From 4c8fdf99c5f3af83663806e4e5d6f2c80e17dd83 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 2 May 2017 18:08:10 -0600 Subject: [PATCH] add digsigku to renewcerts script and update the not after date --- certs/renewcerts.sh | 17 +++++++++++++++ certs/renewcerts/wolfssl.cnf | 7 ++++++ certs/test/digsigku.pem | 41 ++++++++++++++++++++---------------- 3 files changed, 47 insertions(+), 18 deletions(-) diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh index bc0b4be04..6bad02d66 100755 --- a/certs/renewcerts.sh +++ b/certs/renewcerts.sh @@ -16,6 +16,7 @@ # 1024/client-cert.pem # server-ecc-comp.pem # client-ca.pem +# test/digsigku.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem @@ -225,6 +226,22 @@ function run_renewcerts(){ echo "" cat client-cert.pem client-ecc-cert.pem > client-ca.pem + ############################################################ + ###### update the self-signed test/digsigku.pem ########## + ############################################################ + echo "Updating test/digsigku.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr + + + openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem + rm digsigku.csr + + openssl x509 -in digsigku.pem -text > tmp.pem + mv tmp.pem digsigku.pem + mv digsigku.pem test/digsigku.pem + ############################################################ ########## make .der files from .pem files ################# ############################################################ diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index c85c4a743..079ec5ec8 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -163,6 +163,13 @@ userNotice.1=@policy_usr [ policy_usr ] explicitText="Test of duplicate OIDs with different qualifiers" +# create certificate without the digitalSignature bit set and uses sha1 sig +[ digsigku ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=critical, CA:TRUE +keyUsage=critical, nonRepudiation, keyEncipherment + #tsa default [ tsa ] default_tsa = tsa_config1 diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem index edc30ba3d..08eb8b2f5 100644 --- a/certs/test/digsigku.pem +++ b/certs/test/digsigku.pem @@ -1,17 +1,16 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: - e3:81:4b:48:a5:70:61:70 - Signature Algorithm: ecdsa-with-SHA1 + Serial Number: 16393466893990650224 (0xe3814b48a5706170) + Signature Algorithm: ecdsa-with-SHA1 Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com Validity - Not Before: Sep 10 00:45:36 2014 GMT - Not After : Jun 6 00:45:36 2017 GMT + Not Before: May 3 00:07:20 2017 GMT + Not After : Jan 28 00:07:20 2020 GMT Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com Subject Public Key Info: Public Key Algorithm: id-ecPublicKey - EC Public Key: + Public-Key: (256 bit) pub: 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: @@ -19,34 +18,40 @@ Certificate: 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: 0b:80:34:89:d8 ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Subject Key Identifier: 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 X509v3 Authority Key Identifier: keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + DirName:/C=US/ST=Washington/L=Seattle/O=Foofarah/OU=Arglebargle/CN=foobarbaz/emailAddress=info@worlss.com + serial:E3:81:4B:48:A5:70:61:70 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Non Repudiation, Key Encipherment Signature Algorithm: ecdsa-with-SHA1 - 30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae: - c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18: - 65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c: - e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00 + 30:46:02:21:00:fe:d6:30:36:fb:43:39:51:d7:4a:02:24:5e: + b4:b1:11:e3:83:66:00:fc:24:12:1a:7e:a8:05:77:ca:f7:24: + 2d:02:21:00:fb:59:c3:e9:6e:9b:f6:a2:46:0b:d8:ad:33:fb: + 89:2d:80:d6:1d:68:1f:f7:d7:93:f1:0b:7a:6b:81:f5:af:62 -----BEGIN CERTIFICATE----- -MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT +MIIDKTCCAs+gAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv -b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx -MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI +b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE3MDUw +MzAwMDcyMFoXDTIwMDEyODAwMDcyMFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb -l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV -K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2 -7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi -puPT5p95PCnYxn2I9GAMSAA= +l5Ihf/DPGNqREQI0huggWDMLgDSJ2KOCAQ0wggEJMB0GA1UdDgQWBBRdXSbvrH42 ++Zt2FStKJQIj77KJMDCBxgYDVR0jBIG+MIG7gBRdXSbvrH42+Zt2FStKJQIj77KJ +MKGBl6SBlDCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAO +BgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEZvb2ZhcmFoMRQwEgYDVQQLDAtBcmds +ZWJhcmdsZTESMBAGA1UEAwwJZm9vYmFyYmF6MR4wHAYJKoZIhvcNAQkBFg9pbmZv +QHdvcmxzcy5jb22CCQDjgUtIpXBhcDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIFYDAJBgcqhkjOPQQBA0kAMEYCIQD+1jA2+0M5UddKAiRetLER44NmAPwk +Ehp+qAV3yvckLQIhAPtZw+lum/aiRgvYrTP7iS2A1h1oH/fXk/ELemuB9a9i -----END CERTIFICATE-----