diff options
| author | Sergei Golubchik <sergii@pisem.net> | 2015-01-29 14:34:31 +0100 |
|---|---|---|
| committer | Sergei Golubchik <sergii@pisem.net> | 2015-01-29 14:34:31 +0100 |
| commit | 5f63c9c067c59102d5d707c6ff086ece60edae9e (patch) | |
| tree | c2e5b433867136d0f71c33be615574124b1611d0 /mysql-test/lib/generate-ssl-certs.sh | |
| parent | 9033aa02dc201c194b7054ff119be4445a9f8afe (diff) | |
| download | mariadb-git-5f63c9c067c59102d5d707c6ff086ece60edae9e.tar.gz | |
recreate expired certificates for SSL tests
added a script to regenerate certificates easily in the future (2035!)
restored server8k-key.pem to actually be 8K key, as it was supposed to
Diffstat (limited to 'mysql-test/lib/generate-ssl-certs.sh')
| -rwxr-xr-x | mysql-test/lib/generate-ssl-certs.sh | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/mysql-test/lib/generate-ssl-certs.sh b/mysql-test/lib/generate-ssl-certs.sh new file mode 100755 index 00000000000..0ca9bcd41b8 --- /dev/null +++ b/mysql-test/lib/generate-ssl-certs.sh @@ -0,0 +1,31 @@ +#/bin/sh -xe + +# simply run me from mysql-test/ +cd std_data/ + +# boilerplace for "openssl ca" and /etc/ssl/openssl.cnf +rm -rf demoCA +mkdir demoCA demoCA/private demoCA/newcerts +touch demoCA/index.txt +echo 01 > demoCA/serial + +# CA certificate, self-signed +openssl req -x509 -newkey rsa:2048 -keyout demoCA/private/cakey.pem -out cacert.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/L=Uppsala/O=MySQL AB' -text + +# server certificate signing request and private key +openssl req -newkey rsa:1024 -keyout server-key.pem -out demoCA/server-req.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/O=MySQL AB/CN=localhost' +# convert the key to yassl compatible format +openssl rsa -in server-key.pem -out server-key.pem +# sign the server certificate with CA certificate +openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -infiles demoCA/server-req.pem + +openssl req -newkey rsa:8192 -keyout server8k-key.pem -out demoCA/server8k-req.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/O=MySQL AB/CN=server' +openssl rsa -in server8k-key.pem -out server8k-key.pem +openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out server8k-cert.pem -infiles demoCA/server8k-req.pem + +openssl req -newkey rsa:1024 -keyout client-key.pem -out demoCA/client-req.pem -days 7300 -nodes -subj '/C=SE/ST=Uppsala/O=MySQL AB' +openssl rsa -in client-key.pem -out client-key.pem +# if the folloing will require a common name - that's defined in /etc/ssl/openssl.cnf, under policy_anything +openssl ca -days 7300 -batch -cert cacert.pem -policy policy_anything -out client-cert.pem -infiles demoCA/client-req.pem + +rm -rf demoCA |