github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-01-10 20:30:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
a6452061f8
wget/tests/certs/README

88 lines
3.4 KiB
Plaintext
Raw Normal View History

Fix HTTPS tests * tests/Test-https-badcerts.px: Fix test return value * tests/Test-https-crl.px: Likewise * README: How to create certs with GnuTLS's certtool * tests/certs/revokedcrl.pem: Recreated revocation * tests/certs/server.crt: Recreated server cert with no expiry * tests/certs/test-ca-cert.pem: Recreated CA cert with no expiry
2018-05-06 23:30:36 +08:00
# create a CA certificate
$certtool --generate-privkey --outfile test-ca-key.pem
$certtool --generate-self-signed --load-privkey test-ca-key.pem --outfile test-ca-cert.pem
Common name: Wget
UID:
Organizational unit name: Wget
Organization name: GNU Wget
Locality name:
State or province name:
Country name (2 chars):
Enter the subject's domain component (DC):
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number in decimal (default: 6080487640893163573):
Activation/Expiration time.
The certificate will expire in (days): -1
Extensions.
Does the certificate belong to an authority? (y/N): y
Path length constraint (decimal, -1 for no constraint):
Is this a TLS web client certificate? (y/N):
Will the certificate be used for IPsec IKE operations? (y/N):
Is this a TLS web server certificate? (y/N):
Enter a dnsName of the subject of the certificate:
Enter a URI of the subject of the certificate:
Enter the IP address of the subject of the certificate:
Enter the e-mail of the subject of the certificate:
Will the certificate be used to sign other certificates? (y/N): y
Will the certificate be used to sign CRLs? (y/N): y
Will the certificate be used to sign code? (y/N):
Will the certificate be used to sign OCSP requests? (y/N): y
Will the certificate be used for time stamping? (y/N):
Enter the URI of the CRL distribution point:
# generate a server certificate
$ certtool --generate-privkey --outfile server.key --rsa
$ certtool --generate-certificate --load-privkey server.key --outfile server.crt --load-ca-certificate test-ca-cert.pem --load-ca-privkey test-ca-key.pem
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
Common name: WgetTestingServer
UID:
Organizational unit name: Wget
Organization name: GNU Wget
Locality name:
State or province name:
Country name (2 chars):
Enter the subject's domain component (DC):
This field should not be used in new certificates.
E-mail:
Enter the certificate's serial number in decimal (default: 6552424755099978648):
Activation/Expiration time.
The certificate will expire in (days): -1
Extensions.
Does the certificate belong to an authority? (y/N):
Is this a TLS web client certificate? (y/N):
Will the certificate be used for IPsec IKE operations? (y/N):
Is this a TLS web server certificate? (y/N): y
Enter a dnsName of the subject of the certificate: 127.0.0.1
Enter a dnsName of the subject of the certificate: ::1
Enter a dnsName of the subject of the certificate: localhost
Enter a dnsName of the subject of the certificate: WgetTestingServer
Enter a dnsName of the subject of the certificate:
Enter a URI of the subject of the certificate:
Enter the IP address of the subject of the certificate:
Will the certificate be used for signing (DHE ciphersuites)? (Y/n):
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
Will the certificate be used to sign OCSP requests? (y/N):
Will the certificate be used to sign code? (y/N):
Will the certificate be used for time stamping? (y/N):
Will the certificate be used for email protection? (y/N):
# create a CRL for the server certificate:
$ certtool --generate-crl --load-ca-privkey test-ca-key.pem --load-ca-certificate test-ca-cert.pem --load-certificate server.crt --outfile revokedcrl.pem
Generating a signed CRL...
Update times.
The certificate will expire in (days): -1
CRL Number (default: 6552487324127713992):
Reference in New Issue Copy Permalink