mirror of
https://github.com/mirror/wget.git
synced 2025-01-10 20:30:09 +08:00
a6452061f8
* tests/Test-https-badcerts.px: Fix test return value * tests/Test-https-crl.px: Likewise * README: How to create certs with GnuTLS's certtool * tests/certs/revokedcrl.pem: Recreated revocation * tests/certs/server.crt: Recreated server cert with no expiry * tests/certs/test-ca-cert.pem: Recreated CA cert with no expiry |
||
|---|---|---|
| .. | ||
| client.crt | ||
| client.key | ||
| expired.crt | ||
| expired.key | ||
| interca.conf.in | ||
| interca.crt | ||
| interca.key | ||
| invalid.crt | ||
| invalid.key | ||
| README | ||
| revoked.crt | ||
| revoked.key | ||
| revokedcrl.pem | ||
| rootca.conf.in | ||
| selfsigned.crt | ||
| selfsigned.key | ||
| server-cert.pem | ||
| server-key.pem | ||
| server.crt | ||
| server.key | ||
| test-ca-cert.pem | ||
| test-ca-key.pem | ||
| user.crt | ||
| user.key | ||
| wgethosts | ||
| wotca.pem | ||
# create a CA certificate $certtool --generate-privkey --outfile test-ca-key.pem $certtool --generate-self-signed --load-privkey test-ca-key.pem --outfile test-ca-cert.pem Common name: Wget UID: Organizational unit name: Wget Organization name: GNU Wget Locality name: State or province name: Country name (2 chars): Enter the subject's domain component (DC): This field should not be used in new certificates. E-mail: Enter the certificate's serial number in decimal (default: 6080487640893163573): Activation/Expiration time. The certificate will expire in (days): -1 Extensions. Does the certificate belong to an authority? (y/N): y Path length constraint (decimal, -1 for no constraint): Is this a TLS web client certificate? (y/N): Will the certificate be used for IPsec IKE operations? (y/N): Is this a TLS web server certificate? (y/N): Enter a dnsName of the subject of the certificate: Enter a URI of the subject of the certificate: Enter the IP address of the subject of the certificate: Enter the e-mail of the subject of the certificate: Will the certificate be used to sign other certificates? (y/N): y Will the certificate be used to sign CRLs? (y/N): y Will the certificate be used to sign code? (y/N): Will the certificate be used to sign OCSP requests? (y/N): y Will the certificate be used for time stamping? (y/N): Enter the URI of the CRL distribution point: # generate a server certificate $ certtool --generate-privkey --outfile server.key --rsa $ certtool --generate-certificate --load-privkey server.key --outfile server.crt --load-ca-certificate test-ca-cert.pem --load-ca-privkey test-ca-key.pem Please enter the details of the certificate's distinguished name. Just press enter to ignore a field. Common name: WgetTestingServer UID: Organizational unit name: Wget Organization name: GNU Wget Locality name: State or province name: Country name (2 chars): Enter the subject's domain component (DC): This field should not be used in new certificates. E-mail: Enter the certificate's serial number in decimal (default: 6552424755099978648): Activation/Expiration time. The certificate will expire in (days): -1 Extensions. Does the certificate belong to an authority? (y/N): Is this a TLS web client certificate? (y/N): Will the certificate be used for IPsec IKE operations? (y/N): Is this a TLS web server certificate? (y/N): y Enter a dnsName of the subject of the certificate: 127.0.0.1 Enter a dnsName of the subject of the certificate: ::1 Enter a dnsName of the subject of the certificate: localhost Enter a dnsName of the subject of the certificate: WgetTestingServer Enter a dnsName of the subject of the certificate: Enter a URI of the subject of the certificate: Enter the IP address of the subject of the certificate: Will the certificate be used for signing (DHE ciphersuites)? (Y/n): Will the certificate be used for encryption (RSA ciphersuites)? (Y/n): Will the certificate be used to sign OCSP requests? (y/N): Will the certificate be used to sign code? (y/N): Will the certificate be used for time stamping? (y/N): Will the certificate be used for email protection? (y/N): # create a CRL for the server certificate: $ certtool --generate-crl --load-ca-privkey test-ca-key.pem --load-ca-certificate test-ca-cert.pem --load-certificate server.crt --outfile revokedcrl.pem Generating a signed CRL... Update times. The certificate will expire in (days): -1 CRL Number (default: 6552487324127713992):