaRyPx38Sv0G+usAPjSUGUiUaVwqhaqVG -pPKqCJtUtBpSHClZzHuUnh91BAE0c5V1zJI9GNCccKy94A1cIP9fApP7aqLn6uaP -rr/mnZBf1ip0YN6dTEtUh5iW ------END PRIVATE KEY----- diff --git a/tests/cfg/pki/keys/clt1.crt b/tests/cfg/pki/keys/clt1.crt deleted file mode 100644 index 8b33bf7..0000000 --- a/tests/cfg/pki/keys/clt1.crt +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 5 (0x5) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:56 2016 GMT - Not After : Aug 24 17:08:56 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=clt1/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:d5:f2:1c:23:59:41:87:a7:68:06:7d:2f:5f:aa: - 88:16:4a:91:59:11:7f:d9:28:d1:ec:d6:c9:bc:b0: - 6b:90:ee:44:94:44:e7:d4:b9:11:48:f7:f1:ca:9e: - f8:ce:02:44:b2:7b:90:3d:e1:97:42:b1:02:fe:ab: - 1c:2a:89:81:50:81:42:9f:7f:87:41:87:be:b5:bc: - c0:9f:33:81:26:81:86:24:a9:4c:72:6c:7f:e9:a8: - 71:1f:aa:45:4a:38:bd:c8:57:c4:25:8c:47:14:d0: - e0:60:4b:07:ee:bb:52:b9:95:d3:66:24:c4:6b:79: - 36:83:af:6b:b8:01:8f:67:f2:81:7f:3e:fe:c3:4f: - 72:ac:06:65:43:39:0f:fc:5f:71:bc:5c:12:f6:36: - ef:27:61:a0:32:4c:d1:cd:e1:15:e2:64:b5:fd:fd: - 54:d5:63:45:a1:96:9a:38:50:c5:b7:7e:0e:fb:96: - d9:a7:a7:4f:58:58:af:a1:17:50:fa:66:62:43:1e: - 8a:38:6a:7c:54:3f:8d:5a:12:5c:e3:cc:95:55:25: - 9b:ee:bc:33:40:3a:54:cb:39:3e:6c:17:30:79:fa: - 24:ba:1c:5a:54:ff:b0:30:11:d4:aa:92:5a:d7:a6: - 39:16:45:d7:74:fe:40:9c:d4:cd:f4:74:34:95:ef: - 4a:99 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - DC:E2:70:D0:59:39:F5:F5:E0:48:E2:A9:5F:35:D2:98:34:EA:20:FB - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:clt1 - Signature Algorithm: sha256WithRSAEncryption - ad:80:83:dd:ac:17:9c:da:ca:71:c6:99:13:c7:b5:b7:b4:69: - a9:fa:0f:dd:fa:b6:4f:a2:19:10:3a:ea:7e:37:e1:a8:29:a0: - 45:76:7e:d2:a8:08:17:f6:4a:ad:9e:31:ad:b1:b4:e5:5a:3f: - 4a:e3:2f:e3:fa:37:0e:3d:04:ca:aa:9a:8d:4e:6f:a2:35:ae: - 48:37:9e:a3:cc:83:21:34:34:2f:e2:71:c6:51:a1:5b:46:ad: - d5:10:26:ea:e2:4b:18:df:8e:e2:ab:ac:e3:3b:a2:a7:fb:99: - f2:0e:05:3b:76:38:f0:18:fd:44:93:c1:06:79:1d:d5:c3:a6: - bf:c1:0a:98:d8:81:9a:66:a9:85:42:c0:fe:dd:ff:ef:21:6e: - 00:9f:68:0a:df:97:c8:5e:f3:d6:c1:fb:06:d6:40:3d:14:59: - a7:3a:f5:c9:70:fd:b1:93:88:5f:18:45:5d:58:97:60:6a:aa: - a6:6e:74:de:0e:ba:cc:9b:bf:35:3c:b3:f6:0c:1c:48:7c:5d: - 70:73:db:73:db:28:a9:b8:bc:1a:1e:b8:1c:d5:36:03:f3:22: - 91:d1:e7:8d:eb:36:00:f9:10:b2:16:2b:65:e4:6e:1a:9e:5f: - cd:f0:fd:9f:39:8f:71:35:de:5c:57:a8:1a:d0:fa:25:12:80: - fb:9a:da:bb ------BEGIN CERTIFICATE----- -MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg1NloXDTI2MDgy -NDE3MDg1NlowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwRjbHQxMRAwDgYDVQQpEwdFYXN5 -UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8hwjWUGHp2gGfS9fqogWSpFZEX/ZKNHs -1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+qxwqiYFQgUKff4dBh761 -vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBgSwfuu1K5ldNmJMRreTaD -r2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAyTNHN4RXiZLX9/VTVY0Wh -lpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41aElzjzJVVJZvuvDNAOlTL -OT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30dDSV70qZAgMBAAGjggF+ -MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNzicNBZOfX14EjiqV810pg06iD7MIHr -BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV -HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEY2x0MTAN -BgkqhkiG9w0BAQsFAAOCAQEArYCD3awXnNrKccaZE8e1t7RpqfoP3fq2T6IZEDrq -fjfhqCmgRXZ+0qgIF/ZKrZ4xrbG05Vo/SuMv4/o3Dj0EyqqajU5vojWuSDeeo8yD -ITQ0L+JxxlGhW0at1RAm6uJLGN+O4qus4zuip/uZ8g4FO3Y48Bj9RJPBBnkd1cOm -v8EKmNiBmmaphULA/t3/7yFuAJ9oCt+XyF7z1sH7BtZAPRRZpzr1yXD9sZOIXxhF -XViXYGqqpm503g66zJu/NTyz9gwcSHxdcHPbc9soqbi8Gh64HNU2A/MikdHnjes2 -APkQshYrZeRuGp5fzfD9nzmPcTXeXFeoGtD6JRKA+5rauw== ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/clt1.csr b/tests/cfg/pki/keys/clt1.csr deleted file mode 100644 index 661d7c3..0000000 --- a/tests/cfg/pki/keys/clt1.csr +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE -BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT -FE15T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwRjbHQxMRAwDgYDVQQpEwdF -YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV8hwjWUGHp2gGfS9fqogWSpFZEX/Z -KNHs1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+qxwqiYFQgUKff4dB -h761vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBgSwfuu1K5ldNmJMRr -eTaDr2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAyTNHN4RXiZLX9/VTV -Y0Whlpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41aElzjzJVVJZvuvDNA -OlTLOT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30dDSV70qZAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAQEAk0u+mwQtAqx5g6BLXTgSwzcHGpxItbOasuIv -8BtQsVoIvbVzUu8v83BjJK2OfusTqgLQvDafAbCPn7LUbKFLW6/tHtsgdCDEuY1R -+1FuFmI16E2OukJc8A/rfkIrYl9uV5VKE3irU5rGF0EMWwfixxu8Vnv9VzTPEoL6 -B8rqAKE6uFm9IKoJPeDb/nv73PhpPbU76qb/aYJ60Hh1jEXAe8THKxU1oH2z2DWx -4kYCncjjfhrwaQZQ9FHH8/gZ1Xjn55+fAz82rPPdZVtJM2PlGUzzLfaDn9En4tU9 -vVt1/5NU4gZeUVuPH0wyjeNDSZmczX610k+Me4eccKspOtIL2A== ------END CERTIFICATE REQUEST----- diff --git a/tests/cfg/pki/keys/clt1.key b/tests/cfg/pki/keys/clt1.key deleted file mode 100644 index d89d5ce..0000000 --- a/tests/cfg/pki/keys/clt1.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDV8hwjWUGHp2gG -fS9fqogWSpFZEX/ZKNHs1sm8sGuQ7kSUROfUuRFI9/HKnvjOAkSye5A94ZdCsQL+ -qxwqiYFQgUKff4dBh761vMCfM4EmgYYkqUxybH/pqHEfqkVKOL3IV8QljEcU0OBg -Swfuu1K5ldNmJMRreTaDr2u4AY9n8oF/Pv7DT3KsBmVDOQ/8X3G8XBL2Nu8nYaAy -TNHN4RXiZLX9/VTVY0Whlpo4UMW3fg77ltmnp09YWK+hF1D6ZmJDHoo4anxUP41a -ElzjzJVVJZvuvDNAOlTLOT5sFzB5+iS6HFpU/7AwEdSqklrXpjkWRdd0/kCc1M30 -dDSV70qZAgMBAAECggEAdX75pRAnxPBTWPz3P3rQMi3RlTDfHcwlPgTX1iCtcnLo -huUwzMq2i3Rf/f9AdSMZx0vE87co8x9znZkrZtENi8DxbdcD2SFLw1NeFhCbJSKN -ISU5Lr4XoaM4PUOtug1fbN+GgXiAsRXlo/yQ5rNJw1JdPwOCO+Pd5IQ6jFuO/m5X -T2ZpsmSeI0q8f5oe4mjKelyMJhbO4eBZiZg421Q7BkWqc+waeEaFWjppmaaiqA/7 -sva3KSP/GyEyc3a62vsE2f0zqkc9xQo1s4GTgBt4AOWuOe6oDxhaNygU66LeOLUH -yL/qfbzd4c8kdZieeMC2vZU/6fmPfPJ0HsUjllXW4QKBgQDsB8w8ydfYai4c6yHF -ntaDZ32JYbPfWwQ+sI9AhlNfV8aSoO8Vhkn1aPgS+AYq+7SwV3CKJPeClRr88gU6 -/utZ19uPRAckng0ZvdejUe6saMVLCG3FgskONc/a8wBv1JBuq37cQbrd+Fr+A6bU -5BwxoRMch/QMlg42DXBWTLSvPwKBgQDoC/o7gqs1XxYFsh54iYWnIBJUEu0XP15E -XACUf2UKSGEicRhjIDR45oMTFhGdh+43Etzkes/VavwNAqaNzggJPKUJz0SAbDmo -mhKAqAJE5u4e8V4P+3ZUpE20lpC8d4b0fm3JM7UP6IdH91e4lXyangZr875mZRrM -z+d1KgloJwKBgQCkUy17KN9wWUQvd/g0OMiKBbQdwHrVRu2mo4+oUZyb5WVnUkoB -x1OYWvNTaYAJzuHWX5oHY4M6U4rNjcXcc/vwudqvXKJIeQ0P3d7SYslzGSI6gezC -tLI7hXVnrwSf1vKTSixxNgXeYfkfnfU5hHKojsbad0COvq24LhUG0DJ/SwKBgQCg -xcOvPb6fsOzSL3H7M9U9UPRB+gb5B3epx1DDkmyQLkvWkCNEcsjIR3XjYHP+AHMl -B1WynACproFKBl8devWIaNM0M74TeGiOj4loSH+h+5paKANy8VgwFtKb34ISgoIn -nf003TWC+ynXy+CkTDZT7k8mtm9iBIUICLgmLmTsGwKBgFoLwh1kCjIKqmjSnZdS -OzTpAa49xDE0fkGXWCnW2E+KMIBZE/VOPh0MYj2YWThKqt5yEk+tPmxiyxvo5ohH -2GZKOzkcsOpZROaNfX/9edPDsL0VYHv0IDPDcoJyiEGANh0VwIqFUAX6Hmwzno6Q -nw7R4xO7SN9M9fxuexGrU3Ba ------END PRIVATE KEY----- diff --git a/tests/cfg/pki/keys/index.txt b/tests/cfg/pki/keys/index.txt deleted file mode 100644 index 56e0993..0000000 --- a/tests/cfg/pki/keys/index.txt +++ /dev/null @@ -1,5 +0,0 @@ -V 260824170732Z 01 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=-h/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170814Z 02 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170843Z 03 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170844Z 04 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170856Z 05 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=clt1/name=EasyRSA/emailAddress=me@myhost.mydomain diff --git a/tests/cfg/pki/keys/index.txt.attr b/tests/cfg/pki/keys/index.txt.attr deleted file mode 100644 index 8f7e63a..0000000 --- a/tests/cfg/pki/keys/index.txt.attr +++ /dev/null @@ -1 +0,0 @@ -unique_subject = yes diff --git a/tests/cfg/pki/keys/index.txt.attr.old b/tests/cfg/pki/keys/index.txt.attr.old deleted file mode 100644 index 8f7e63a..0000000 --- a/tests/cfg/pki/keys/index.txt.attr.old +++ /dev/null @@ -1 +0,0 @@ -unique_subject = yes diff --git a/tests/cfg/pki/keys/index.txt.old b/tests/cfg/pki/keys/index.txt.old deleted file mode 100644 index ac55022..0000000 --- a/tests/cfg/pki/keys/index.txt.old +++ /dev/null @@ -1,4 +0,0 @@ -V 260824170732Z 01 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=-h/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170814Z 02 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170843Z 03 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain -V 260824170844Z 04 unknown /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain diff --git a/tests/cfg/pki/keys/serial b/tests/cfg/pki/keys/serial deleted file mode 100644 index cd672a5..0000000 --- a/tests/cfg/pki/keys/serial +++ /dev/null @@ -1 +0,0 @@ -06 diff --git a/tests/cfg/pki/keys/serial.old b/tests/cfg/pki/keys/serial.old deleted file mode 100644 index eeee65e..0000000 --- a/tests/cfg/pki/keys/serial.old +++ /dev/null @@ -1 +0,0 @@ -05 diff --git a/tests/cfg/pki/keys/ts.uts-server.org.crt b/tests/cfg/pki/keys/ts.uts-server.org.crt deleted file mode 100644 index 60814a2..0000000 --- a/tests/cfg/pki/keys/ts.uts-server.org.crt +++ /dev/null @@ -1,99 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:14 2016 GMT - Not After : Aug 24 17:08:14 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=ts.uts-server.org/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:d3:50:7a:93:b7:10:8e:d2:2e:31:30:f6:10:9f: - bc:d6:db:ab:f0:4c:96:46:d2:bf:b2:2a:a0:f6:f7: - 5c:48:83:66:54:75:3e:a3:25:20:89:2d:f7:9a:c5: - 32:12:b1:32:a0:99:27:f4:9c:f0:e8:a2:19:9b:83: - a6:e1:aa:42:0a:f4:0b:81:a2:9c:3e:f2:5a:1c:ad: - 5e:f8:24:12:e9:ec:75:cc:43:7c:6b:16:9a:5f:aa: - 9e:39:b5:9f:2c:3e:b0:3f:cd:31:7f:90:46:a9:60: - 74:d3:e0:18:e8:ee:0e:71:bf:37:bc:fe:2b:94:33: - 61:3d:01:02:ed:f8:b8:66:6a:9f:76:c0:06:c8:06: - 2b:70:5e:87:d2:17:b7:cd:aa:40:1f:ae:af:a4:c7: - 3f:60:bc:be:54:ee:30:4e:fe:8e:2d:32:27:5c:f9: - af:2f:f9:f1:d2:2b:08:b5:6d:89:8b:84:3e:e9:d4: - e8:0b:c4:d7:5f:07:4e:96:5c:a2:4b:63:ef:a8:49: - 55:39:55:34:1d:b5:ce:8e:5d:13:69:8d:52:d5:1e: - 30:f9:ed:73:0b:2b:7d:8c:e1:c0:93:a9:28:20:d7: - f0:ec:04:37:bf:4b:85:0e:e2:3a:e8:54:ad:d9:e3: - 27:8f:c7:43:8e:65:e1:f9:51:f0:c3:96:f2:0e:8d: - 83:79 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - FF:2D:69:50:05:46:A3:95:F4:A3:E0:2E:34:39:EF:9B:BC:E2:F0:86 - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:ts.uts-server.org - Signature Algorithm: sha256WithRSAEncryption - d2:ff:65:c8:fe:69:7d:fd:99:b9:4e:4c:c3:fe:ff:97:74:59: - a1:89:b6:47:b3:10:79:76:ee:7b:0b:26:7e:db:cd:fd:e1:52: - 4b:94:78:3e:72:ba:8c:58:48:4f:67:ef:05:29:9e:7b:1a:07: - 82:72:27:67:78:ef:43:e1:67:08:73:2c:11:e1:91:f4:4e:73: - 5a:a8:09:61:9f:33:d1:33:c7:43:10:8b:a9:e8:16:63:97:e9: - 81:63:74:f4:5a:b5:fc:88:46:a6:c9:c4:89:23:1d:ac:4a:02: - 3f:29:ae:59:a2:6f:37:a1:27:e1:6e:34:c8:99:35:0b:50:5e: - bc:3d:64:01:7e:5e:4e:ee:79:48:a9:e6:26:bb:2d:f8:18:88: - ea:22:df:8e:7b:71:24:c1:6b:17:26:4c:96:0c:d0:d2:b4:29: - 9a:1d:9a:ae:26:2b:aa:95:a9:9b:15:58:a6:9a:c4:5b:48:64: - ff:e0:e6:fb:53:37:0d:20:83:94:95:4e:5a:b9:3c:62:47:bc: - fb:6d:0a:eb:f2:b1:9c:d7:ee:30:9b:07:9f:1a:27:1f:e0:bb: - 5e:36:4b:06:19:10:89:43:14:98:fc:cd:52:82:48:59:cc:77: - 64:bd:ff:e7:b4:b1:00:ad:7a:94:c6:47:c7:f9:32:25:ad:2c: - 14:e6:1c:df ------BEGIN CERTIFICATE----- -MIIFeDCCBGCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDgxNFoXDTI2MDgy -NDE3MDgxNFowgbgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MRowGAYDVQQDExF0cy51dHMtc2VydmVyLm9yZzEQ -MA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9t -YWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01B6k7cQjtIuMTD2 -EJ+81tur8EyWRtK/siqg9vdcSINmVHU+oyUgiS33msUyErEyoJkn9Jzw6KIZm4Om -4apCCvQLgaKcPvJaHK1e+CQS6ex1zEN8axaaX6qeObWfLD6wP80xf5BGqWB00+AY -6O4Ocb83vP4rlDNhPQEC7fi4ZmqfdsAGyAYrcF6H0he3zapAH66vpMc/YLy+VO4w -Tv6OLTInXPmvL/nx0isItW2Ji4Q+6dToC8TXXwdOllyiS2PvqElVOVU0HbXOjl0T -aY1S1R4w+e1zCyt9jOHAk6koINfw7AQ3v0uFDuI66FSt2eMnj8dDjmXh+VHww5by -Do2DeQIDAQABo4IBizCCAYcwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz -eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT/LWlQBUajlfSj -4C40Oe+bvOLwhjCB6wYDVR0jBIHjMIHggBTjK+R0z5u8bm3mUh0RBPxmHyVKc6GB -vKSBuTCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5G -cmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdh -bml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UE -KRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluggkA -+S/Giw7x654wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBwGA1Ud -EQQVMBOCEXRzLnV0cy1zZXJ2ZXIub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQDS/2XI -/ml9/Zm5TkzD/v+XdFmhibZHsxB5du57CyZ+28394VJLlHg+crqMWEhPZ+8FKZ57 -GgeCcidneO9D4WcIcywR4ZH0TnNaqAlhnzPRM8dDEIup6BZjl+mBY3T0WrX8iEam -ycSJIx2sSgI/Ka5Zom83oSfhbjTImTULUF68PWQBfl5O7nlIqeYmuy34GIjqIt+O -e3EkwWsXJkyWDNDStCmaHZquJiuqlambFVimmsRbSGT/4Ob7UzcNIIOUlU5auTxi -R7z7bQrr8rGc1+4wmwefGicf4LteNksGGRCJQxSY/M1SgkhZzHdkvf/ntLEArXqU -xkfH+TIlrSwU5hzf ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/ts.uts-server.org.csr b/tests/cfg/pki/keys/ts.uts-server.org.csr deleted file mode 100644 index 7a27d15..0000000 --- a/tests/cfg/pki/keys/ts.uts-server.org.csr +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIC/jCCAeYCAQAwgbgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE -BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT -FE15T3JnYW5pemF0aW9uYWxVbml0MRowGAYDVQQDExF0cy51dHMtc2VydmVyLm9y -ZzEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0Lm15 -ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01B6k7cQjtIu -MTD2EJ+81tur8EyWRtK/siqg9vdcSINmVHU+oyUgiS33msUyErEyoJkn9Jzw6KIZ -m4Om4apCCvQLgaKcPvJaHK1e+CQS6ex1zEN8axaaX6qeObWfLD6wP80xf5BGqWB0 -0+AY6O4Ocb83vP4rlDNhPQEC7fi4ZmqfdsAGyAYrcF6H0he3zapAH66vpMc/YLy+ -VO4wTv6OLTInXPmvL/nx0isItW2Ji4Q+6dToC8TXXwdOllyiS2PvqElVOVU0HbXO -jl0TaY1S1R4w+e1zCyt9jOHAk6koINfw7AQ3v0uFDuI66FSt2eMnj8dDjmXh+VHw -w5byDo2DeQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAL+AN6jZ6QA2yxFk2rWy -4dqrDl+FGsxwIM9FTDD527+PgA0by8bPCLG+f/ep4HdH9CNJhmhArBcRLUs80b7H -fO8tvqDC7IE4Xahpc4sZHL2wJC0dVFsGtSk5wUmW9JnF2p0xy8EVF7aOYAalC1Lo -10y+6JqKZOyJOeLTjhmjpjtYI9qP8ss61Vw7Z8AkDJHelw/Bv2SYQ6uztDm8PvVW -aESnloNlAUmaqVqG+iDZ0ZaSyPy9Haf/O1kygyu7ganS+jXHm3T8LoCNYTCb03IV -zNVSP+N07sNfSGErhmMPi2MO5ahEJaTxfjo31MqvwOl4S45zjjnQoFc2HWEjX1OH -YlE= ------END CERTIFICATE REQUEST----- diff --git a/tests/cfg/pki/keys/ts.uts-server.org.key b/tests/cfg/pki/keys/ts.uts-server.org.key deleted file mode 100644 index 0bb744e..0000000 --- a/tests/cfg/pki/keys/ts.uts-server.org.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDTUHqTtxCO0i4x -MPYQn7zW26vwTJZG0r+yKqD291xIg2ZUdT6jJSCJLfeaxTISsTKgmSf0nPDoohmb -g6bhqkIK9AuBopw+8locrV74JBLp7HXMQ3xrFppfqp45tZ8sPrA/zTF/kEapYHTT -4Bjo7g5xvze8/iuUM2E9AQLt+Lhmap92wAbIBitwXofSF7fNqkAfrq+kxz9gvL5U -7jBO/o4tMidc+a8v+fHSKwi1bYmLhD7p1OgLxNdfB06WXKJLY++oSVU5VTQdtc6O -XRNpjVLVHjD57XMLK32M4cCTqSgg1/DsBDe/S4UO4jroVK3Z4yePx0OOZeH5UfDD -lvIOjYN5AgMBAAECggEBAKa35h3I3v1vghY5ZMn03U4+/kaWhjHWcHum+lwfCOYF -FaUo44Rf9G2GoMWxMzJgL2tZqpZphABmdAGoOu/sHjL6HGHo45EeME5T0ovAGlQI -xV+lFvJ+YMl9mVw6mRyVUQTlZVoZgEZ93W6UbdLIjwjbLqSje8pvRxaUR7Vs+D+E -DBBiAGWu74HKNzQ8GvoEZ/1tjI6/EZUrNY6tIJ7I4XyVoiPWnoXlOp0tmgJZLpRv -sTAmUlPoy/gYSxrMY0Ld/ar+gPscSl4KCiCjdH76BjAoTYCb3QyM1olNDOMSbXoP -tvpb3IFAwxs82yn+clpGXAu9v76jU0Sw8HODO0+HVAECgYEA99W+rbtLL0OPIyEY -6JzeEMf4WoIdwl/lzFFIKmZuEJEjrrFTRktiWuBp1V1BAfrUw3UWj2D0OXo45mQA -WVSO9Ked6yMbd98lELkc/n6GXvrDBfgyXyWwsGh9GJXZ+Apn41Ze1p6n0zEel1Fk -MN0AaleCHPf7Y5ZbVbf23d1nXbkCgYEA2ka3nNdhiHwZEfoB2mtF1Sonn301hdCk -Wgvz+ehRv9Z2tSU+mpROjIZ5Th68UuXIeiPLxXN01Z5cdQjNwNpjBiXFpTHRBdXg -woh9snV/ABTJRYUqPabUVMLb8kRL0D4PZy3CLjH92hvKmSYG+WofYNUU1zrbAx1h -RA2JucWUM8ECgYEAxmbdxBUJJmguQZAwcZ+LAuIjRsmda0r8GyoC3LatbCPU7ffV -U5PrxBadgwqpjR0xkNu+WL/kI9Ndk8sAoILaAq/g8ylixv7jnFSlCnNdvNGAqNm9 -8X+pyD+Nzc3A9hnWex9cwvG2JpLPC5JD4/44Y+l0Jx66qEnpCmFAhvLE2jkCgYAs -dpdUhbNCgDUDKnBSM+PnxkyH+pN6jMPN6/1o/OAaOe+4ervD9U4C5imztiMap+As -sToDIL+9/CJNXNu82z+ssukN+5XeoHDGb9NbFQAn3hQZ60RthpxeH8t6EFt5Mgsl -M3cIvfo+AcdFZy+oguudaAp0xXJzsfpsSG2zwAGugQKBgQCkpLHyZLCD2ciOYg4f -V3NqpxviGAYx1FBSr6S97xA1dD7SnH8Mrv/ldxsK0ScGJVFjrGEFiU19HWoIYE9a -4//CVir2hxQ5Z8Ejp9ugTxbKcUukVoHbIw0PnWMJShQNbaGonn8pFJH7BJUZ0eI+ -UhK6b0mz4qIixnYJBxuczj8WGA== ------END PRIVATE KEY----- diff --git a/tests/cfg/pki/keys/tsa1.crt b/tests/cfg/pki/keys/tsa1.crt deleted file mode 100644 index 19d8795..0000000 --- a/tests/cfg/pki/keys/tsa1.crt +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:43 2016 GMT - Not After : Aug 24 17:08:43 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa1/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c8:00:8c:27:a0:52:ac:87:1f:e5:b4:1c:2d:be: - af:a0:8b:aa:ea:1b:8d:02:30:41:00:1b:3a:34:dc: - 6f:04:5d:9f:c5:59:6f:a5:fa:d5:1e:3c:0e:22:52: - 10:1e:7e:b2:48:b1:65:cd:0c:be:55:60:0e:98:d2: - 34:8d:e9:9b:50:a2:98:92:6b:6a:09:db:9e:f6:f7: - 80:22:d1:8b:f3:71:6e:bd:53:b3:fb:23:70:4e:01: - 20:73:75:12:20:87:37:d3:ca:e5:0b:ff:ba:5e:bd: - ad:cd:ff:05:e2:91:31:7c:b1:99:34:ef:d2:6f:1e: - 22:fe:77:e9:40:ac:8b:dc:f0:e8:23:04:f6:b7:b3: - 60:34:2c:82:df:3c:3d:ca:14:52:d8:8a:57:1f:40: - 1b:70:a2:ac:65:df:54:87:ba:7d:85:7b:d8:93:bd: - 8e:85:fc:de:9a:0b:6a:88:52:b2:27:1b:0c:16:e0: - 87:ba:7c:c9:94:a3:f7:10:79:88:0e:96:b4:a7:40: - 76:00:58:b1:5a:ab:50:89:55:f6:f8:48:4f:76:66: - e5:1c:fa:bb:7a:59:57:df:33:57:7b:d4:0c:36:7f: - d6:6e:0a:40:a2:06:b7:c0:f2:31:f7:55:11:20:74: - cf:68:b2:b2:96:74:4c:58:a0:3e:ec:ee:8e:df:d1: - 51:ff - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - 6D:48:DA:1F:19:A2:88:71:0F:3D:80:5D:AB:44:5C:F5:06:B5:BB:0B - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:tsa1 - Signature Algorithm: sha256WithRSAEncryption - a2:b6:e1:66:78:ff:d0:f1:53:58:2f:8a:26:0b:c1:7f:71:f8: - 9a:d1:fa:70:f8:5b:b7:ce:da:79:92:52:0b:5f:d1:ed:c1:86: - eb:bc:29:f7:ed:0f:5b:c4:10:ab:a3:ce:9e:97:c8:a0:c8:5c: - af:bc:f2:58:77:00:59:69:85:2f:a1:16:92:45:b8:a9:3b:8d: - 8c:bd:1a:bb:08:07:79:6d:6a:e9:8b:7c:fb:fb:0e:72:0a:e1: - fa:4c:ca:d5:d6:99:fc:2c:5f:1d:8a:28:38:da:bd:d4:88:36: - a2:a4:1a:e5:f9:77:72:e6:ed:13:62:31:19:79:ec:ad:9e:b5: - d1:92:7a:cf:f8:e0:ad:56:dd:5b:68:c6:64:c5:32:51:83:0e: - 89:17:14:22:29:53:09:bb:49:06:3a:f1:02:8f:de:fc:94:59: - 82:3d:d1:97:d8:70:53:ff:b5:0d:04:6f:2a:3f:30:50:7b:b1: - 61:b3:a3:10:ee:94:dd:de:b8:ac:7c:0d:a4:af:f6:c2:8a:74: - dd:e8:95:db:ee:ab:d5:ef:68:0a:96:7c:46:05:93:12:93:d8: - 84:5a:6d:38:ff:69:40:51:84:29:62:91:62:7b:af:17:18:b7: - bb:59:19:89:89:89:5d:75:54:92:bf:75:2f:7e:e4:fb:eb:a7: - ae:b5:a2:2f ------BEGIN CERTIFICATE----- -MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0M1oXDTI2MDgy -NDE3MDg0M1owgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2ExMRAwDgYDVQQpEwdFYXN5 -UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAIwnoFKshx/ltBwtvq+gi6rqG40CMEEA -Gzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y0jSN6ZtQopiSa2oJ2572 -94Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N/wXikTF8sZk079JvHiL+ -d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl31SHun2Fe9iTvY6F/N6a -C2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJVfb4SE92ZuUc+rt6WVff -M1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s7o7f0VH/AgMBAAGjggF+ -MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG1I2h8ZoohxDz2AXatEXPUGtbsLMIHr -BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV -HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMTAN -BgkqhkiG9w0BAQsFAAOCAQEAorbhZnj/0PFTWC+KJgvBf3H4mtH6cPhbt87aeZJS -C1/R7cGG67wp9+0PW8QQq6POnpfIoMhcr7zyWHcAWWmFL6EWkkW4qTuNjL0auwgH -eW1q6Yt8+/sOcgrh+kzK1daZ/CxfHYooONq91Ig2oqQa5fl3cubtE2IxGXnsrZ61 -0ZJ6z/jgrVbdW2jGZMUyUYMOiRcUIilTCbtJBjrxAo/e/JRZgj3Rl9hwU/+1DQRv -Kj8wUHuxYbOjEO6U3d64rHwNpK/2wop03eiV2+6r1e9oCpZ8RgWTEpPYhFptOP9p -QFGEKWKRYnuvFxi3u1kZiYmJXXVUkr91L37k++unrrWiLw== ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/tsa1.csr b/tests/cfg/pki/keys/tsa1.csr deleted file mode 100644 index 2961ddb..0000000 --- a/tests/cfg/pki/keys/tsa1.csr +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE -BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT -FE15T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2ExMRAwDgYDVQQpEwdF -YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAIwnoFKshx/ltBwtvq+gi6rqG40C -MEEAGzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y0jSN6ZtQopiSa2oJ -257294Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N/wXikTF8sZk079Jv -HiL+d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl31SHun2Fe9iTvY6F -/N6aC2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJVfb4SE92ZuUc+rt6 -WVffM1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s7o7f0VH/AgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAQEAF/TgnEcEdYC0tZ/Dr3j03Y6+HMOXUDjN9yQp -1HPZlXc0cl9k3JDMEbqE3xnLF6xkk2CBfG9YkHZwUk/CcoaRAg2qF3/4SF9WfboX -42a1AcMpsbD2tbDAulndvONPREGOx+b4aUJ8ddWDnkQtx7JEoQ57GldgQ4c/bU6v -QfNAtBnnlNDvo1lOYi2RNInTHR/zui6s+z4we95FJcYkh6qlS6/o+tRYu5E7qxVl -P+66RmmlsMydIrM712O8wZSFRoRoHXqrolG+BdWK5nj2CEuhk4g8plNwcMLx/8FI -FGeKATizb4zAAtRnBH3uf3HOVkOgMdNkKJK447zuqaE/+KeG6Q== ------END CERTIFICATE REQUEST----- diff --git a/tests/cfg/pki/keys/tsa1.key b/tests/cfg/pki/keys/tsa1.key deleted file mode 100644 index 8cce4a7..0000000 --- a/tests/cfg/pki/keys/tsa1.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIAIwnoFKshx/l -tBwtvq+gi6rqG40CMEEAGzo03G8EXZ/FWW+l+tUePA4iUhAefrJIsWXNDL5VYA6Y -0jSN6ZtQopiSa2oJ257294Ai0YvzcW69U7P7I3BOASBzdRIghzfTyuUL/7peva3N -/wXikTF8sZk079JvHiL+d+lArIvc8OgjBPa3s2A0LILfPD3KFFLYilcfQBtwoqxl -31SHun2Fe9iTvY6F/N6aC2qIUrInGwwW4Ie6fMmUo/cQeYgOlrSnQHYAWLFaq1CJ -Vfb4SE92ZuUc+rt6WVffM1d71Aw2f9ZuCkCiBrfA8jH3VREgdM9osrKWdExYoD7s -7o7f0VH/AgMBAAECggEAJfRcpKR7K/yUpA3TDydRwwDeVYEW+GRZ4YBJQoDWnJh7 -2oLHelMooI07DW5PWsomYT8xF4GkmSUagAvcJ1Y+wEWq+JZj0C0adLmxWmozyeYr -4sgArtch19vE4cRExWGDybCGWQmVv6b1VdNgtYdiQcyeS3p7j9TDRVFSNZDJFgtX -QJBHNnMjP96EtVNUp3aHP/N1a+3FRqjWwCW41xqKYc2Gg9W5peZdso8/6avTu2uJ -dJB7wcccPiIAnfgX3Xs8yMdXsPVR2ZqSDKfC9dHyEO65xYLs1nDo7a6rS7OSarL+ -dOYt85AmUswdr69X72DIzaVRBxgzbg4ONlVodAIr2QKBgQD9sPTFZRsh+RoU3eWF -B4BwF/CA+KuBoKxxDtTp6ARWHal70Q4BZwg5mEhkJ2yslRwBevZHkO8DDKkB53jc -XAHcr2l9VdJni7ynrmoypvDn04vpsxnoY70klyrqSePKD93SU/Ll3hYvF0Ie1IDr -kj3/0TNPIuxzIzX3zkx2J2YerQKBgQDJ0oH79GAt3dUZTmyPvazMSR5JBUWjK0of -aHxo1jBZf9MDtTLNyDxtqKKjEEcBCWrnHt682m7BYVbuU7MC+z1rQ9pWYLDBq0XG -8aY46aR5AudG09l9VDOwZdNsghglstdDURk1zWKsS10x1JwgJdGzKCMZAxO0RrIM -Pf1znA/k2wKBgGh1OYQh6nclo7id2YjaGueM4+mm+q+IYhi3W7HoaAixc/zYiqTH -MNrOOliK5zN0vjBZ2hiDs/aUeu6eyeQqOlYNICmMcfNS1V5R8cZjeORr9btHlM5c -ayAq4m/P9uxXdiXJjUVbGdVQBVi+dUsKT18LW84k+ik6gVlE57Tq6iCNAoGBALA/ -/zYaXxgPHzefbl1FRq+Mtz8LtJnfhzbQl70yOD0gzRXy2vAtCuC1IXsIDwoPwGUg -Z2JD2+9TY4h0XeOfpy6Srg07GYG4YhJwHDqdh/4KFBGdltTFgPJuqmmbXx0lBqqK -G1sKBz7x/ewzgTjt7ijoR2ZjcoTALGNWi42334V7AoGBAPsRnyG2cmruO9/SpQxd -QOjM0QtIGUKsjssiuRMWytYFD+fCv0Ft+iwnLyxCjBY1Ad6qSwtv50hEoygHnJ5X -DiyTptqErIxpSpp0Up8LPN6sXNawM/C7wcvRBGNafK+ijjS38QiWG3enGo5sAG+Y -n6Dq8vmFQAKsFz8o1JwJGteB ------END PRIVATE KEY----- diff --git a/tests/cfg/pki/keys/tsa2.crt b/tests/cfg/pki/keys/tsa2.crt deleted file mode 100644 index 6bbeef4..0000000 --- a/tests/cfg/pki/keys/tsa2.crt +++ /dev/null @@ -1,98 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - Validity - Not Before: Aug 26 17:08:44 2016 GMT - Not After : Aug 24 17:08:44 2026 GMT - Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=tsa2/name=EasyRSA/emailAddress=me@myhost.mydomain - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9b:34:5c:6b:ac:10:e9:63:50:cd:f5:f1:9e:80: - a8:be:ed:4f:21:25:7c:54:67:8f:f0:c1:16:57:ad: - 1c:c7:14:90:8c:8d:1f:b4:e4:91:3b:fd:2c:44:a1: - c3:7d:1d:f5:cb:54:c2:45:a4:e3:e9:07:14:60:60: - 63:07:d7:6d:92:2b:99:5a:c3:c1:91:87:92:b5:6d: - 4b:d0:22:cd:62:13:34:9a:d1:c6:8f:e6:f6:df:50: - ba:1a:51:80:b8:2e:c9:dc:03:79:3d:97:a9:89:ce: - 91:68:e4:dc:90:7d:f3:aa:74:2d:48:2b:40:f5:cf: - ba:d5:e8:07:d2:34:74:e0:31:c6:e1:0c:df:89:25: - c9:49:34:f6:0d:e8:1c:05:54:4c:eb:79:7b:04:bb: - e8:1e:f9:c3:dc:f8:d7:6f:d1:c3:77:a5:97:78:45: - 1c:82:5a:52:a5:26:3e:4b:78:9e:6d:f8:75:3e:40: - b9:69:d6:e8:3f:ea:d7:6b:6e:e9:d3:a9:10:a4:92: - 5e:96:e2:d8:f3:7e:2e:35:f2:81:85:b9:6d:9c:14: - 02:38:c3:53:0f:a1:84:ef:c3:62:13:7f:10:0f:e4: - 2e:43:4d:d0:48:06:5b:38:e4:49:e1:35:13:f6:d6: - 83:1e:1c:f4:10:21:29:45:e3:48:47:01:9c:6a:4d: - b6:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - 6E:12:12:1A:40:9F:52:2F:48:9C:B5:EE:DC:BF:20:B7:7A:30:02:DC - X509v3 Authority Key Identifier: - keyid:E3:2B:E4:74:CF:9B:BC:6E:6D:E6:52:1D:11:04:FC:66:1F:25:4A:73 - DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=me@myhost.mydomain - serial:F9:2F:C6:8B:0E:F1:EB:9E - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - X509v3 Subject Alternative Name: - DNS:tsa2 - Signature Algorithm: sha256WithRSAEncryption - 89:6d:03:f4:e6:29:77:ae:b4:82:de:7b:d6:39:56:10:2f:64: - f7:68:58:6e:3b:cf:9f:96:ab:a3:66:b0:53:80:98:88:c2:70: - 3a:7e:de:d6:3f:69:ff:09:56:22:4f:b3:61:c3:43:ed:73:7f: - 9f:29:10:31:31:ba:d6:78:a2:bc:7d:45:2c:5f:5a:8a:77:62: - 3e:d8:38:fb:41:3c:54:8b:67:29:c5:d7:5a:a9:d3:a9:52:53: - 81:eb:0b:55:9e:4e:f3:73:b5:f9:87:0d:a9:59:c4:2a:66:36: - 47:bc:02:78:12:5b:12:7f:f5:c2:1c:a3:be:d0:bc:3e:72:1e: - 96:f2:a4:16:71:d8:0f:af:76:1d:44:bd:1c:ef:e9:6a:09:00: - 79:61:b1:20:83:61:1f:13:00:69:30:c6:ae:3b:31:a3:6c:db: - 67:52:5d:ef:44:14:eb:53:b4:79:39:62:53:a6:d5:ea:96:ee: - 2c:5f:38:9f:04:32:0c:39:24:e7:1c:04:79:ea:27:90:1f:e2: - b3:ed:93:a1:92:5c:c6:fa:d5:58:1f:9e:3a:a5:32:01:ce:b8: - 61:f6:fa:bd:ff:37:1c:3f:30:54:8e:69:13:91:1b:95:6c:43: - c7:23:47:c8:2b:c1:97:00:d4:9b:46:52:ae:b4:dd:da:a6:13: - a5:6b:07:dc ------BEGIN CERTIFICATE----- -MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZv -cnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV -BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3 -DQEJARYSbWVAbXlob3N0Lm15ZG9tYWluMB4XDTE2MDgyNjE3MDg0NFoXDTI2MDgy -NDE3MDg0NFowgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM -U2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsTFE15 -T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2EyMRAwDgYDVQQpEwdFYXN5 -UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNFxrrBDpY1DN9fGegKi+7U8hJXxUZ4/w -wRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRgYGMH122SK5law8GRh5K1 -bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo5NyQffOqdC1IK0D1z7rV -6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc+Ndv0cN3pZd4RRyCWlKl -Jj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi418oGFuW2cFAI4w1MPoYTv -w2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hHAZxqTbYLAgMBAAGjggF+ -MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0 -ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFG4SEhpAn1IvSJy17ty/ILd6MALcMIHr -BgNVHSMEgeMwgeCAFOMr5HTPm7xubeZSHREE/GYfJUpzoYG8pIG5MIG2MQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG -A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p -dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw -HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQD5L8aLDvHrnjATBgNV -HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEdHNhMjAN -BgkqhkiG9w0BAQsFAAOCAQEAiW0D9OYpd660gt571jlWEC9k92hYbjvPn5aro2aw -U4CYiMJwOn7e1j9p/wlWIk+zYcND7XN/nykQMTG61niivH1FLF9aindiPtg4+0E8 -VItnKcXXWqnTqVJTgesLVZ5O83O1+YcNqVnEKmY2R7wCeBJbEn/1whyjvtC8PnIe -lvKkFnHYD692HUS9HO/pagkAeWGxIINhHxMAaTDGrjsxo2zbZ1Jd70QU61O0eTli -U6bV6pbuLF84nwQyDDkk5xwEeeonkB/is+2ToZJcxvrVWB+eOqUyAc64Yfb6vf83 -HD8wVI5pE5EblWxDxyNHyCvBlwDUm0ZSrrTd2qYTpWsH3A== ------END CERTIFICATE----- diff --git a/tests/cfg/pki/keys/tsa2.csr b/tests/cfg/pki/keys/tsa2.csr deleted file mode 100644 index 1d4e782..0000000 --- a/tests/cfg/pki/keys/tsa2.csr +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE -BxMMU2FuRnJhbmNpc2NvMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xHTAbBgNVBAsT -FE15T3JnYW5pemF0aW9uYWxVbml0MQ0wCwYDVQQDEwR0c2EyMRAwDgYDVQQpEwdF -YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbNFxrrBDpY1DN9fGegKi+7U8hJXxU -Z4/wwRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRgYGMH122SK5law8GR -h5K1bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo5NyQffOqdC1IK0D1 -z7rV6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc+Ndv0cN3pZd4RRyC -WlKlJj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi418oGFuW2cFAI4w1MP -oYTvw2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hHAZxqTbYLAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAQEAVXOIPyQqN2P/ZfcdsbklM/X0d1qfFAbkBV3M -MWh5QzrmyrxPnhGnSYBvwX0thN5G8FF5jlHit67G5Le5M5feczdRSXhGlLcao/U+ -T/yr87Yojwagg9HgDGI+S82eLNSbI27x8A3dlaOGB5mPA+ff+WvRlqoC95sSDnEo -0W2cHMJTjwtj0/hDqlboh6iReXvicihdNVHJvfuED9CIOOPSLnW9WiZ+PM3GFvRi -EBZaoK/151mOqjfwIXCMelvozZG9kg8BKT+0+mtoFMHzaJWidPhArZt1hKyMc1FI -7jyUN+9X1d5piXIlN2RhO5CAx6ilhlqh7aZtEjkwnik+q8/P0w== ------END CERTIFICATE REQUEST----- diff --git a/tests/cfg/pki/keys/tsa2.key b/tests/cfg/pki/keys/tsa2.key deleted file mode 100644 index ca2d276..0000000 --- a/tests/cfg/pki/keys/tsa2.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbNFxrrBDpY1DN -9fGegKi+7U8hJXxUZ4/wwRZXrRzHFJCMjR+05JE7/SxEocN9HfXLVMJFpOPpBxRg -YGMH122SK5law8GRh5K1bUvQIs1iEzSa0caP5vbfULoaUYC4LsncA3k9l6mJzpFo -5NyQffOqdC1IK0D1z7rV6AfSNHTgMcbhDN+JJclJNPYN6BwFVEzreXsEu+ge+cPc -+Ndv0cN3pZd4RRyCWlKlJj5LeJ5t+HU+QLlp1ug/6tdrbunTqRCkkl6W4tjzfi41 -8oGFuW2cFAI4w1MPoYTvw2ITfxAP5C5DTdBIBls45EnhNRP21oMeHPQQISlF40hH -AZxqTbYLAgMBAAECggEBAI2WX/XOHAN+Gfo6szjA8LB092oqs1igvZyJ2aMUhxtK -tG+0UseIeMH8PcVCuX9LtK7Q3QYB3fT5A2rEo7NEoW3mnllCGjV0M6+VTMNM7Ibb -NHNEils+/dpN3+kgj0f3TymKdbFtyTmxm8/QcTLT5FWM9L5Qz0swPabkrTXjqvfW -pW3znLJsI/31LzFqicNRzSG3/PTE/RDhPrHnc7Evbz9TYZS8/D3FnvO8QJB8F2Uk -/0WunCYU1IKeyVwZvArTLHIAZgQoEoaQIrkfr7AGBi4/uyGPI5GvrCib3MMdBm6s -HpxQMo68MwSTm7HVLE9l7QQIGv17iGdks3WuyuUc4bECgYEAy53xVse3EBoUxRZ8 -yb1i/fr/aMYcCnPoVSHFJh6bGzxy9DeX5kOo0ksge7OgY8MWdoZWHmN3KzSAxkUF -Cgz9znRHwAP1Ka7VpFShxmgj752yNSqm7nXj9GJs9P3Y9Pwnp8LMQPOoZmWulJWT -HrxoZCpGeC5wQsZ6Ve1xcazr+skCgYEAwyIDSIBygtRjUCyoJhsJR9Vhc7FBLFBY -yqu+ZrP2HV31p99M3IT3zEfNYj97MXpE4ggCXuMsPxiHRhDbthOrO1DEDZiZ/zU7 -c9gzqGjJoa+n77T/88dDpukqm7FbB4pMiUZXj0HOYLmKppTAGO2R01xPgsOrKcU6 -yNTLUYeUwDMCgYBDQ7AAbQWKqjMGUMF0m73iDVLmt9t3kIbF6NwKFb5DpxqKlvr1 -NJDGt87JTrPDgSUgjoxQiadKfJO17AMYKOaHl15Ejook9P7axKKUur50X/IJIkf3 -Krbdes5nuJw9gjdPckirhFKzUQ/1QdxSIQeTX2vcM+seBBdR35jEZs2mEQKBgGZM -kJgT7vSz0BUaNFU121mzflGe3eIThVlLTJifRCoFNmJ56Nu7QgXwprYZPcakqTQu -qr+ALZQukcyjzevYx+5i20WdeS6Yg8Cp2fsyZHLFmi9LHtx43PjGSLYy9twvHwzg -ucq63y1KWGwYk9T9x3Odc3nEhxlw8u6S0Ly/bbaNAoGAJYp4drHJ8uLGufVURrK0 -NQJIdPl7bcRaUdzBt1bmE5IiQOqzsdDkJpN1/ZD8SVkGPni6m+ZpvOprw7gtXs3T -dQ3Ri2dMZ4VJkyACi8z21eErRjr16pi92MhZKVnk1PEsxldEPa6XdJPaBm34O+BE -rzhN9WafVc6yL45gNLnUlRc= ------END PRIVATE KEY----- diff --git a/tests/cfg/pki/list-crl b/tests/cfg/pki/list-crl deleted file mode 100755 index 32c1143..0000000 --- a/tests/cfg/pki/list-crl +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -# list revoked certificates - -CRL="${1:-crl.pem}" - -if [ "$KEY_DIR" ]; then - cd "$KEY_DIR" && \ - $OPENSSL crl -text -noout -in "$CRL" -else - echo 'Please source the vars script first (i.e. "source ./vars")' - echo 'Make sure you have edited it to reflect your configuration.' -fi diff --git a/tests/cfg/pki/openssl-0.9.6.cnf b/tests/cfg/pki/openssl-0.9.6.cnf deleted file mode 100644 index fb08fea..0000000 --- a/tests/cfg/pki/openssl-0.9.6.cnf +++ /dev/null @@ -1,268 +0,0 @@ -# For use with easy-rsa version 2.0 - -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . -RANDFILE = $ENV::HOME/.rnd - -# Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] - -# We can add new OIDs in here for use by 'ca' and 'req'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = $ENV::KEY_DIR # Where everything is kept -certs = $dir # Where the issued certs are kept -crl_dir = $dir # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir # default place for new certs. - -certificate = $dir/ca.crt # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/ca.key # The private key -RANDFILE = $dir/.rand # private random number file - -x509_extensions = usr_cert # The extentions to add to the cert - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 3650 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = sha256 # which md to use. -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_anything - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = $ENV::KEY_SIZE -default_keyfile = privkey.pem -default_md = sha256 -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString. -# utf8only: only UTF8Strings. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings -# so use this option with caution! -string_mask = nombstr - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = $ENV::KEY_COUNTRY -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = $ENV::KEY_PROVINCE - -localityName = Locality Name (eg, city) -localityName_default = $ENV::KEY_CITY - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = $ENV::KEY_ORG - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (eg, your name or your server\'s hostname) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_default = $ENV::KEY_EMAIL -emailAddress_max = 40 - -# JY -- added for batch mode -organizationalUnitName_default = $ENV::KEY_OU -commonName_default = $ENV::KEY_CN - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "Easy-RSA Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=clientAuth -keyUsage = digitalSignature - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -subjectAltName=$ENV::KEY_ALTNAMES - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -[ server ] - -# JY ADDED -- Make a cert with nsCertType set to "server" -basicConstraints=CA:FALSE -nsCertType = server -nsComment = "Easy-RSA Generated Server Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=serverAuth -keyUsage = digitalSignature, keyEncipherment -subjectAltName=$ENV::KEY_ALTNAMES - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer:always - -# This is what PKIX recommends but some broken software chokes on critical -# extensions. -#basicConstraints = critical,CA:true -# So we do this instead. -basicConstraints = CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Some might want this also -# nsCertType = sslCA, emailCA - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/tests/cfg/pki/openssl-0.9.8.cnf b/tests/cfg/pki/openssl-0.9.8.cnf deleted file mode 100644 index 90331a0..0000000 --- a/tests/cfg/pki/openssl-0.9.8.cnf +++ /dev/null @@ -1,293 +0,0 @@ -# For use with easy-rsa version 2.0 - -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . -RANDFILE = $ENV::HOME/.rnd -openssl_conf = openssl_init - -[ openssl_init ] -# Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids -engines = engine_section - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] - -# We can add new OIDs in here for use by 'ca' and 'req'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = $ENV::KEY_DIR # Where everything is kept -certs = $dir # Where the issued certs are kept -crl_dir = $dir # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir # default place for new certs. - -certificate = $dir/ca.crt # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/ca.key # The private key -RANDFILE = $dir/.rand # private random number file - -x509_extensions = usr_cert # The extentions to add to the cert - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 3650 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = sha256 # which md to use. -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_anything - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -#################################################################### -[ req ] -default_bits = $ENV::KEY_SIZE -default_keyfile = privkey.pem -default_md = sha256 -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString. -# utf8only: only UTF8Strings. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings -# so use this option with caution! -string_mask = nombstr - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = $ENV::KEY_COUNTRY -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = $ENV::KEY_PROVINCE - -localityName = Locality Name (eg, city) -localityName_default = $ENV::KEY_CITY - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = $ENV::KEY_ORG - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (eg, your name or your server\'s hostname) -commonName_max = 64 - -name = Name -name_max = 64 - -emailAddress = Email Address -emailAddress_default = $ENV::KEY_EMAIL -emailAddress_max = 40 - -# JY -- added for batch mode -organizationalUnitName_default = $ENV::KEY_OU -commonName_default = $ENV::KEY_CN -name_default = $ENV::KEY_NAME - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "Easy-RSA Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=clientAuth -keyUsage = digitalSignature - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -subjectAltName=$ENV::KEY_ALTNAMES - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -[ server ] - -# JY ADDED -- Make a cert with nsCertType set to "server" -basicConstraints=CA:FALSE -nsCertType = server -nsComment = "Easy-RSA Generated Server Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=serverAuth -keyUsage = digitalSignature, keyEncipherment -subjectAltName=$ENV::KEY_ALTNAMES - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer:always - -# This is what PKIX recommends but some broken software chokes on critical -# extensions. -#basicConstraints = critical,CA:true -# So we do this instead. -basicConstraints = CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Some might want this also -# nsCertType = sslCA, emailCA - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always - -[ engine_section ] -# -# If you are using PKCS#11 -# Install engine_pkcs11 of opensc (www.opensc.org) -# And uncomment the following -# verify that dynamic_path points to the correct location -# -#pkcs11 = pkcs11_section - -[ pkcs11_section ] -engine_id = pkcs11 -dynamic_path = /usr/lib/engines/engine_pkcs11.so -MODULE_PATH = $ENV::PKCS11_MODULE_PATH -PIN = $ENV::PKCS11_PIN -init = 0 diff --git a/tests/cfg/pki/openssl-1.0.0.cnf b/tests/cfg/pki/openssl-1.0.0.cnf deleted file mode 100644 index c301e44..0000000 --- a/tests/cfg/pki/openssl-1.0.0.cnf +++ /dev/null @@ -1,288 +0,0 @@ -# For use with easy-rsa version 2.0 and OpenSSL 1.0.0* - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . -RANDFILE = $ENV::HOME/.rnd -openssl_conf = openssl_init - -[ openssl_init ] -# Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids -engines = engine_section - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] - -# We can add new OIDs in here for use by 'ca' and 'req'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = $ENV::KEY_DIR # Where everything is kept -certs = $dir # Where the issued certs are kept -crl_dir = $dir # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir # default place for new certs. - -certificate = $dir/ca.crt # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/ca.key # The private key -RANDFILE = $dir/.rand # private random number file - -x509_extensions = usr_cert # The extentions to add to the cert - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 3650 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = sha256 # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_anything - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -#################################################################### -[ req ] -default_bits = $ENV::KEY_SIZE -default_keyfile = privkey.pem -default_md = sha256 -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation after 2004). -# utf8only: only UTF8Strings (PKIX recommendation after 2004). -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -string_mask = nombstr - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = $ENV::KEY_COUNTRY -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = $ENV::KEY_PROVINCE - -localityName = Locality Name (eg, city) -localityName_default = $ENV::KEY_CITY - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = $ENV::KEY_ORG - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (eg, your name or your server\'s hostname) -commonName_max = 64 - -name = Name -name_max = 64 - -emailAddress = Email Address -emailAddress_default = $ENV::KEY_EMAIL -emailAddress_max = 40 - -# JY -- added for batch mode -organizationalUnitName_default = $ENV::KEY_OU -commonName_default = $ENV::KEY_CN -name_default = $ENV::KEY_NAME - - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "Easy-RSA Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=clientAuth -keyUsage = digitalSignature - - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -subjectAltName=$ENV::KEY_ALTNAMES - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -[ server ] - -# JY ADDED -- Make a cert with nsCertType set to "server" -basicConstraints=CA:FALSE -nsCertType = server -nsComment = "Easy-RSA Generated Server Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -extendedKeyUsage=serverAuth -keyUsage = digitalSignature, keyEncipherment -subjectAltName=$ENV::KEY_ALTNAMES - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer:always - -# This is what PKIX recommends but some broken software chokes on critical -# extensions. -#basicConstraints = critical,CA:true -# So we do this instead. -basicConstraints = CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Some might want this also -# nsCertType = sslCA, emailCA - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always - -[ engine_section ] -# -# If you are using PKCS#11 -# Install engine_pkcs11 of opensc (www.opensc.org) -# And uncomment the following -# verify that dynamic_path points to the correct location -# -#pkcs11 = pkcs11_section - -[ pkcs11_section ] -engine_id = pkcs11 -dynamic_path = /usr/lib/engines/engine_pkcs11.so -MODULE_PATH = $ENV::PKCS11_MODULE_PATH -PIN = $ENV::PKCS11_PIN -init = 0 diff --git a/tests/cfg/pki/pkitool b/tests/cfg/pki/pkitool deleted file mode 100755 index 44145ad..0000000 --- a/tests/cfg/pki/pkitool +++ /dev/null @@ -1,399 +0,0 @@ -#!/bin/sh - -# OpenVPN -- An application to securely tunnel IP networks -# over a single TCP/UDP port, with support for SSL/TLS-based -# session authentication and key exchange, -# packet encryption, packet authentication, and -# packet compression. -# -# Copyright (C) 2002-2010 OpenVPN Technologies, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 -# as published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program (see the file COPYING included with this -# distribution); if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# pkitool is a front-end for the openssl tool. - -# Calling scripts can set the certificate organizational -# unit with the KEY_OU environmental variable. - -# Calling scripts can also set the KEY_NAME environmental -# variable to set the "name" X509 subject field. - -PROGNAME=pkitool -VERSION=2.0 -DEBUG=0 - -die() -{ - local m="$1" - - echo "$m" >&2 - exit 1 -} - -need_vars() -{ - cat < root certificate (--ca) - ca.key -> root key, keep secure (not directly used by OpenVPN) - .crt files -> client/server certificates (--cert) - .key files -> private keys, keep secure (--key) - .csr files -> certificate signing request (not directly used by OpenVPN) - dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh) - -Examples: - $PROGNAME --initca -> Build root certificate - $PROGNAME --initca --pass -> Build root certificate with password-protected key - $PROGNAME --server server1 -> Build "server1" certificate/key - $PROGNAME client1 -> Build "client1" certificate/key - $PROGNAME --pass client2 -> Build password-protected "client2" certificate/key - $PROGNAME --pkcs12 client3 -> Build "client3" certificate/key in PKCS#12 format - $PROGNAME --csr client4 -> Build "client4" CSR to be signed by another CA - $PROGNAME --sign client4 -> Sign "client4" CSR - $PROGNAME --inter interca -> Build an intermediate key-signing certificate/key - Also see ./inherit-inter script. - $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5 - -> Build "client5" certificate/key in PKCS#11 token - -Typical usage for initial PKI setup. Build myserver, client1, and client2 cert/keys. -Protect client2 key with a password. Build DH parms. Generated files in ./keys : - [edit vars with your site-specific info] - source ./vars - ./clean-all - ./build-dh -> takes a long time, consider backgrounding - ./$PROGNAME --initca - ./$PROGNAME --server myserver - ./$PROGNAME client1 - ./$PROGNAME --pass client2 - -Typical usage for adding client cert to existing PKI: - source ./vars - ./$PROGNAME client-new -EOM -} - -# Set tool defaults -[ -n "$OPENSSL" ] || export OPENSSL="openssl" -[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool" -[ -n "$GREP" ] || export GREP="grep" - -# Set defaults -DO_REQ="1" -REQ_EXT="" -DO_CA="1" -CA_EXT="" -DO_P12="0" -DO_P11="0" -DO_ROOT="0" -NODES_REQ="-nodes" -NODES_P12="" -BATCH="-batch" -CA="ca" -# must be set or errors of openssl.cnf -PKCS11_MODULE_PATH="dummy" -PKCS11_PIN="dummy" - -# Process options -while [ $# -gt 0 ]; do - case "$1" in - --keysize ) KEY_SIZE=$2 - shift;; - --server ) REQ_EXT="$REQ_EXT -extensions server" - CA_EXT="$CA_EXT -extensions server" ;; - --batch ) BATCH="-batch" ;; - --interact ) BATCH="" ;; - --inter ) CA_EXT="$CA_EXT -extensions v3_ca" ;; - --initca ) DO_ROOT="1" ;; - --pass ) NODES_REQ="" ;; - --csr ) DO_CA="0" ;; - --sign ) DO_REQ="0" ;; - --pkcs12 ) DO_P12="1" ;; - --pkcs11 ) DO_P11="1" - PKCS11_MODULE_PATH="$2" - PKCS11_SLOT="$3" - PKCS11_ID="$4" - PKCS11_LABEL="$5" - shift 4;; - - # standalone - --pkcs11-init) - PKCS11_MODULE_PATH="$2" - PKCS11_SLOT="$3" - PKCS11_LABEL="$4" - if [ -z "$PKCS11_LABEL" ]; then - die "Please specify library name, slot and label" - fi - $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \ - --label "$PKCS11_LABEL" && - $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT" - exit $?;; - --pkcs11-slots) - PKCS11_MODULE_PATH="$2" - if [ -z "$PKCS11_MODULE_PATH" ]; then - die "Please specify library name" - fi - $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots - exit 0;; - --pkcs11-objects) - PKCS11_MODULE_PATH="$2" - PKCS11_SLOT="$3" - if [ -z "$PKCS11_SLOT" ]; then - die "Please specify library name and slot" - fi - $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT" - exit 0;; - - --help|--usage) - usage - exit ;; - --version) - echo "$PROGNAME $VERSION" - exit ;; - # errors - --* ) die "$PROGNAME: unknown option: $1" ;; - * ) break ;; - esac - shift -done - -if ! [ -z "$BATCH" ]; then - if $OPENSSL version | grep 0.9.6 > /dev/null; then - die "Batch mode is unsupported in openssl<0.9.7" - fi -fi - -if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then - die "PKCS#11 and PKCS#12 cannot be specified together" -fi - -if [ $DO_P11 -eq 1 ]; then - if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then - die "Please edit $KEY_CONFIG and setup PKCS#11 engine" - fi -fi - -# If we are generating pkcs12, only encrypt the final step -if [ $DO_P12 -eq 1 ]; then - NODES_P12="$NODES_REQ" - NODES_REQ="-nodes" -fi - -if [ $DO_P11 -eq 1 ]; then - if [ -z "$PKCS11_LABEL" ]; then - die "PKCS#11 arguments incomplete" - fi -fi - -# If undefined, set default key expiration intervals -if [ -z "$KEY_EXPIRE" ]; then - KEY_EXPIRE=3650 -fi -if [ -z "$CA_EXPIRE" ]; then - CA_EXPIRE=3650 -fi - -# Set organizational unit to empty string if undefined -if [ -z "$KEY_OU" ]; then - KEY_OU="" -fi - -# Set X509 Name string to empty string if undefined -if [ -z "$KEY_NAME" ]; then - KEY_NAME="" -fi - -# Set KEY_CN, FN -if [ $DO_ROOT -eq 1 ]; then - if [ -z "$KEY_CN" ]; then - if [ "$1" ]; then - KEY_CN="$1" - KEY_ALTNAMES="DNS:${KEY_CN}" - elif [ "$KEY_ORG" ]; then - KEY_CN="$KEY_ORG CA" - KEY_ALTNAMES="$KEY_CN" - fi - fi - if [ $BATCH ] && [ "$KEY_CN" ]; then - echo "Using CA Common Name:" "$KEY_CN" - KEY_ALTNAMES="$KEY_CN" - fi - FN="$KEY_CN" -elif [ $BATCH ] && [ "$KEY_CN" ]; then - echo "Using Common Name:" "$KEY_CN" - KEY_ALTNAMES="$KEY_CN" - FN="$KEY_CN" - if [ "$1" ]; then - FN="$1" - fi -else - KEY_CN="$1" - KEY_ALTNAMES="DNS:$1" - shift - while [ "x$1" != "x" ] - do - KEY_ALTNAMES="${KEY_ALTNAMES},DNS:$1" - shift - done - FN="$KEY_CN" -fi - -export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN KEY_ALTNAMES - -# Show parameters (debugging) -if [ $DEBUG -eq 1 ]; then - echo DO_REQ $DO_REQ - echo REQ_EXT $REQ_EXT - echo DO_CA $DO_CA - echo CA_EXT $CA_EXT - echo NODES_REQ $NODES_REQ - echo NODES_P12 $NODES_P12 - echo DO_P12 $DO_P12 - echo KEY_CN $KEY_CN - echo KEY_ALTNAMES $KEY_ALTNAMES - echo BATCH $BATCH - echo DO_ROOT $DO_ROOT - echo KEY_EXPIRE $KEY_EXPIRE - echo CA_EXPIRE $CA_EXPIRE - echo KEY_OU $KEY_OU - echo KEY_NAME $KEY_NAME - echo DO_P11 $DO_P11 - echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH - echo PKCS11_SLOT $PKCS11_SLOT - echo PKCS11_ID $PKCS11_ID - echo PKCS11_LABEL $PKCS11_LABEL -fi - -# Make sure ./vars was sourced beforehand -if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then - cd "$KEY_DIR" - - # Make sure $KEY_CONFIG points to the correct version - # of openssl.cnf - if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then - : - else - echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" - echo "version of openssl.cnf: $KEY_CONFIG" - echo "The correct version should have a comment that says: easy-rsa version 2.x"; - exit 1; - fi - - # Build root CA - if [ $DO_ROOT -eq 1 ]; then - $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \ - -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ - chmod 0600 "$CA.key" - else - # Make sure CA key/cert is available - if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then - if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then - echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR" - echo "Try $PROGNAME --initca to build a root certificate/key." - exit 1 - fi - fi - - # Generate key for PKCS#11 token - PKCS11_ARGS= - if [ $DO_P11 -eq 1 ]; then - stty -echo - echo -n "User PIN: " - read -r PKCS11_PIN - stty echo - export PKCS11_PIN - - echo "Generating key pair on PKCS#11 token..." - $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \ - --login --pin "$PKCS11_PIN" \ - --key-type rsa:1024 \ - --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1 - PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID" - fi - - # Build cert/key - ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH $NODES_REQ -new -newkey rsa:$KEY_SIZE \ - -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \ - ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \ - -in "$FN.csr" $CA_EXT -config "$KEY_CONFIG" ) && \ - ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \ - -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \ - ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ] || chmod 0600 "$FN.key" ) && \ - ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" ) - - # Load certificate into PKCS#11 token - if [ $DO_P11 -eq 1 ]; then - $OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \ - $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \ - --login --pin "$PKCS11_PIN" \ - --slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" - [ -e "$FN.crt.der" ]; rm "$FN.crt.der" - fi - - fi - -# Need definitions -else - need_vars -fi diff --git a/tests/cfg/pki/revoke-full b/tests/cfg/pki/revoke-full deleted file mode 100755 index e9c7d02..0000000 --- a/tests/cfg/pki/revoke-full +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# revoke a certificate, regenerate CRL, -# and verify revocation - -CRL="crl.pem" -RT="revoke-test.pem" - -if [ $# -ne 1 ]; then - echo "usage: revoke-full "; - exit 1 -fi - -if [ "$KEY_DIR" ]; then - cd "$KEY_DIR" - rm -f "$RT" - - # set defaults - export KEY_CN="" - export KEY_OU="" - export KEY_NAME="" - - # required due to hack in openssl.cnf that supports Subject Alternative Names - export KEY_ALTNAMES="" - - # revoke key and generate a new CRL - $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" - - # generate a new CRL -- try to be compatible with - # intermediate PKIs - $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" - if [ -e export-ca.crt ]; then - cat export-ca.crt "$CRL" >"$RT" - else - cat ca.crt "$CRL" >"$RT" - fi - - # verify the revocation - $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" -else - echo 'Please source the vars script first (i.e. "source ./vars")' - echo 'Make sure you have edited it to reflect your configuration.' -fi diff --git a/tests/cfg/pki/sign-req b/tests/cfg/pki/sign-req deleted file mode 100755 index 6cae7b4..0000000 --- a/tests/cfg/pki/sign-req +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Sign a certificate signing request (a .csr file) -# with a local root certificate and key. - -export EASY_RSA="${EASY_RSA:-.}" -"$EASY_RSA/pkitool" --interact --sign $* diff --git a/tests/cfg/pki/vars b/tests/cfg/pki/vars deleted file mode 100644 index e60420c..0000000 --- a/tests/cfg/pki/vars +++ /dev/null @@ -1,80 +0,0 @@ -# easy-rsa parameter settings - -# NOTE: If you installed from an RPM, -# don't edit this file in place in -# /usr/share/openvpn/easy-rsa -- -# instead, you should copy the whole -# easy-rsa directory to another location -# (such as /etc/openvpn) so that your -# edits will not be wiped out by a future -# OpenVPN package upgrade. - -# This variable should point to -# the top level of the easy-rsa -# tree. -export EASY_RSA="`pwd`" - -# -# This variable should point to -# the requested executables -# -export OPENSSL="openssl" -export PKCS11TOOL="pkcs11-tool" -export GREP="grep" - - -# This variable should point to -# the openssl.cnf file included -# with easy-rsa. -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` - -# Edit this variable to point to -# your soon-to-be-created key -# directory. -# -# WARNING: clean-all will do -# a rm -rf on this directory -# so make sure you define -# it correctly! -export KEY_DIR="$EASY_RSA/keys" - -# Issue rm -rf warning -echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR - -# PKCS11 fixes -export PKCS11_MODULE_PATH="dummy" -export PKCS11_PIN="dummy" - -# Increase this to 2048 if you -# are paranoid. This will slow -# down TLS negotiation performance -# as well as the one-time DH parms -# generation process. -export KEY_SIZE=2048 - -# In how many days should the root CA key expire? -export CA_EXPIRE=3650 - -# In how many days should certificates expire? -export KEY_EXPIRE=3650 - -# These are the default values for fields -# which will be placed in the certificate. -# Don't leave any of these fields blank. -export KEY_COUNTRY="US" -export KEY_PROVINCE="CA" -export KEY_CITY="SanFrancisco" -export KEY_ORG="Fort-Funston" -export KEY_EMAIL="me@myhost.mydomain" -export KEY_OU="MyOrganizationalUnit" - -# X509 Subject Field -export KEY_NAME="EasyRSA" - -# PKCS11 Smart Card -# export PKCS11_MODULE_PATH="/usr/lib/changeme.so" -# export PKCS11_PIN=1234 - -# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below -# You will also need to make sure your OpenVPN server config has the duplicate-cn option set -# export KEY_CN="CommonName" diff --git a/tests/cfg/pki/whichopensslcnf b/tests/cfg/pki/whichopensslcnf deleted file mode 100755 index 4c5f3c7..0000000 --- a/tests/cfg/pki/whichopensslcnf +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -cnf="$1/openssl.cnf" - -if [ "$OPENSSL" ]; then - if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]?" > /dev/null; then - cnf="$1/openssl-0.9.6.cnf" - elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]?" > /dev/null; then - cnf="$1/openssl-0.9.8.cnf" - elif $OPENSSL version | grep -E "1\.0\.[[:digit:]][[:alnum:]]?" > /dev/null; then - cnf="$1/openssl-1.0.0.cnf" - else - cnf="$1/openssl.cnf" - fi -fi - -echo $cnf - -if [ ! -r $cnf ]; then - echo "**************************************************************" >&2 - echo " No $cnf file could be found" >&2 - echo " Further invocations will fail" >&2 - echo "**************************************************************" >&2 -fi - -exit 0