mirror of https://github.com/grpc/grpc-go.git
f97821dd2f
|
||
|---|---|---|
| .. | ||
| README.md | ||
| client_cert_1.pem | ||
| client_cert_2.pem | ||
| client_key_1.pem | ||
| client_key_2.pem | ||
| client_trust_cert_1.pem | ||
| client_trust_cert_2.pem | ||
| client_trust_key_1.pem | ||
| client_trust_key_2.pem | ||
| server_cert_1.pem | ||
| server_cert_2.pem | ||
| server_key_1.pem | ||
| server_key_2.pem | ||
| server_trust_cert_1.pem | ||
| server_trust_cert_2.pem | ||
| server_trust_key_1.pem | ||
| server_trust_key_2.pem | ||
| testdata.go | ||
README.md
About This Directory
This testdata directory contains the certificates used in the tests of package advancedtls.
How to Generate Test Certificates Using OpenSSL
Supposing we are going to create a subject_cert.pem that is trusted by ca_cert.pem, here are the
commands we run:
-
Generate the private key,
ca_key.pem, and the certca_cert.pem, for the CA:$ openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem -out ca_cert.pem -nodes -days $DURATION_DAYS -
Generate a CSR
csr.pemusingsubject_key.pem:$ openssl req -new -key subject_key.pem -out csr.pem -
Generate a private key
subject_key.pemfor the subject:$ openssl genrsa -out subject_key.pem 4096 -
Use
ca_key.pemandca_cert.pemto signcsr.pem, and get a certificate,subject_cert.pem, for the subject:This step requires some additional files and please check out this answer from StackOverflow for more.
$ openssl ca -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out subject_cert.pem -in csr.pem -keyfile ca_key.pem -cert ca_cert.pem -
Verify the
subject_cert.pemis trusted byca_cert.pem:$ openssl verify -verbose -CAfile ca_cert.pem subject_cert.pem