grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
grpc-go/testdata/x509
History
Easwar Swaminathan 344b93a285
testdata: use SHA256 as signing algorithm in testdata certs (#5074) 		2021-12-23 14:02:05 -08:00
..
README.md testdata: Update testdata certs. (#3786) 2020-08-05 09:55:07 -07:00
client1_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
client1_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
client2_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
client2_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
client_ca_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
client_ca_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
create.sh internal/credentials: fix a bug and add one more helper function SPIFFEIDFromCert (#3929) 2020-10-09 12:57:50 -07:00
multiple_uri_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
multiple_uri_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
openssl.cnf testdata: Update testdata certs. (#3786) 2020-08-05 09:55:07 -07:00
server1_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
server1_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
server2_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
server2_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
server_ca_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
server_ca_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
spiffe_cert.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00
spiffe_key.pem testdata: use SHA256 as signing algorithm in testdata certs (#5074) 2021-12-23 14:02:05 -08:00

README.md

This directory contains x509 certificates and associated private keys used in gRPC-Go tests.

How were these test certs/keys generated ?

  1. Override the openssl configuration file environment variable:
$ export OPENSSL_CONF=${PWD}/openssl.cnf
  1. Generate a self-signed CA certificate along with its private key:
$ openssl req -x509                             \
    -newkey rsa:4096                            \
    -nodes                                      \
    -days 3650                                  \
    -keyout ca_key.pem                          \
    -out ca_cert.pem                            \
    -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-ca/  \
    -config ./openssl.cnf                       \
    -extensions test_ca

To view the CA cert:

$ openssl x509 -text -noout -in ca_cert.pem

2.a Generate a private key for the server:

$ openssl genrsa -out server_key.pem 4096

2.b Generate a private key for the client:

$ openssl genrsa -out client_key.pem 4096

3.a Generate a CSR for the server:

$ openssl req -new                                \
  -key server_key.pem                             \
  -days 3650                                      \
  -out server_csr.pem                             \
  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server/  \
  -config ./openssl.cnf                           \
  -reqexts test_server

To view the CSR:

$ openssl req -text -noout -in server_csr.pem

3.b Generate a CSR for the client:

$ openssl req -new                                \
  -key client_key.pem                             \
  -days 3650                                      \
  -out client_csr.pem                             \
  -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client/  \
  -config ./openssl.cnf                           \
  -reqexts test_client

To view the CSR:

$ openssl req -text -noout -in client_csr.pem

4.a Use the self-signed CA created in step #1 to sign the csr generated above:

$ openssl x509 -req       \
  -in server_csr.pem      \
  -CAkey ca_key.pem       \
  -CA ca_cert.pem         \
  -days 3650              \
  -set_serial 1000        \
  -out server_cert.pem    \
  -extfile ./openssl.cnf  \
  -extensions test_server

4.b Use the self-signed CA created in step #1 to sign the csr generated above:

$ openssl x509 -req       \
  -in client_csr.pem      \
  -CAkey ca_key.pem       \
  -CA ca_cert.pem         \
  -days 3650              \
  -set_serial 1000        \
  -out client_cert.pem    \
  -extfile ./openssl.cnf  \
  -extensions test_client

5.a Verify the server_cert.pem is trusted by ca_cert.pem:

$ openssl verify -verbose -CAfile ca_cert.pem  server_cert.pem

5.b Verify the client_cert.pem is trusted by ca_cert.pem:

$ openssl verify -verbose -CAfile ca_cert.pem  client_cert.pem