tree: 92db8993dd82d59c979d2bc500ace16c9fa0da5d [path history] [tgz]
  1. client_cert_1.pem
  2. client_cert_2.pem
  3. client_key_1.pem
  4. client_key_2.pem
  5. client_trust_cert_1.pem
  6. client_trust_cert_2.pem
  7. client_trust_key_1.pem
  8. client_trust_key_2.pem
  9. README.md
  10. server_cert_1.pem
  11. server_cert_1.txt
  12. server_cert_2.pem
  13. server_cert_2.txt
  14. server_cert_3.pem
  15. server_cert_3.txt
  16. server_key_1.pem
  17. server_key_2.pem
  18. server_key_3.pem
  19. server_trust_cert_1.pem
  20. server_trust_cert_2.pem
  21. server_trust_key_1.pem
  22. server_trust_key_2.pem
  23. testdata.go
security/advancedtls/testdata/README.md

About This Directory

This testdata directory contains the certificates used in the tests of package advancedtls.

How to Generate Test Certificates Using OpenSSL

Supposing we are going to create a subject_cert.pem that is trusted by ca_cert.pem, here are the commands we run:

  1. Generate the private key, ca_key.pem, and the cert ca_cert.pem, for the CA:

    $ openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem -out ca_cert.pem -nodes -days $DURATION_DAYS
    
  2. Generate a CSR csr.pem using subject_key.pem:

    $ openssl req -new -key subject_key.pem -out csr.pem
    
  3. Generate a private key subject_key.pem for the subject:

    $ openssl genrsa -out subject_key.pem 4096
    
  4. Use ca_key.pem and ca_cert.pem to sign csr.pem, and get a certificate, subject_cert.pem, for the subject:

    This step requires some additional files and please check out this answer from StackOverflow for more.

    $ openssl ca -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out subject_cert.pem -in csr.pem -keyfile ca_key.pem -cert ca_cert.pem
    
  5. Verify the subject_cert.pem is trusted by ca_cert.pem:

    $ openssl verify -verbose -CAfile ca_cert.pem  subject_cert.pem