mirror of
https://github.com/mirror/wget.git
synced 2025-01-25 20:00:42 +08:00
a6452061f8
* tests/Test-https-badcerts.px: Fix test return value * tests/Test-https-crl.px: Likewise * README: How to create certs with GnuTLS's certtool * tests/certs/revokedcrl.pem: Recreated revocation * tests/certs/server.crt: Recreated server cert with no expiry * tests/certs/test-ca-cert.pem: Recreated CA cert with no expiry
88 lines
3.4 KiB
Plaintext
88 lines
3.4 KiB
Plaintext
# create a CA certificate
|
|
$certtool --generate-privkey --outfile test-ca-key.pem
|
|
$certtool --generate-self-signed --load-privkey test-ca-key.pem --outfile test-ca-cert.pem
|
|
|
|
Common name: Wget
|
|
UID:
|
|
Organizational unit name: Wget
|
|
Organization name: GNU Wget
|
|
Locality name:
|
|
State or province name:
|
|
Country name (2 chars):
|
|
Enter the subject's domain component (DC):
|
|
This field should not be used in new certificates.
|
|
E-mail:
|
|
Enter the certificate's serial number in decimal (default: 6080487640893163573):
|
|
|
|
Activation/Expiration time.
|
|
The certificate will expire in (days): -1
|
|
|
|
Extensions.
|
|
Does the certificate belong to an authority? (y/N): y
|
|
Path length constraint (decimal, -1 for no constraint):
|
|
Is this a TLS web client certificate? (y/N):
|
|
Will the certificate be used for IPsec IKE operations? (y/N):
|
|
Is this a TLS web server certificate? (y/N):
|
|
Enter a dnsName of the subject of the certificate:
|
|
Enter a URI of the subject of the certificate:
|
|
Enter the IP address of the subject of the certificate:
|
|
Enter the e-mail of the subject of the certificate:
|
|
Will the certificate be used to sign other certificates? (y/N): y
|
|
Will the certificate be used to sign CRLs? (y/N): y
|
|
Will the certificate be used to sign code? (y/N):
|
|
Will the certificate be used to sign OCSP requests? (y/N): y
|
|
Will the certificate be used for time stamping? (y/N):
|
|
Enter the URI of the CRL distribution point:
|
|
|
|
|
|
# generate a server certificate
|
|
$ certtool --generate-privkey --outfile server.key --rsa
|
|
$ certtool --generate-certificate --load-privkey server.key --outfile server.crt --load-ca-certificate test-ca-cert.pem --load-ca-privkey test-ca-key.pem
|
|
|
|
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
|
|
Common name: WgetTestingServer
|
|
UID:
|
|
Organizational unit name: Wget
|
|
Organization name: GNU Wget
|
|
Locality name:
|
|
State or province name:
|
|
Country name (2 chars):
|
|
Enter the subject's domain component (DC):
|
|
This field should not be used in new certificates.
|
|
E-mail:
|
|
Enter the certificate's serial number in decimal (default: 6552424755099978648):
|
|
|
|
|
|
Activation/Expiration time.
|
|
The certificate will expire in (days): -1
|
|
|
|
|
|
Extensions.
|
|
Does the certificate belong to an authority? (y/N):
|
|
Is this a TLS web client certificate? (y/N):
|
|
Will the certificate be used for IPsec IKE operations? (y/N):
|
|
Is this a TLS web server certificate? (y/N): y
|
|
Enter a dnsName of the subject of the certificate: 127.0.0.1
|
|
Enter a dnsName of the subject of the certificate: ::1
|
|
Enter a dnsName of the subject of the certificate: localhost
|
|
Enter a dnsName of the subject of the certificate: WgetTestingServer
|
|
Enter a dnsName of the subject of the certificate:
|
|
Enter a URI of the subject of the certificate:
|
|
Enter the IP address of the subject of the certificate:
|
|
Will the certificate be used for signing (DHE ciphersuites)? (Y/n):
|
|
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
|
|
Will the certificate be used to sign OCSP requests? (y/N):
|
|
Will the certificate be used to sign code? (y/N):
|
|
Will the certificate be used for time stamping? (y/N):
|
|
Will the certificate be used for email protection? (y/N):
|
|
|
|
|
|
# create a CRL for the server certificate:
|
|
$ certtool --generate-crl --load-ca-privkey test-ca-key.pem --load-ca-certificate test-ca-cert.pem --load-certificate server.crt --outfile revokedcrl.pem
|
|
|
|
Generating a signed CRL...
|
|
Update times.
|
|
The certificate will expire in (days): -1
|
|
CRL Number (default: 6552487324127713992):
|
|
|