forked from wolfSSL/wolfssl
adds config to generate ocsp certs
This commit is contained in:
Moisés Guimarães
27
certs/ocsp/ocsp-key.pem
Normal file
27
certs/ocsp/ocsp-key.pem
Normal file
@@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAuLojtPbDexTDpPUdYaH1HmO5hSM0UG34fKKKBIvVdVwt92OI
|
||||
0Qd66gtFNSvrH7EitJRBOOKddNaLMCIQUcXbyj9GK/7lWj9BdGd1lamU1cPuQviN
|
||||
65KV4dllt0PEGN4WgJDOJDUhxFWsWlHgLi2zClpPSnMxUO5KFr05i60FSIexmeIQ
|
||||
pwZyZ8pc0Ze9yPF2+OBK7LyT9GZMKHHR2GYDtJAwuxew/pf1HujHXZuLERkSPKuC
|
||||
cXj/rj8ysghxshuMJ6wRuNhDSc+wcLHwjK7aJIcXO9gEZWwAdlDvFQjXtHNoJhSH
|
||||
lcNfbmG4h4T6gBoKi5jz4/9ORBxldHxxVGXlOQIDAQABAoIBAGI2tR1VxYD+/TYL
|
||||
DGAIV+acZtqeaQYKMf8x++eG4SrQo6/QP8HDFFqzO0yV2SC0cRtJZ5PzCHxCRSaG
|
||||
Nd8EL2NMWOazUwW0c/yLtTypOPSeg2Mf+3SwLvgxOZ9CbFQ8YAJi+vbNOPLGCijL
|
||||
N0HWEkcC1P1kWWgKCWIloR7eEt0IQOb5PPSCu3buq/rForb6qUf+L+ESpWed6bnc
|
||||
uhIrHDuQ/PopW05fW1r61zI286wKdLRyatQsljNqPvVdFVhtCKqCqMHdIzMg2cbh
|
||||
q9DJMWc/KLjzBk6YPMZKm/4k4RXj+IwS+iITbpUNrhYj2TMevBMPW3AIRobD823D
|
||||
ehQv+rECgYEA3CWL+G9zJ5PXRDAdQ69lN+CE/Uf9444CN5idMO+qRQ+QE8hWYT/U
|
||||
PFH/aUgd1k3WJZseR/GTWx29VsRPSDWZXzwzLfUNKnqvp0b2oZe/EdYiRSo8OCPp
|
||||
kF07HbTKe4Cyma7HdgDkNkS+UW5JujnuLcuee+wTq6xU0289juwFBc8CgYEA1s/d
|
||||
VtwXqBf3qMxfi+eMa77fqxptAFGtZNKNkYwX42Ow6Hehj8EnoPqYEF+9MzKn/BFh
|
||||
ROnQ76axKBN8mkRUjpv7d2+zMlDnGrWul8q6VrfGiU2P7jd4L6GY/V1MYktnIBsd
|
||||
Ld/jW8P0FFfI2RIREPWdrATxBhQpTJfXd/7rLncCgYB1wrvyBCQUSrg/KIGvADbj
|
||||
wf1Bw23jeMZk2QVU9Q8e7ClE+8iBMvSj47T9q28SgQaJjUWQdIA/oFP1AwPp+4n0
|
||||
cK5r6gbF72Tg1Uv+ur6hmuswFlyqJ0O8TrLdvCUIFZr0LJNT4zwwb2tjAdz8ehqX
|
||||
crFvVqRbE884XuwN9ODm7wKBgQDIEnKlI/kkpq4UmcWkGNXAxNauFr7PPUOyVCln
|
||||
FoRpVcC/xCzGJ7ExTjWzing950BulgFynhPsIeV+3id/x4S6Dq34YCEXDCMzzWQA
|
||||
HOHRQvm3iHY1+ZQHSQulb/Bk3LYAQUC8KXspTSlYiSqYgytCEIH6Zd/XOY/9tq8J
|
||||
JHUHoQKBgHYIB2mRCuDK5C3dCspdPVeAUqptK1nnXxWY/MXA6v+M4wFsIxV7Iwg7
|
||||
HEjeD5yKH4619syPCFz3jrCxL0oJqVTD2tnrbLf8idEt2eaV/3o2mUGFjvWpTywg
|
||||
F8DewhrGh6z7FWHp4cMrxpq1hkdi6k+481T1GKBJ1zBSTzskTHQB
|
||||
-----END RSA PRIVATE KEY-----
|
||||
@@ -202,6 +202,23 @@ function run_renewcerts(){
|
||||
openssl x509 -in server-ecc-comp.pem -text > tmp.pem
|
||||
mv tmp.pem server-ecc-comp.pem
|
||||
|
||||
###########################################################
|
||||
########## update and sign ocsp-cert.pem ##################
|
||||
###########################################################
|
||||
echo "Updating ocsp-cert.pem"
|
||||
echo ""
|
||||
#pipe the following arguments to openssl req...
|
||||
echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\ocsp.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ocsp/ocsp-key.pem -nodes > ocsp-req.pem
|
||||
|
||||
openssl x509 -req -in ocsp-req.pem -extfile wolfssl.cnf -extensions v3_ocsp -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 03 > ocsp/ocsp-cert.pem
|
||||
|
||||
rm ocsp-req.pem
|
||||
|
||||
openssl x509 -in ca-cert.pem -text > ca_tmp.pem
|
||||
openssl x509 -in ocsp/ocsp-cert.pem -text > ocsp_tmp.pem
|
||||
mv ocsp_tmp.pem ocsp/ocsp-cert.pem
|
||||
cat ca_tmp.pem >> ocsp/ocsp-cert.pem
|
||||
rm ca_tmp.pem
|
||||
############################################################
|
||||
########## make .der files from .pem files #################
|
||||
############################################################
|
||||
@@ -302,7 +319,7 @@ elif [ ! -z "$1" ]; then
|
||||
echo ""
|
||||
echo ""
|
||||
#else the argument was invalid, tell user to use -h or -help
|
||||
else
|
||||
else
|
||||
echo ""
|
||||
echo "That is not a valid option."
|
||||
echo ""
|
||||
@@ -328,7 +345,7 @@ else
|
||||
|
||||
# check options.h a second time, if the user had
|
||||
# ntru installed on their system and in the default
|
||||
# path location, then it will now be defined, if the
|
||||
# path location, then it will now be defined, if the
|
||||
# user does not have ntru on their system this will fail
|
||||
# again and we will not update any certs until user installs
|
||||
# ntru in the default location
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#
|
||||
# wolfssl configuration file
|
||||
# wolfssl configuration file
|
||||
#
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
@@ -20,7 +20,7 @@ default_ca = CA_default # The default ca section
|
||||
[ CA_default ]
|
||||
|
||||
####################################################################
|
||||
# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY #
|
||||
# CHANGE THIS LINE TO BE YOUR WOLFSSL_ROOT DIRECTORY #
|
||||
# #
|
||||
dir = $HOME./.. #
|
||||
####################################################################
|
||||
@@ -124,6 +124,7 @@ authorityKeyIdentifier=keyid,issuer
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
basicConstraints=CA:true
|
||||
authorityInfoAccess = OCSP;URI:http://localhost:22222
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
[ v3_req ]
|
||||
@@ -140,6 +141,14 @@ basicConstraints = CA:true
|
||||
[ crl_ext ]
|
||||
authorityKeyIdentifier=keyid:always
|
||||
|
||||
# OCSP extensions.
|
||||
[ v3_ocsp ]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = OCSPSigning
|
||||
basicConstraints = CA:false
|
||||
|
||||
# These extensions should be added when creating a proxy certificate
|
||||
[ proxy_cert_ext ]
|
||||
basicConstraints=CA:FALSE
|
||||
@@ -158,7 +167,7 @@ dir = ./demoCA # directory
|
||||
serial = $dir/tsaserial # (mandatory)
|
||||
crypto_device = builtin # engine
|
||||
signer_cert = $dir/tsacert.pem # certificate
|
||||
certs = $dir/cacert.pem # chain
|
||||
certs = $dir/cacert.pem # chain
|
||||
signer_key = $dir/private/tsakey.pem # (optional)
|
||||
default_policy = tsa_policy1 # Policy
|
||||
other_policies = tsa_policy2, tsa_policy3 # (optional)
|
||||
|
||||
Reference in New Issue
Block a user