From e197d5f8a320a070949a2cda12c04b39064a42c7 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 26 Oct 2023 16:36:41 -0600 Subject: [PATCH 1/2] add self-sm2-cert.pem to certificate regen script --- certs/sm2/gen-sm2-certs.sh | 20 ++++++++++++ certs/sm2/self-sm2-cert.pem | 62 ++++++++++++++++++++++++++++++------- 2 files changed, 71 insertions(+), 11 deletions(-) diff --git a/certs/sm2/gen-sm2-certs.sh b/certs/sm2/gen-sm2-certs.sh index d5d7cd568..d09b04b95 100755 --- a/certs/sm2/gen-sm2-certs.sh +++ b/certs/sm2/gen-sm2-certs.sh @@ -59,6 +59,26 @@ mv tmp.pem ca-sm2.pem echo "End of section" echo "---------------------------------------------------------------------" +############################################################ +###### update self-sm2-cert.pem ############## +############################################################ +echo "Updating self-sm2-cert.pem" +echo "" +#pipe the following arguments to openssl req... +#echo -e "US\\nMontana\\nBozeman\\nwolfSSL_sm2\\nServer-sm2\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key self-sm2-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out self-sm2.csr +echo -e "AU\\nQLD\\n.\\nwolfSSL\\nTesting\\nwolfssl-dev-sm2\\n\\n\\n\\n\\n" | openssl req -new -key self-sm2-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out self-sm2.csr +check_result $? "Generate request" + +openssl x509 -req -in self-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey self-sm2-priv.pem -out self-sm2-cert.pem +check_result $? "Generate certificate" +rm self-sm2.csr + +openssl x509 -in self-sm2-cert.pem -text > tmp.pem +check_result $? "Add text" +mv tmp.pem self-sm2-cert.pem +echo "End of section" +echo "---------------------------------------------------------------------" + ############################################################ ###### update server-sm2.pem signed by ca ############## ############################################################ diff --git a/certs/sm2/self-sm2-cert.pem b/certs/sm2/self-sm2-cert.pem index 5e13ab90d..328ded33f 100644 --- a/certs/sm2/self-sm2-cert.pem +++ b/certs/sm2/self-sm2-cert.pem @@ -1,13 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 66:33:19:27:bf:66:6b:b0:6b:53:ac:98:f1:c7:b0:07:86:c9:5b:a1 + Signature Algorithm: SM2-with-SM3 + Issuer: C = AU, ST = QLD, L = Bozeman, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL + Validity + Not Before: Oct 26 22:07:03 2023 GMT + Not After : Jul 22 22:07:03 2026 GMT + Subject: C = AU, ST = QLD, L = Bozeman, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:d8:c4:a1:f1:0b:8b:8d:c4:7d:dc:d4:65:b9:a5: + 55:4e:fb:ac:33:ab:9b:43:94:4c:48:40:1b:33:d9: + 1b:cc:31:c1:82:56:3f:b0:c0:6b:95:40:51:fd:88: + 02:01:b1:b0:94:6c:06:eb:a7:da:8e:ee:70:b6:e5: + bb:b4:1e:e7:b4 + ASN1 OID: SM2 + X509v3 extensions: + X509v3 Subject Key Identifier: + 6E:97:E8:98:B6:5B:B6:AE:87:04:DB:14:56:66:16:F4:B8:2D:8C:F2 + X509v3 Authority Key Identifier: + 6E:97:E8:98:B6:5B:B6:AE:87:04:DB:14:56:66:16:F4:B8:2D:8C:F2 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: SM2-with-SM3 + Signature Value: + 30:45:02:20:04:8d:2e:9f:0c:82:32:d3:51:5a:da:d6:72:95: + fb:50:18:0c:66:62:e3:0a:d4:57:ab:73:2b:10:6f:7a:d0:7e: + 02:21:00:f2:ab:e3:ad:0e:e4:a7:9b:55:be:53:e7:8c:bb:92: + 83:45:72:92:d1:75:e3:7e:7c:5b:c9:5d:12:37:ee:06:71 -----BEGIN CERTIFICATE----- -MIICATCCAaSgAwIBAgIMGSJGj94zOf2VJ8V7MAwGCCqBHM9VAYN1BQAwWTELMAkG -A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEQMA4GA1UEChMHd29sZlNTTDEQMA4GA1UE -CxMHVGVzdGluZzEYMBYGA1UEAxMPd29sZnNzbC1kZXYtc20yMB4XDTIzMDIxNDAz -NDYyMFoXDTI0MDIxMzE3NDYyMFowWTELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM -RDEQMA4GA1UEChMHd29sZlNTTDEQMA4GA1UECxMHVGVzdGluZzEYMBYGA1UEAxMP -d29sZnNzbC1kZXYtc20yMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE2MSh8QuL -jcR93NRluaVVTvusM6ubQ5RMSEAbM9kbzDHBglY/sMBrlUBR/YgCAbGwlGwG66fa -ju5wtuW7tB7ntKNQME4wDgYDVR0PAQH/BAQDAgKEMA8GA1UdEwEB/wQFMAMBAf8w -KwYDVR0jBCQwIoAg58sNBkW7bGpWBXDo6zbHrieKTvcwnKWSidVvnSzhPkIwDAYI -KoEcz1UBg3UFAANJADBGAiEAm/cByfeknMZJ4NF/a0gu/RqeG/tFouvXKKtbYzqN -8/8CIQCJV/RNKQkp8zKZU+sMOGvGk7c3otMNy4B4OOJorD00rw== +MIICsTCCAlegAwIBAgIUZjMZJ79ma7BrU6yY8cewB4bJW6EwCgYIKoEcz1UBg3Uw +gaUxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxEDAOBgNVBAcMB0JvemVtYW4x +EDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB1Rlc3RpbmcxGDAWBgNVBAMMD3dv +bGZzc2wtZGV2LXNtMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEX +MBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjMxMDI2MjIwNzAzWhcNMjYwNzIy +MjIwNzAzWjCBpTELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1FMRDEQMA4GA1UEBwwH +Qm96ZW1hbjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHVGVzdGluZzEYMBYG +A1UEAwwPd29sZnNzbC1kZXYtc20yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBZMBMGByqGSM49AgEGCCqB +HM9VAYItA0IABNjEofELi43EfdzUZbmlVU77rDOrm0OUTEhAGzPZG8wxwYJWP7DA +a5VAUf2IAgGxsJRsBuun2o7ucLblu7Qe57SjYzBhMB0GA1UdDgQWBBRul+iYtlu2 +rocE2xRWZhb0uC2M8jAfBgNVHSMEGDAWgBRul+iYtlu2rocE2xRWZhb0uC2M8jAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqgRzPVQGDdQNIADBF +AiAEjS6fDIIy01Fa2tZylftQGAxmYuMK1FercysQb3rQfgIhAPKr460O5KebVb5T +54y7koNFcpLRdeN+fFvJXRI37gZx -----END CERTIFICATE----- From 14e8ffcc18ef4c91806da0110114a9d6ecf6da0f Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 22 Nov 2023 14:30:27 -0700 Subject: [PATCH 2/2] remove locality from self-sm2-cert.pem --- certs/sm2/gen-sm2-certs.sh | 1 - certs/sm2/self-sm2-cert.pem | 47 ++++++++++++++++++------------------- 2 files changed, 23 insertions(+), 25 deletions(-) diff --git a/certs/sm2/gen-sm2-certs.sh b/certs/sm2/gen-sm2-certs.sh index d09b04b95..af8ad9be6 100755 --- a/certs/sm2/gen-sm2-certs.sh +++ b/certs/sm2/gen-sm2-certs.sh @@ -65,7 +65,6 @@ echo "---------------------------------------------------------------------" echo "Updating self-sm2-cert.pem" echo "" #pipe the following arguments to openssl req... -#echo -e "US\\nMontana\\nBozeman\\nwolfSSL_sm2\\nServer-sm2\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n\\n\\n\\n" | openssl req -new -key self-sm2-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out self-sm2.csr echo -e "AU\\nQLD\\n.\\nwolfSSL\\nTesting\\nwolfssl-dev-sm2\\n\\n\\n\\n\\n" | openssl req -new -key self-sm2-priv.pem -config ../renewcerts/wolfssl.cnf -nodes -out self-sm2.csr check_result $? "Generate request" diff --git a/certs/sm2/self-sm2-cert.pem b/certs/sm2/self-sm2-cert.pem index 328ded33f..b8d484d9a 100644 --- a/certs/sm2/self-sm2-cert.pem +++ b/certs/sm2/self-sm2-cert.pem @@ -2,13 +2,13 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 66:33:19:27:bf:66:6b:b0:6b:53:ac:98:f1:c7:b0:07:86:c9:5b:a1 + 06:7b:3a:5d:cf:22:a9:6d:6d:78:2b:10:01:51:b6:4c:d4:82:a2:a1 Signature Algorithm: SM2-with-SM3 - Issuer: C = AU, ST = QLD, L = Bozeman, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL + Issuer: C = AU, ST = QLD, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL Validity - Not Before: Oct 26 22:07:03 2023 GMT - Not After : Jul 22 22:07:03 2026 GMT - Subject: C = AU, ST = QLD, L = Bozeman, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Nov 22 21:28:37 2023 GMT + Not After : Aug 18 21:28:37 2026 GMT + Subject: C = AU, ST = QLD, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) @@ -30,24 +30,23 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: SM2-with-SM3 Signature Value: - 30:45:02:20:04:8d:2e:9f:0c:82:32:d3:51:5a:da:d6:72:95: - fb:50:18:0c:66:62:e3:0a:d4:57:ab:73:2b:10:6f:7a:d0:7e: - 02:21:00:f2:ab:e3:ad:0e:e4:a7:9b:55:be:53:e7:8c:bb:92: - 83:45:72:92:d1:75:e3:7e:7c:5b:c9:5d:12:37:ee:06:71 + 30:44:02:20:0f:c3:2c:36:e3:9f:1c:e9:68:1c:3b:43:18:5b: + c9:8f:e4:fa:dd:33:c1:b8:1c:d3:d4:61:33:f8:37:9d:5a:f4: + 02:20:3a:b9:a8:43:80:cf:38:25:e9:64:d8:26:47:9d:50:04: + 0c:8a:e8:a2:42:e8:63:dd:53:94:7d:38:6d:52:70:fd -----BEGIN CERTIFICATE----- -MIICsTCCAlegAwIBAgIUZjMZJ79ma7BrU6yY8cewB4bJW6EwCgYIKoEcz1UBg3Uw -gaUxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxEDAOBgNVBAcMB0JvemVtYW4x -EDAOBgNVBAoMB3dvbGZTU0wxEDAOBgNVBAsMB1Rlc3RpbmcxGDAWBgNVBAMMD3dv -bGZzc2wtZGV2LXNtMjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEX -MBUGCgmSJomT8ixkAQEMB3dvbGZTU0wwHhcNMjMxMDI2MjIwNzAzWhcNMjYwNzIy -MjIwNzAzWjCBpTELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1FMRDEQMA4GA1UEBwwH -Qm96ZW1hbjEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwHVGVzdGluZzEYMBYG -A1UEAwwPd29sZnNzbC1kZXYtc20yMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz -c2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBZMBMGByqGSM49AgEGCCqB -HM9VAYItA0IABNjEofELi43EfdzUZbmlVU77rDOrm0OUTEhAGzPZG8wxwYJWP7DA -a5VAUf2IAgGxsJRsBuun2o7ucLblu7Qe57SjYzBhMB0GA1UdDgQWBBRul+iYtlu2 -rocE2xRWZhb0uC2M8jAfBgNVHSMEGDAWgBRul+iYtlu2rocE2xRWZhb0uC2M8jAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggqgRzPVQGDdQNIADBF -AiAEjS6fDIIy01Fa2tZylftQGAxmYuMK1FercysQb3rQfgIhAPKr460O5KebVb5T -54y7koNFcpLRdeN+fFvJXRI37gZx +MIICjDCCAjOgAwIBAgIUBns6Xc8iqW1teCsQAVG2TNSCoqEwCgYIKoEcz1UBg3Uw +gZMxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxEDAOBgNVBAoMB3dvbGZTU0wx +EDAOBgNVBAsMB1Rlc3RpbmcxGDAWBgNVBAMMD3dvbGZzc2wtZGV2LXNtMjEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv +bGZTU0wwHhcNMjMxMTIyMjEyODM3WhcNMjYwODE4MjEyODM3WjCBkzELMAkGA1UE +BhMCQVUxDDAKBgNVBAgMA1FMRDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwH +VGVzdGluZzEYMBYGA1UEAwwPd29sZnNzbC1kZXYtc20yMR8wHQYJKoZIhvcNAQkB +FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBZMBMG +ByqGSM49AgEGCCqBHM9VAYItA0IABNjEofELi43EfdzUZbmlVU77rDOrm0OUTEhA +GzPZG8wxwYJWP7DAa5VAUf2IAgGxsJRsBuun2o7ucLblu7Qe57SjYzBhMB0GA1Ud +DgQWBBRul+iYtlu2rocE2xRWZhb0uC2M8jAfBgNVHSMEGDAWgBRul+iYtlu2rocE +2xRWZhb0uC2M8jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggq +gRzPVQGDdQNHADBEAiAPwyw2458c6WgcO0MYW8mP5PrdM8G4HNPUYTP4N51a9AIg +OrmoQ4DPOCXpZNgmR51QBAyK6KJC6GPdU5R9OG1ScP0= -----END CERTIFICATE-----