11cb0ef41Sopenharmony_ciall: \ 21cb0ef41Sopenharmony_ci ca1-cert.pem \ 31cb0ef41Sopenharmony_ci ca2-cert.pem \ 41cb0ef41Sopenharmony_ci ca2-crl.pem \ 51cb0ef41Sopenharmony_ci ca3-cert.pem \ 61cb0ef41Sopenharmony_ci ca4-cert.pem \ 71cb0ef41Sopenharmony_ci ca5-cert.pem \ 81cb0ef41Sopenharmony_ci ca6-cert.pem \ 91cb0ef41Sopenharmony_ci agent1-cert.pem \ 101cb0ef41Sopenharmony_ci agent1.pfx \ 111cb0ef41Sopenharmony_ci agent2-cert.pem \ 121cb0ef41Sopenharmony_ci agent3-cert.pem \ 131cb0ef41Sopenharmony_ci agent4-cert.pem \ 141cb0ef41Sopenharmony_ci agent5-cert.pem \ 151cb0ef41Sopenharmony_ci agent6-cert.pem \ 161cb0ef41Sopenharmony_ci agent6.pfx \ 171cb0ef41Sopenharmony_ci agent7-cert.pem \ 181cb0ef41Sopenharmony_ci agent8-cert.pem \ 191cb0ef41Sopenharmony_ci agent9-cert.pem \ 201cb0ef41Sopenharmony_ci agent10-cert.pem \ 211cb0ef41Sopenharmony_ci agent10.pfx \ 221cb0ef41Sopenharmony_ci ec10-cert.pem \ 231cb0ef41Sopenharmony_ci ec10.pfx \ 241cb0ef41Sopenharmony_ci dh512.pem \ 251cb0ef41Sopenharmony_ci dh1024.pem \ 261cb0ef41Sopenharmony_ci dh2048.pem \ 271cb0ef41Sopenharmony_ci dherror.pem \ 281cb0ef41Sopenharmony_ci dsa_params.pem \ 291cb0ef41Sopenharmony_ci dsa_private.pem \ 301cb0ef41Sopenharmony_ci dsa_private_encrypted.pem \ 311cb0ef41Sopenharmony_ci dsa_private_pkcs8.pem \ 321cb0ef41Sopenharmony_ci dsa_public.pem \ 331cb0ef41Sopenharmony_ci dsa1025.pem \ 341cb0ef41Sopenharmony_ci dsa_private_1025.pem \ 351cb0ef41Sopenharmony_ci dsa_private_encrypted_1025.pem \ 361cb0ef41Sopenharmony_ci dsa_public_1025.pem \ 371cb0ef41Sopenharmony_ci ec-cert.pem \ 381cb0ef41Sopenharmony_ci ec.pfx \ 391cb0ef41Sopenharmony_ci fake-cnnic-root-cert.pem \ 401cb0ef41Sopenharmony_ci rsa_private.pem \ 411cb0ef41Sopenharmony_ci rsa_private_encrypted.pem \ 421cb0ef41Sopenharmony_ci rsa_private_pkcs8.pem \ 431cb0ef41Sopenharmony_ci rsa_private_pkcs8_bad.pem \ 441cb0ef41Sopenharmony_ci rsa_public.pem \ 451cb0ef41Sopenharmony_ci rsa_ca.crt \ 461cb0ef41Sopenharmony_ci rsa_cert.crt \ 471cb0ef41Sopenharmony_ci rsa_cert.pfx \ 481cb0ef41Sopenharmony_ci rsa_public_sha1_signature_signedby_rsa_private.sha1 \ 491cb0ef41Sopenharmony_ci rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1 \ 501cb0ef41Sopenharmony_ci rsa_private_b.pem \ 511cb0ef41Sopenharmony_ci I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256 \ 521cb0ef41Sopenharmony_ci rsa_public_b.pem \ 531cb0ef41Sopenharmony_ci rsa_cert_foafssl_b.crt \ 541cb0ef41Sopenharmony_ci rsa_cert_foafssl_b.modulus \ 551cb0ef41Sopenharmony_ci rsa_cert_foafssl_b.exponent \ 561cb0ef41Sopenharmony_ci rsa_spkac.spkac \ 571cb0ef41Sopenharmony_ci rsa_spkac_invalid.spkac \ 581cb0ef41Sopenharmony_ci rsa_private_2048.pem \ 591cb0ef41Sopenharmony_ci rsa_private_4096.pem \ 601cb0ef41Sopenharmony_ci rsa_public_2048.pem \ 611cb0ef41Sopenharmony_ci rsa_public_4096.pem \ 621cb0ef41Sopenharmony_ci rsa_pss_private_2048.pem \ 631cb0ef41Sopenharmony_ci rsa_pss_private_2048_sha256_sha256_16.pem \ 641cb0ef41Sopenharmony_ci rsa_pss_private_2048_sha512_sha256_20.pem \ 651cb0ef41Sopenharmony_ci rsa_pss_private_2048_sha1_sha1_20.pem \ 661cb0ef41Sopenharmony_ci rsa_pss_public_2048.pem \ 671cb0ef41Sopenharmony_ci rsa_pss_public_2048_sha256_sha256_16.pem \ 681cb0ef41Sopenharmony_ci rsa_pss_public_2048_sha512_sha256_20.pem \ 691cb0ef41Sopenharmony_ci rsa_pss_public_2048_sha1_sha1_20.pem \ 701cb0ef41Sopenharmony_ci ed25519_private.pem \ 711cb0ef41Sopenharmony_ci ed25519_public.pem \ 721cb0ef41Sopenharmony_ci x25519_private.pem \ 731cb0ef41Sopenharmony_ci x25519_public.pem \ 741cb0ef41Sopenharmony_ci ed448_private.pem \ 751cb0ef41Sopenharmony_ci ed448_public.pem \ 761cb0ef41Sopenharmony_ci x448_private.pem \ 771cb0ef41Sopenharmony_ci x448_public.pem \ 781cb0ef41Sopenharmony_ci ec_p256_private.pem \ 791cb0ef41Sopenharmony_ci ec_p256_public.pem \ 801cb0ef41Sopenharmony_ci ec_p384_private.pem \ 811cb0ef41Sopenharmony_ci ec_p384_public.pem \ 821cb0ef41Sopenharmony_ci ec_p521_private.pem \ 831cb0ef41Sopenharmony_ci ec_p521_public.pem \ 841cb0ef41Sopenharmony_ci ec_secp256k1_private.pem \ 851cb0ef41Sopenharmony_ci ec_secp256k1_public.pem \ 861cb0ef41Sopenharmony_ci incorrect_san_correct_subject-cert.pem \ 871cb0ef41Sopenharmony_ci incorrect_san_correct_subject-key.pem \ 881cb0ef41Sopenharmony_ci irrelevant_san_correct_subject-cert.pem \ 891cb0ef41Sopenharmony_ci irrelevant_san_correct_subject-key.pem \ 901cb0ef41Sopenharmony_ci 911cb0ef41Sopenharmony_ci# 921cb0ef41Sopenharmony_ci# Create Certificate Authority: ca1 931cb0ef41Sopenharmony_ci# ('password' is used for the CA password.) 941cb0ef41Sopenharmony_ci# 951cb0ef41Sopenharmony_cica1-cert.pem: ca1.cnf 961cb0ef41Sopenharmony_ci openssl req -new -x509 -days 99999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem 971cb0ef41Sopenharmony_ci 981cb0ef41Sopenharmony_ci# 991cb0ef41Sopenharmony_ci# Create Certificate Authority: ca2 1001cb0ef41Sopenharmony_ci# ('password' is used for the CA password.) 1011cb0ef41Sopenharmony_ci# 1021cb0ef41Sopenharmony_cica2-cert.pem: ca2.cnf 1031cb0ef41Sopenharmony_ci openssl req -new -x509 -days 99999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem 1041cb0ef41Sopenharmony_ci echo '01' > ca2-serial 1051cb0ef41Sopenharmony_ci touch ca2-database.txt 1061cb0ef41Sopenharmony_ci 1071cb0ef41Sopenharmony_ci# 1081cb0ef41Sopenharmony_ci# Create Subordinate Certificate Authority: ca3 issued by ca1 1091cb0ef41Sopenharmony_ci# ('password' is used for the CA password.) 1101cb0ef41Sopenharmony_ci# 1111cb0ef41Sopenharmony_cica3-key.pem: 1121cb0ef41Sopenharmony_ci openssl genrsa -out ca3-key.pem 2048 1131cb0ef41Sopenharmony_ci 1141cb0ef41Sopenharmony_cica3-csr.pem: ca3.cnf ca3-key.pem 1151cb0ef41Sopenharmony_ci openssl req -new \ 1161cb0ef41Sopenharmony_ci -extensions v3_ca \ 1171cb0ef41Sopenharmony_ci -config ca3.cnf \ 1181cb0ef41Sopenharmony_ci -key ca3-key.pem \ 1191cb0ef41Sopenharmony_ci -out ca3-csr.pem 1201cb0ef41Sopenharmony_ci 1211cb0ef41Sopenharmony_cica3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem 1221cb0ef41Sopenharmony_ci openssl x509 -req \ 1231cb0ef41Sopenharmony_ci -extfile ca3.cnf \ 1241cb0ef41Sopenharmony_ci -extensions v3_ca \ 1251cb0ef41Sopenharmony_ci -days 99999 \ 1261cb0ef41Sopenharmony_ci -passin "pass:password" \ 1271cb0ef41Sopenharmony_ci -in ca3-csr.pem \ 1281cb0ef41Sopenharmony_ci -CA ca1-cert.pem \ 1291cb0ef41Sopenharmony_ci -CAkey ca1-key.pem \ 1301cb0ef41Sopenharmony_ci -CAcreateserial \ 1311cb0ef41Sopenharmony_ci -out ca3-cert.pem 1321cb0ef41Sopenharmony_ci 1331cb0ef41Sopenharmony_ci# 1341cb0ef41Sopenharmony_ci# Create Subordinate Certificate Authority: ca4 issued by ca2 1351cb0ef41Sopenharmony_ci# ('password' is used for the CA password.) 1361cb0ef41Sopenharmony_ci# 1371cb0ef41Sopenharmony_cica4-key.pem: 1381cb0ef41Sopenharmony_ci openssl genrsa -out ca4-key.pem 2048 1391cb0ef41Sopenharmony_ci 1401cb0ef41Sopenharmony_cica4-csr.pem: ca4.cnf ca4-key.pem 1411cb0ef41Sopenharmony_ci openssl req -new \ 1421cb0ef41Sopenharmony_ci -extensions v3_ca \ 1431cb0ef41Sopenharmony_ci -config ca4.cnf \ 1441cb0ef41Sopenharmony_ci -key ca4-key.pem \ 1451cb0ef41Sopenharmony_ci -out ca4-csr.pem 1461cb0ef41Sopenharmony_ci 1471cb0ef41Sopenharmony_cica4-cert.pem: ca4-csr.pem ca4-key.pem ca4.cnf ca2-cert.pem ca2-key.pem 1481cb0ef41Sopenharmony_ci openssl x509 -req \ 1491cb0ef41Sopenharmony_ci -extfile ca4.cnf \ 1501cb0ef41Sopenharmony_ci -extensions v3_ca \ 1511cb0ef41Sopenharmony_ci -days 99999 \ 1521cb0ef41Sopenharmony_ci -passin "pass:password" \ 1531cb0ef41Sopenharmony_ci -in ca4-csr.pem \ 1541cb0ef41Sopenharmony_ci -CA ca2-cert.pem \ 1551cb0ef41Sopenharmony_ci -CAkey ca2-key.pem \ 1561cb0ef41Sopenharmony_ci -CAcreateserial \ 1571cb0ef41Sopenharmony_ci -out ca4-cert.pem 1581cb0ef41Sopenharmony_ci 1591cb0ef41Sopenharmony_ci# 1601cb0ef41Sopenharmony_ci# Create Certificate Authority: ca5 with ECC 1611cb0ef41Sopenharmony_ci# ('password' is used for the CA password.) 1621cb0ef41Sopenharmony_ci# 1631cb0ef41Sopenharmony_cica5-key.pem: 1641cb0ef41Sopenharmony_ci openssl ecparam -genkey -out ca5-key.pem -name prime256v1 1651cb0ef41Sopenharmony_ci 1661cb0ef41Sopenharmony_cica5-csr.pem: ca5.cnf ca5-key.pem 1671cb0ef41Sopenharmony_ci openssl req -new \ 1681cb0ef41Sopenharmony_ci -config ca5.cnf \ 1691cb0ef41Sopenharmony_ci -key ca5-key.pem \ 1701cb0ef41Sopenharmony_ci -out ca5-csr.pem 1711cb0ef41Sopenharmony_ci 1721cb0ef41Sopenharmony_cica5-cert.pem: ca5.cnf ca5-key.pem ca5-csr.pem 1731cb0ef41Sopenharmony_ci openssl x509 -req \ 1741cb0ef41Sopenharmony_ci -extfile ca5.cnf \ 1751cb0ef41Sopenharmony_ci -extensions v3_ca \ 1761cb0ef41Sopenharmony_ci -days 99999 \ 1771cb0ef41Sopenharmony_ci -passin "pass:password" \ 1781cb0ef41Sopenharmony_ci -in ca5-csr.pem \ 1791cb0ef41Sopenharmony_ci -signkey ca5-key.pem \ 1801cb0ef41Sopenharmony_ci -out ca5-cert.pem 1811cb0ef41Sopenharmony_ci 1821cb0ef41Sopenharmony_ci# 1831cb0ef41Sopenharmony_ci# Create Subordinate Certificate Authority: ca6 issued by ca5 with ECC 1841cb0ef41Sopenharmony_ci# ('password' is used for the CA password.) 1851cb0ef41Sopenharmony_ci# 1861cb0ef41Sopenharmony_cica6-key.pem: 1871cb0ef41Sopenharmony_ci openssl ecparam -genkey -out ca6-key.pem -name prime256v1 1881cb0ef41Sopenharmony_ci 1891cb0ef41Sopenharmony_cica6-csr.pem: ca6.cnf ca6-key.pem 1901cb0ef41Sopenharmony_ci openssl req -new \ 1911cb0ef41Sopenharmony_ci -extensions v3_ca \ 1921cb0ef41Sopenharmony_ci -config ca6.cnf \ 1931cb0ef41Sopenharmony_ci -key ca6-key.pem \ 1941cb0ef41Sopenharmony_ci -out ca6-csr.pem 1951cb0ef41Sopenharmony_ci 1961cb0ef41Sopenharmony_cica6-cert.pem: ca6-csr.pem ca6-key.pem ca6.cnf ca5-cert.pem ca5-key.pem 1971cb0ef41Sopenharmony_ci openssl x509 -req \ 1981cb0ef41Sopenharmony_ci -extfile ca6.cnf \ 1991cb0ef41Sopenharmony_ci -extensions v3_ca \ 2001cb0ef41Sopenharmony_ci -days 99999 \ 2011cb0ef41Sopenharmony_ci -passin "pass:password" \ 2021cb0ef41Sopenharmony_ci -in ca6-csr.pem \ 2031cb0ef41Sopenharmony_ci -CA ca5-cert.pem \ 2041cb0ef41Sopenharmony_ci -CAkey ca5-key.pem \ 2051cb0ef41Sopenharmony_ci -CAcreateserial \ 2061cb0ef41Sopenharmony_ci -out ca6-cert.pem 2071cb0ef41Sopenharmony_ci 2081cb0ef41Sopenharmony_ci# 2091cb0ef41Sopenharmony_ci# Create Fake CNNIC Root Certificate Authority: fake-cnnic-root 2101cb0ef41Sopenharmony_ci# 2111cb0ef41Sopenharmony_ci 2121cb0ef41Sopenharmony_cifake-cnnic-root-key.pem: 2131cb0ef41Sopenharmony_ci openssl genrsa -out fake-cnnic-root-key.pem 2048 2141cb0ef41Sopenharmony_ci 2151cb0ef41Sopenharmony_cifake-cnnic-root-cert.pem: fake-cnnic-root.cnf fake-cnnic-root-key.pem 2161cb0ef41Sopenharmony_ci openssl req -x509 -new \ 2171cb0ef41Sopenharmony_ci -key fake-cnnic-root-key.pem \ 2181cb0ef41Sopenharmony_ci -days 99999 \ 2191cb0ef41Sopenharmony_ci -out fake-cnnic-root-cert.pem \ 2201cb0ef41Sopenharmony_ci -config fake-cnnic-root.cnf 2211cb0ef41Sopenharmony_ci 2221cb0ef41Sopenharmony_ci# 2231cb0ef41Sopenharmony_ci# Create Fake StartCom Root Certificate Authority: fake-startcom-root 2241cb0ef41Sopenharmony_ci# 2251cb0ef41Sopenharmony_cifake-startcom-root-key.pem: 2261cb0ef41Sopenharmony_ci openssl genrsa -out fake-startcom-root-key.pem 2048 2271cb0ef41Sopenharmony_ci 2281cb0ef41Sopenharmony_cifake-startcom-root-cert.pem: fake-startcom-root.cnf \ 2291cb0ef41Sopenharmony_ci fake-startcom-root-key.pem 2301cb0ef41Sopenharmony_ci openssl req -new -x509 -days 99999 -config \ 2311cb0ef41Sopenharmony_ci fake-startcom-root.cnf -key fake-startcom-root-key.pem -out \ 2321cb0ef41Sopenharmony_ci fake-startcom-root-cert.pem 2331cb0ef41Sopenharmony_ci echo '01' > fake-startcom-root-serial 2341cb0ef41Sopenharmony_ci touch fake-startcom-root-database.txt 2351cb0ef41Sopenharmony_ci 2361cb0ef41Sopenharmony_ci# 2371cb0ef41Sopenharmony_ci# agent1 is signed by ca1. 2381cb0ef41Sopenharmony_ci# 2391cb0ef41Sopenharmony_ci 2401cb0ef41Sopenharmony_ciagent1-key.pem: 2411cb0ef41Sopenharmony_ci openssl genrsa -out agent1-key.pem 2048 2421cb0ef41Sopenharmony_ci 2431cb0ef41Sopenharmony_ciagent1-csr.pem: agent1.cnf agent1-key.pem 2441cb0ef41Sopenharmony_ci openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem 2451cb0ef41Sopenharmony_ci 2461cb0ef41Sopenharmony_ciagent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem 2471cb0ef41Sopenharmony_ci openssl x509 -req \ 2481cb0ef41Sopenharmony_ci -extfile agent1.cnf \ 2491cb0ef41Sopenharmony_ci -extensions v3_ca \ 2501cb0ef41Sopenharmony_ci -days 99999 \ 2511cb0ef41Sopenharmony_ci -passin "pass:password" \ 2521cb0ef41Sopenharmony_ci -in agent1-csr.pem \ 2531cb0ef41Sopenharmony_ci -CA ca1-cert.pem \ 2541cb0ef41Sopenharmony_ci -CAkey ca1-key.pem \ 2551cb0ef41Sopenharmony_ci -CAcreateserial \ 2561cb0ef41Sopenharmony_ci -out agent1-cert.pem 2571cb0ef41Sopenharmony_ci 2581cb0ef41Sopenharmony_ciagent1.pfx: agent1-cert.pem agent1-key.pem ca1-cert.pem 2591cb0ef41Sopenharmony_ci openssl pkcs12 -export \ 2601cb0ef41Sopenharmony_ci -descert \ 2611cb0ef41Sopenharmony_ci -in agent1-cert.pem \ 2621cb0ef41Sopenharmony_ci -inkey agent1-key.pem \ 2631cb0ef41Sopenharmony_ci -certfile ca1-cert.pem \ 2641cb0ef41Sopenharmony_ci -out agent1.pfx \ 2651cb0ef41Sopenharmony_ci -password pass:sample 2661cb0ef41Sopenharmony_ci 2671cb0ef41Sopenharmony_ciagent1-verify: agent1-cert.pem ca1-cert.pem 2681cb0ef41Sopenharmony_ci openssl verify -CAfile ca1-cert.pem agent1-cert.pem 2691cb0ef41Sopenharmony_ci 2701cb0ef41Sopenharmony_ci 2711cb0ef41Sopenharmony_ci# 2721cb0ef41Sopenharmony_ci# agent2 has a self signed cert 2731cb0ef41Sopenharmony_ci# 2741cb0ef41Sopenharmony_ci# Generate new private key 2751cb0ef41Sopenharmony_ciagent2-key.pem: 2761cb0ef41Sopenharmony_ci openssl genrsa -out agent2-key.pem 2048 2771cb0ef41Sopenharmony_ci 2781cb0ef41Sopenharmony_ci# Create a Certificate Signing Request for the key 2791cb0ef41Sopenharmony_ciagent2-csr.pem: agent2-key.pem agent2.cnf 2801cb0ef41Sopenharmony_ci openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem 2811cb0ef41Sopenharmony_ci 2821cb0ef41Sopenharmony_ci# Create a Certificate for the agent. 2831cb0ef41Sopenharmony_ciagent2-cert.pem: agent2-csr.pem agent2-key.pem 2841cb0ef41Sopenharmony_ci openssl x509 -req \ 2851cb0ef41Sopenharmony_ci -days 99999 \ 2861cb0ef41Sopenharmony_ci -in agent2-csr.pem \ 2871cb0ef41Sopenharmony_ci -signkey agent2-key.pem \ 2881cb0ef41Sopenharmony_ci -out agent2-cert.pem 2891cb0ef41Sopenharmony_ci 2901cb0ef41Sopenharmony_ciagent2-verify: agent2-cert.pem 2911cb0ef41Sopenharmony_ci openssl verify -CAfile agent2-cert.pem agent2-cert.pem 2921cb0ef41Sopenharmony_ci 2931cb0ef41Sopenharmony_ci# 2941cb0ef41Sopenharmony_ci# agent3 is signed by ca2. 2951cb0ef41Sopenharmony_ci# 2961cb0ef41Sopenharmony_ci 2971cb0ef41Sopenharmony_ciagent3-key.pem: 2981cb0ef41Sopenharmony_ci openssl genrsa -out agent3-key.pem 2048 2991cb0ef41Sopenharmony_ci 3001cb0ef41Sopenharmony_ciagent3-csr.pem: agent3.cnf agent3-key.pem 3011cb0ef41Sopenharmony_ci openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem 3021cb0ef41Sopenharmony_ci 3031cb0ef41Sopenharmony_ciagent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem 3041cb0ef41Sopenharmony_ci openssl x509 -req \ 3051cb0ef41Sopenharmony_ci -days 99999 \ 3061cb0ef41Sopenharmony_ci -passin "pass:password" \ 3071cb0ef41Sopenharmony_ci -in agent3-csr.pem \ 3081cb0ef41Sopenharmony_ci -CA ca2-cert.pem \ 3091cb0ef41Sopenharmony_ci -CAkey ca2-key.pem \ 3101cb0ef41Sopenharmony_ci -CAcreateserial \ 3111cb0ef41Sopenharmony_ci -out agent3-cert.pem 3121cb0ef41Sopenharmony_ci 3131cb0ef41Sopenharmony_ciagent3-verify: agent3-cert.pem ca2-cert.pem 3141cb0ef41Sopenharmony_ci openssl verify -CAfile ca2-cert.pem agent3-cert.pem 3151cb0ef41Sopenharmony_ci 3161cb0ef41Sopenharmony_ci 3171cb0ef41Sopenharmony_ci# 3181cb0ef41Sopenharmony_ci# agent4 is signed by ca2 (client cert) 3191cb0ef41Sopenharmony_ci# 3201cb0ef41Sopenharmony_ci 3211cb0ef41Sopenharmony_ciagent4-key.pem: 3221cb0ef41Sopenharmony_ci openssl genrsa -out agent4-key.pem 2048 3231cb0ef41Sopenharmony_ci 3241cb0ef41Sopenharmony_ciagent4-csr.pem: agent4.cnf agent4-key.pem 3251cb0ef41Sopenharmony_ci openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem 3261cb0ef41Sopenharmony_ci 3271cb0ef41Sopenharmony_ciagent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem 3281cb0ef41Sopenharmony_ci openssl x509 -req \ 3291cb0ef41Sopenharmony_ci -days 99999 \ 3301cb0ef41Sopenharmony_ci -passin "pass:password" \ 3311cb0ef41Sopenharmony_ci -in agent4-csr.pem \ 3321cb0ef41Sopenharmony_ci -CA ca2-cert.pem \ 3331cb0ef41Sopenharmony_ci -CAkey ca2-key.pem \ 3341cb0ef41Sopenharmony_ci -CAcreateserial \ 3351cb0ef41Sopenharmony_ci -extfile agent4.cnf \ 3361cb0ef41Sopenharmony_ci -extensions ext_key_usage \ 3371cb0ef41Sopenharmony_ci -out agent4-cert.pem 3381cb0ef41Sopenharmony_ci 3391cb0ef41Sopenharmony_ciagent4-verify: agent4-cert.pem ca2-cert.pem 3401cb0ef41Sopenharmony_ci openssl verify -CAfile ca2-cert.pem agent4-cert.pem 3411cb0ef41Sopenharmony_ci 3421cb0ef41Sopenharmony_ci# 3431cb0ef41Sopenharmony_ci# Make CRL with agent4 being rejected 3441cb0ef41Sopenharmony_ci# 3451cb0ef41Sopenharmony_cica2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf agent4-cert.pem 3461cb0ef41Sopenharmony_ci openssl ca -revoke agent4-cert.pem \ 3471cb0ef41Sopenharmony_ci -keyfile ca2-key.pem \ 3481cb0ef41Sopenharmony_ci -cert ca2-cert.pem \ 3491cb0ef41Sopenharmony_ci -config ca2.cnf \ 3501cb0ef41Sopenharmony_ci -passin 'pass:password' 3511cb0ef41Sopenharmony_ci openssl ca \ 3521cb0ef41Sopenharmony_ci -keyfile ca2-key.pem \ 3531cb0ef41Sopenharmony_ci -cert ca2-cert.pem \ 3541cb0ef41Sopenharmony_ci -config ca2.cnf \ 3551cb0ef41Sopenharmony_ci -gencrl \ 3561cb0ef41Sopenharmony_ci -out ca2-crl.pem \ 3571cb0ef41Sopenharmony_ci -passin 'pass:password' 3581cb0ef41Sopenharmony_ci 3591cb0ef41Sopenharmony_ci# 3601cb0ef41Sopenharmony_ci# agent5 is signed by ca2 (client cert) 3611cb0ef41Sopenharmony_ci# 3621cb0ef41Sopenharmony_ci 3631cb0ef41Sopenharmony_ciagent5-key.pem: 3641cb0ef41Sopenharmony_ci openssl genrsa -out agent5-key.pem 2048 3651cb0ef41Sopenharmony_ci 3661cb0ef41Sopenharmony_ciagent5-csr.pem: agent5.cnf agent5-key.pem 3671cb0ef41Sopenharmony_ci openssl req -new -config agent5.cnf -key agent5-key.pem -out agent5-csr.pem 3681cb0ef41Sopenharmony_ci 3691cb0ef41Sopenharmony_ciagent5-cert.pem: agent5-csr.pem ca2-cert.pem ca2-key.pem 3701cb0ef41Sopenharmony_ci openssl x509 -req \ 3711cb0ef41Sopenharmony_ci -days 99999 \ 3721cb0ef41Sopenharmony_ci -passin "pass:password" \ 3731cb0ef41Sopenharmony_ci -in agent5-csr.pem \ 3741cb0ef41Sopenharmony_ci -CA ca2-cert.pem \ 3751cb0ef41Sopenharmony_ci -CAkey ca2-key.pem \ 3761cb0ef41Sopenharmony_ci -CAcreateserial \ 3771cb0ef41Sopenharmony_ci -extfile agent5.cnf \ 3781cb0ef41Sopenharmony_ci -extensions ext_key_usage \ 3791cb0ef41Sopenharmony_ci -out agent5-cert.pem 3801cb0ef41Sopenharmony_ci 3811cb0ef41Sopenharmony_ciagent5-verify: agent5-cert.pem ca2-cert.pem 3821cb0ef41Sopenharmony_ci openssl verify -CAfile ca2-cert.pem agent5-cert.pem 3831cb0ef41Sopenharmony_ci 3841cb0ef41Sopenharmony_ci# 3851cb0ef41Sopenharmony_ci# agent6 is a client RSA cert signed by ca3 3861cb0ef41Sopenharmony_ci# 3871cb0ef41Sopenharmony_ci 3881cb0ef41Sopenharmony_ciagent6-key.pem: 3891cb0ef41Sopenharmony_ci openssl genrsa -out agent6-key.pem 2048 3901cb0ef41Sopenharmony_ci 3911cb0ef41Sopenharmony_ciagent6-csr.pem: agent6.cnf agent6-key.pem 3921cb0ef41Sopenharmony_ci openssl req -new -config agent6.cnf -key agent6-key.pem -out agent6-csr.pem 3931cb0ef41Sopenharmony_ci 3941cb0ef41Sopenharmony_ciagent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem 3951cb0ef41Sopenharmony_ci openssl x509 -req \ 3961cb0ef41Sopenharmony_ci -days 99999 \ 3971cb0ef41Sopenharmony_ci -passin "pass:password" \ 3981cb0ef41Sopenharmony_ci -in agent6-csr.pem \ 3991cb0ef41Sopenharmony_ci -CA ca3-cert.pem \ 4001cb0ef41Sopenharmony_ci -CAkey ca3-key.pem \ 4011cb0ef41Sopenharmony_ci -CAcreateserial \ 4021cb0ef41Sopenharmony_ci -extfile agent6.cnf \ 4031cb0ef41Sopenharmony_ci -out agent6-cert.pem 4041cb0ef41Sopenharmony_ci cat ca3-cert.pem >> agent6-cert.pem 4051cb0ef41Sopenharmony_ci 4061cb0ef41Sopenharmony_ciagent6-verify: agent6-cert.pem ca3-cert.pem ca1-cert.pem 4071cb0ef41Sopenharmony_ci openssl verify -trusted ca1-cert.pem -untrusted ca3-cert.pem agent6-cert.pem 4081cb0ef41Sopenharmony_ci 4091cb0ef41Sopenharmony_ciagent6.pfx: agent6-cert.pem agent6-key.pem ca1-cert.pem 4101cb0ef41Sopenharmony_ci openssl pkcs12 -export \ 4111cb0ef41Sopenharmony_ci -descert \ 4121cb0ef41Sopenharmony_ci -in agent6-cert.pem \ 4131cb0ef41Sopenharmony_ci -inkey agent6-key.pem \ 4141cb0ef41Sopenharmony_ci -certfile ca1-cert.pem \ 4151cb0ef41Sopenharmony_ci -out agent6.pfx \ 4161cb0ef41Sopenharmony_ci -password pass:sample 4171cb0ef41Sopenharmony_ci 4181cb0ef41Sopenharmony_ci# 4191cb0ef41Sopenharmony_ci# agent7 is signed by fake-cnnic-root. 4201cb0ef41Sopenharmony_ci# 4211cb0ef41Sopenharmony_ci 4221cb0ef41Sopenharmony_ciagent7-key.pem: 4231cb0ef41Sopenharmony_ci openssl genrsa -out agent7-key.pem 2048 4241cb0ef41Sopenharmony_ci 4251cb0ef41Sopenharmony_ciagent7-csr.pem: agent1.cnf agent7-key.pem 4261cb0ef41Sopenharmony_ci openssl req -new -config agent7.cnf -key agent7-key.pem -out agent7-csr.pem 4271cb0ef41Sopenharmony_ci 4281cb0ef41Sopenharmony_ciagent7-cert.pem: agent7-csr.pem fake-cnnic-root-cert.pem fake-cnnic-root-key.pem 4291cb0ef41Sopenharmony_ci openssl x509 -req \ 4301cb0ef41Sopenharmony_ci -extfile agent7.cnf \ 4311cb0ef41Sopenharmony_ci -days 99999 \ 4321cb0ef41Sopenharmony_ci -passin "pass:password" \ 4331cb0ef41Sopenharmony_ci -in agent7-csr.pem \ 4341cb0ef41Sopenharmony_ci -CA fake-cnnic-root-cert.pem \ 4351cb0ef41Sopenharmony_ci -CAkey fake-cnnic-root-key.pem \ 4361cb0ef41Sopenharmony_ci -CAcreateserial \ 4371cb0ef41Sopenharmony_ci -out agent7-cert.pem 4381cb0ef41Sopenharmony_ci 4391cb0ef41Sopenharmony_ciagent7-verify: agent7-cert.pem fake-cnnic-root-cert.pem 4401cb0ef41Sopenharmony_ci openssl verify -CAfile fake-cnnic-root-cert.pem agent7-cert.pem 4411cb0ef41Sopenharmony_ci 4421cb0ef41Sopenharmony_ci# 4431cb0ef41Sopenharmony_ci# agent8 is signed by fake-startcom-root with notBefore 4441cb0ef41Sopenharmony_ci# of Oct 20 23:59:59 2016 GMT 4451cb0ef41Sopenharmony_ci# 4461cb0ef41Sopenharmony_ci 4471cb0ef41Sopenharmony_ciagent8-key.pem: 4481cb0ef41Sopenharmony_ci openssl genrsa -out agent8-key.pem 2048 4491cb0ef41Sopenharmony_ci 4501cb0ef41Sopenharmony_ciagent8-csr.pem: agent8.cnf agent8-key.pem 4511cb0ef41Sopenharmony_ci openssl req -new -config agent8.cnf -key agent8-key.pem \ 4521cb0ef41Sopenharmony_ci -out agent8-csr.pem 4531cb0ef41Sopenharmony_ci 4541cb0ef41Sopenharmony_ciagent8-cert.pem: agent8-csr.pem fake-startcom-root-cert.pem fake-startcom-root-key.pem 4551cb0ef41Sopenharmony_ci openssl ca \ 4561cb0ef41Sopenharmony_ci -config fake-startcom-root.cnf \ 4571cb0ef41Sopenharmony_ci -keyfile fake-startcom-root-key.pem \ 4581cb0ef41Sopenharmony_ci -cert fake-startcom-root-cert.pem \ 4591cb0ef41Sopenharmony_ci -batch \ 4601cb0ef41Sopenharmony_ci -days 99999 \ 4611cb0ef41Sopenharmony_ci -passin "pass:password" \ 4621cb0ef41Sopenharmony_ci -in agent8-csr.pem \ 4631cb0ef41Sopenharmony_ci -startdate 161020235959Z \ 4641cb0ef41Sopenharmony_ci -notext -out agent8-cert.pem 4651cb0ef41Sopenharmony_ci 4661cb0ef41Sopenharmony_ci 4671cb0ef41Sopenharmony_ciagent8-verify: agent8-cert.pem fake-startcom-root-cert.pem 4681cb0ef41Sopenharmony_ci openssl verify -CAfile fake-startcom-root-cert.pem \ 4691cb0ef41Sopenharmony_ci agent8-cert.pem 4701cb0ef41Sopenharmony_ci 4711cb0ef41Sopenharmony_ci 4721cb0ef41Sopenharmony_ci# 4731cb0ef41Sopenharmony_ci# agent9 is signed by fake-startcom-root with notBefore 4741cb0ef41Sopenharmony_ci# of Oct 21 00:00:01 2016 GMT 4751cb0ef41Sopenharmony_ci# 4761cb0ef41Sopenharmony_ciagent9-key.pem: 4771cb0ef41Sopenharmony_ci openssl genrsa -out agent9-key.pem 2048 4781cb0ef41Sopenharmony_ci 4791cb0ef41Sopenharmony_ciagent9-csr.pem: agent9.cnf agent9-key.pem 4801cb0ef41Sopenharmony_ci openssl req -new -config agent9.cnf -key agent9-key.pem \ 4811cb0ef41Sopenharmony_ci -out agent9-csr.pem 4821cb0ef41Sopenharmony_ci 4831cb0ef41Sopenharmony_ci 4841cb0ef41Sopenharmony_ciagent9-cert.pem: agent9-csr.pem 4851cb0ef41Sopenharmony_ci openssl ca \ 4861cb0ef41Sopenharmony_ci -config fake-startcom-root.cnf \ 4871cb0ef41Sopenharmony_ci -keyfile fake-startcom-root-key.pem \ 4881cb0ef41Sopenharmony_ci -cert fake-startcom-root-cert.pem \ 4891cb0ef41Sopenharmony_ci -batch \ 4901cb0ef41Sopenharmony_ci -days 99999 \ 4911cb0ef41Sopenharmony_ci -passin "pass:password" \ 4921cb0ef41Sopenharmony_ci -in agent9-csr.pem \ 4931cb0ef41Sopenharmony_ci -startdate 20161021000001Z \ 4941cb0ef41Sopenharmony_ci -notext -out agent9-cert.pem 4951cb0ef41Sopenharmony_ci 4961cb0ef41Sopenharmony_ci# agent10 is a server RSA cert signed by ca4 for agent10.example.com 4971cb0ef41Sopenharmony_ci# 4981cb0ef41Sopenharmony_ci 4991cb0ef41Sopenharmony_ciagent10-key.pem: 5001cb0ef41Sopenharmony_ci openssl genrsa -out agent10-key.pem 2048 5011cb0ef41Sopenharmony_ci 5021cb0ef41Sopenharmony_ciagent10-csr.pem: agent10.cnf agent10-key.pem 5031cb0ef41Sopenharmony_ci openssl req -new -config agent10.cnf -key agent10-key.pem -out agent10-csr.pem 5041cb0ef41Sopenharmony_ci 5051cb0ef41Sopenharmony_ciagent10-cert.pem: agent10-csr.pem ca4-cert.pem ca4-key.pem 5061cb0ef41Sopenharmony_ci openssl x509 -req \ 5071cb0ef41Sopenharmony_ci -days 99999 \ 5081cb0ef41Sopenharmony_ci -passin "pass:password" \ 5091cb0ef41Sopenharmony_ci -in agent10-csr.pem \ 5101cb0ef41Sopenharmony_ci -CA ca4-cert.pem \ 5111cb0ef41Sopenharmony_ci -CAkey ca4-key.pem \ 5121cb0ef41Sopenharmony_ci -CAcreateserial \ 5131cb0ef41Sopenharmony_ci -extfile agent10.cnf \ 5141cb0ef41Sopenharmony_ci -out agent10-cert.pem 5151cb0ef41Sopenharmony_ci cat ca4-cert.pem >> agent10-cert.pem 5161cb0ef41Sopenharmony_ci 5171cb0ef41Sopenharmony_ciagent10-verify: agent10-cert.pem ca4-cert.pem ca2-cert.pem 5181cb0ef41Sopenharmony_ci openssl verify -trusted ca2-cert.pem -untrusted ca4-cert.pem agent10-cert.pem 5191cb0ef41Sopenharmony_ci 5201cb0ef41Sopenharmony_ciagent10.pfx: agent10-cert.pem agent10-key.pem ca1-cert.pem 5211cb0ef41Sopenharmony_ci openssl pkcs12 -export \ 5221cb0ef41Sopenharmony_ci -descert \ 5231cb0ef41Sopenharmony_ci -in agent10-cert.pem \ 5241cb0ef41Sopenharmony_ci -inkey agent10-key.pem \ 5251cb0ef41Sopenharmony_ci -certfile ca1-cert.pem \ 5261cb0ef41Sopenharmony_ci -out agent10.pfx \ 5271cb0ef41Sopenharmony_ci -password pass:sample 5281cb0ef41Sopenharmony_ci 5291cb0ef41Sopenharmony_ci# 5301cb0ef41Sopenharmony_ci# ec10 is a server EC cert signed by ca6 for agent10.example.com 5311cb0ef41Sopenharmony_ci# 5321cb0ef41Sopenharmony_ci 5331cb0ef41Sopenharmony_ciec10-key.pem: 5341cb0ef41Sopenharmony_ci openssl ecparam -genkey -out ec10-key.pem -name prime256v1 5351cb0ef41Sopenharmony_ci 5361cb0ef41Sopenharmony_ciec10-csr.pem: ec10-key.pem 5371cb0ef41Sopenharmony_ci openssl req -new -config agent10.cnf -key ec10-key.pem -out ec10-csr.pem 5381cb0ef41Sopenharmony_ci 5391cb0ef41Sopenharmony_ciec10-cert.pem: ec10-csr.pem ca6-cert.pem ca6-key.pem 5401cb0ef41Sopenharmony_ci openssl x509 -req \ 5411cb0ef41Sopenharmony_ci -days 99999 \ 5421cb0ef41Sopenharmony_ci -passin "pass:password" \ 5431cb0ef41Sopenharmony_ci -in ec10-csr.pem \ 5441cb0ef41Sopenharmony_ci -CA ca6-cert.pem \ 5451cb0ef41Sopenharmony_ci -CAkey ca6-key.pem \ 5461cb0ef41Sopenharmony_ci -CAcreateserial \ 5471cb0ef41Sopenharmony_ci -extfile agent10.cnf \ 5481cb0ef41Sopenharmony_ci -out ec10-cert.pem 5491cb0ef41Sopenharmony_ci cat ca6-cert.pem >> ec10-cert.pem 5501cb0ef41Sopenharmony_ci 5511cb0ef41Sopenharmony_ciec10-verify: ec10-cert.pem ca6-cert.pem ca5-cert.pem 5521cb0ef41Sopenharmony_ci openssl verify -trusted ca5-cert.pem -untrusted ca6-cert.pem ec10-cert.pem 5531cb0ef41Sopenharmony_ci 5541cb0ef41Sopenharmony_ciec10.pfx: ec10-cert.pem ec10-key.pem ca6-cert.pem 5551cb0ef41Sopenharmony_ci openssl pkcs12 -export \ 5561cb0ef41Sopenharmony_ci -descert \ 5571cb0ef41Sopenharmony_ci -in ec10-cert.pem \ 5581cb0ef41Sopenharmony_ci -inkey ec10-key.pem \ 5591cb0ef41Sopenharmony_ci -certfile ca6-cert.pem \ 5601cb0ef41Sopenharmony_ci -out ec10.pfx \ 5611cb0ef41Sopenharmony_ci -password pass:sample 5621cb0ef41Sopenharmony_ci 5631cb0ef41Sopenharmony_ci 5641cb0ef41Sopenharmony_ci# 5651cb0ef41Sopenharmony_ci# ec is a self-signed EC cert for CN "agent2" 5661cb0ef41Sopenharmony_ci# 5671cb0ef41Sopenharmony_ciec-key.pem: 5681cb0ef41Sopenharmony_ci openssl ecparam -genkey -out ec-key.pem -name prime256v1 5691cb0ef41Sopenharmony_ci 5701cb0ef41Sopenharmony_ciec-csr.pem: ec-key.pem 5711cb0ef41Sopenharmony_ci openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem 5721cb0ef41Sopenharmony_ci 5731cb0ef41Sopenharmony_ciec-cert.pem: ec-csr.pem ec-key.pem 5741cb0ef41Sopenharmony_ci openssl x509 -req \ 5751cb0ef41Sopenharmony_ci -days 99999 \ 5761cb0ef41Sopenharmony_ci -in ec-csr.pem \ 5771cb0ef41Sopenharmony_ci -signkey ec-key.pem \ 5781cb0ef41Sopenharmony_ci -out ec-cert.pem 5791cb0ef41Sopenharmony_ci 5801cb0ef41Sopenharmony_ciec.pfx: ec-cert.pem ec-key.pem 5811cb0ef41Sopenharmony_ci openssl pkcs12 -export \ 5821cb0ef41Sopenharmony_ci -descert \ 5831cb0ef41Sopenharmony_ci -in ec-cert.pem \ 5841cb0ef41Sopenharmony_ci -inkey ec-key.pem \ 5851cb0ef41Sopenharmony_ci -out ec.pfx \ 5861cb0ef41Sopenharmony_ci -password pass: 5871cb0ef41Sopenharmony_ci 5881cb0ef41Sopenharmony_cidh512.pem: 5891cb0ef41Sopenharmony_ci openssl dhparam -out dh512.pem 512 5901cb0ef41Sopenharmony_ci 5911cb0ef41Sopenharmony_cidh1024.pem: 5921cb0ef41Sopenharmony_ci openssl dhparam -out dh1024.pem 1024 5931cb0ef41Sopenharmony_ci 5941cb0ef41Sopenharmony_cidh2048.pem: 5951cb0ef41Sopenharmony_ci openssl dhparam -out dh2048.pem 2048 5961cb0ef41Sopenharmony_ci 5971cb0ef41Sopenharmony_cidherror.pem: dh1024.pem 5981cb0ef41Sopenharmony_ci sed 's/^[^-].*/AAAAAAAAAA/g' dh1024.pem > dherror.pem 5991cb0ef41Sopenharmony_ci 6001cb0ef41Sopenharmony_cidsa_params.pem: 6011cb0ef41Sopenharmony_ci openssl dsaparam -out dsa_params.pem 2048 6021cb0ef41Sopenharmony_ci 6031cb0ef41Sopenharmony_cidsa_private.pem: dsa_params.pem 6041cb0ef41Sopenharmony_ci openssl gendsa -out dsa_private.pem dsa_params.pem 6051cb0ef41Sopenharmony_ci 6061cb0ef41Sopenharmony_cidsa_private_encrypted.pem: dsa_private.pem 6071cb0ef41Sopenharmony_ci openssl dsa -aes256 -in dsa_private.pem -passout 'pass:password' -out dsa_private_encrypted.pem 6081cb0ef41Sopenharmony_ci 6091cb0ef41Sopenharmony_cidsa_private_pkcs8.pem: dsa_private.pem 6101cb0ef41Sopenharmony_ci openssl pkcs8 -topk8 -inform PEM -outform PEM -in dsa_private.pem -out dsa_private_pkcs8.pem -nocrypt 6111cb0ef41Sopenharmony_ci 6121cb0ef41Sopenharmony_cidsa_public.pem: dsa_private.pem 6131cb0ef41Sopenharmony_ci openssl dsa -in dsa_private.pem -pubout -out dsa_public.pem 6141cb0ef41Sopenharmony_ci 6151cb0ef41Sopenharmony_cidsa1025.pem: 6161cb0ef41Sopenharmony_ci openssl dsaparam -out dsa1025.pem 1025 6171cb0ef41Sopenharmony_ci 6181cb0ef41Sopenharmony_cidsa_private_1025.pem: 6191cb0ef41Sopenharmony_ci openssl gendsa -out dsa_private_1025.pem dsa1025.pem 6201cb0ef41Sopenharmony_ci 6211cb0ef41Sopenharmony_cidsa_private_encrypted_1025.pem: 6221cb0ef41Sopenharmony_ci openssl pkcs8 -in dsa_private_1025.pem -topk8 -passout 'pass:secret' -out dsa_private_encrypted_1025.pem 6231cb0ef41Sopenharmony_ci 6241cb0ef41Sopenharmony_cidsa_public_1025.pem: 6251cb0ef41Sopenharmony_ci openssl dsa -in dsa_private_1025.pem -pubout -out dsa_public_1025.pem 6261cb0ef41Sopenharmony_ci 6271cb0ef41Sopenharmony_cirsa_private.pem: 6281cb0ef41Sopenharmony_ci openssl genrsa -out rsa_private.pem 2048 6291cb0ef41Sopenharmony_ci 6301cb0ef41Sopenharmony_cirsa_private_encrypted.pem: rsa_private.pem 6311cb0ef41Sopenharmony_ci openssl rsa -aes256 -in rsa_private.pem -passout 'pass:password' -out rsa_private_encrypted.pem 6321cb0ef41Sopenharmony_ci 6331cb0ef41Sopenharmony_cirsa_private_pkcs8.pem: rsa_private.pem 6341cb0ef41Sopenharmony_ci openssl pkcs8 -topk8 -inform PEM -outform PEM -in rsa_private.pem -out rsa_private_pkcs8.pem -nocrypt 6351cb0ef41Sopenharmony_ci 6361cb0ef41Sopenharmony_cirsa_private_pkcs8_bad.pem: rsa_private_pkcs8.pem 6371cb0ef41Sopenharmony_ci sed 's/PRIVATE/RSA PRIVATE/g' rsa_private_pkcs8.pem > rsa_private_pkcs8_bad.pem 6381cb0ef41Sopenharmony_ci 6391cb0ef41Sopenharmony_cirsa_public.pem: rsa_private.pem 6401cb0ef41Sopenharmony_ci openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem 6411cb0ef41Sopenharmony_ci 6421cb0ef41Sopenharmony_cirsa_cert.crt: rsa_private.pem 6431cb0ef41Sopenharmony_ci openssl req -new -x509 -days 99999 -key rsa_private.pem -config rsa_cert.cnf -out rsa_cert.crt 6441cb0ef41Sopenharmony_ci 6451cb0ef41Sopenharmony_cirsa_cert.pfx: rsa_cert.crt 6461cb0ef41Sopenharmony_ci openssl pkcs12 -export -descert -passout 'pass:sample' -inkey rsa_private.pem -in rsa_cert.crt -out rsa_cert.pfx 6471cb0ef41Sopenharmony_ci 6481cb0ef41Sopenharmony_cirsa_ca.crt: rsa_cert.crt 6491cb0ef41Sopenharmony_ci cp rsa_cert.crt rsa_ca.crt 6501cb0ef41Sopenharmony_ci 6511cb0ef41Sopenharmony_cirsa_public_sha1_signature_signedby_rsa_private.sha1: rsa_public.pem rsa_private.pem 6521cb0ef41Sopenharmony_ci openssl dgst -sha1 -sign rsa_private.pem -out rsa_public_sha1_signature_signedby_rsa_private.sha1 rsa_public.pem 6531cb0ef41Sopenharmony_ci 6541cb0ef41Sopenharmony_cirsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1: rsa_public.pem rsa_private_pkcs8.pem 6551cb0ef41Sopenharmony_ci openssl dgst -sha1 -sign rsa_private_pkcs8.pem -out rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1 rsa_public.pem 6561cb0ef41Sopenharmony_ci 6571cb0ef41Sopenharmony_cirsa_private_b.pem: 6581cb0ef41Sopenharmony_ci openssl genrsa -out rsa_private_b.pem 2048 6591cb0ef41Sopenharmony_ci 6601cb0ef41Sopenharmony_ciI_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256: rsa_private_b.pem 6611cb0ef41Sopenharmony_ci echo -n "I AM THE WALRUS" | openssl dgst -sha256 -sign rsa_private_b.pem -out I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256 6621cb0ef41Sopenharmony_ci 6631cb0ef41Sopenharmony_cirsa_public_b.pem: rsa_private_b.pem 6641cb0ef41Sopenharmony_ci openssl rsa -in rsa_private_b.pem -pubout -out rsa_public_b.pem 6651cb0ef41Sopenharmony_ci 6661cb0ef41Sopenharmony_ci# The following 'foafssl' cert is used in test/parallel/test-https-foafssl.js. 6671cb0ef41Sopenharmony_ci# It requires a SAN like 'http://example.com/#me'. More info here: 6681cb0ef41Sopenharmony_ci# https://www.w3.org/wiki/Foaf+ssl 6691cb0ef41Sopenharmony_cirsa_cert_foafssl_b.crt: rsa_private_b.pem 6701cb0ef41Sopenharmony_ci openssl req -new -x509 -days 99999 -config rsa_cert_foafssl_b.cnf -key rsa_private_b.pem -out rsa_cert_foafssl_b.crt 6711cb0ef41Sopenharmony_ci 6721cb0ef41Sopenharmony_ci# The 'modulus=' in the output must be stripped out 6731cb0ef41Sopenharmony_cirsa_cert_foafssl_b.modulus: rsa_cert_foafssl_b.crt 6741cb0ef41Sopenharmony_ci openssl x509 -modulus -in rsa_cert_foafssl_b.crt -noout | cut -c 9- > rsa_cert_foafssl_b.modulus 6751cb0ef41Sopenharmony_ci 6761cb0ef41Sopenharmony_ci# Have to parse out the hex exponent 6771cb0ef41Sopenharmony_cirsa_cert_foafssl_b.exponent: rsa_cert_foafssl_b.crt 6781cb0ef41Sopenharmony_ci openssl x509 -in rsa_cert_foafssl_b.crt -text | grep -o 'Exponent:.*' | sed 's/\(.*(\|).*\)//g' > rsa_cert_foafssl_b.exponent 6791cb0ef41Sopenharmony_ci 6801cb0ef41Sopenharmony_ci# openssl outputs `SPKAC=[SPKAC]`. That prefix needs to be removed to work with node 6811cb0ef41Sopenharmony_cirsa_spkac.spkac: rsa_private.pem 6821cb0ef41Sopenharmony_ci openssl spkac -key rsa_private.pem -challenge this-is-a-challenge | cut -c 7- > rsa_spkac.spkac 6831cb0ef41Sopenharmony_ci 6841cb0ef41Sopenharmony_ci# cutting characters from the start to invalidate the spkac 6851cb0ef41Sopenharmony_cirsa_spkac_invalid.spkac: rsa_spkac.spkac 6861cb0ef41Sopenharmony_ci cat rsa_spkac.spkac | cut -c 5- > rsa_spkac_invalid.spkac 6871cb0ef41Sopenharmony_ci 6881cb0ef41Sopenharmony_cirsa_private_2048.pem: 6891cb0ef41Sopenharmony_ci openssl genrsa -out rsa_private_2048.pem 2048 6901cb0ef41Sopenharmony_ci 6911cb0ef41Sopenharmony_cirsa_private_4096.pem: 6921cb0ef41Sopenharmony_ci openssl genrsa -out rsa_private_4096.pem 4096 6931cb0ef41Sopenharmony_ci 6941cb0ef41Sopenharmony_cirsa_public_2048.pem: rsa_private_2048.pem 6951cb0ef41Sopenharmony_ci openssl rsa -in rsa_private_2048.pem -pubout -out rsa_public_2048.pem 6961cb0ef41Sopenharmony_ci 6971cb0ef41Sopenharmony_cirsa_public_4096.pem: rsa_private_4096.pem 6981cb0ef41Sopenharmony_ci openssl rsa -in rsa_private_4096.pem -pubout -out rsa_public_4096.pem 6991cb0ef41Sopenharmony_ci 7001cb0ef41Sopenharmony_cirsa_pss_private_2048.pem: 7011cb0ef41Sopenharmony_ci openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out rsa_pss_private_2048.pem 7021cb0ef41Sopenharmony_ci 7031cb0ef41Sopenharmony_cirsa_pss_private_2048_sha256_sha256_16.pem: 7041cb0ef41Sopenharmony_ci openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_sha256_sha256_16.pem 7051cb0ef41Sopenharmony_ci 7061cb0ef41Sopenharmony_cirsa_pss_private_2048_sha512_sha256_20.pem: 7071cb0ef41Sopenharmony_ci openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha512 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha512_sha256_20.pem 7081cb0ef41Sopenharmony_ci 7091cb0ef41Sopenharmony_cirsa_pss_private_2048_sha1_sha1_20.pem: 7101cb0ef41Sopenharmony_ci openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha1 -pkeyopt rsa_pss_keygen_mgf1_md:sha1 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha1_sha1_20.pem 7111cb0ef41Sopenharmony_ci 7121cb0ef41Sopenharmony_cirsa_pss_public_2048.pem: rsa_pss_private_2048.pem 7131cb0ef41Sopenharmony_ci openssl pkey -in rsa_pss_private_2048.pem -pubout -out rsa_pss_public_2048.pem 7141cb0ef41Sopenharmony_ci 7151cb0ef41Sopenharmony_cirsa_pss_public_2048_sha256_sha256_16.pem: rsa_pss_private_2048_sha256_sha256_16.pem 7161cb0ef41Sopenharmony_ci openssl pkey -in rsa_pss_private_2048_sha256_sha256_16.pem -pubout -out rsa_pss_public_2048_sha256_sha256_16.pem 7171cb0ef41Sopenharmony_ci 7181cb0ef41Sopenharmony_cirsa_pss_public_2048_sha512_sha256_20.pem: rsa_pss_private_2048_sha512_sha256_20.pem 7191cb0ef41Sopenharmony_ci openssl pkey -in rsa_pss_private_2048_sha512_sha256_20.pem -pubout -out rsa_pss_public_2048_sha512_sha256_20.pem 7201cb0ef41Sopenharmony_ci 7211cb0ef41Sopenharmony_cirsa_pss_public_2048_sha1_sha1_20.pem: rsa_pss_private_2048_sha1_sha1_20.pem 7221cb0ef41Sopenharmony_ci openssl pkey -in rsa_pss_private_2048_sha1_sha1_20.pem -pubout -out rsa_pss_public_2048_sha1_sha1_20.pem 7231cb0ef41Sopenharmony_ci 7241cb0ef41Sopenharmony_cied25519_private.pem: 7251cb0ef41Sopenharmony_ci openssl genpkey -algorithm ED25519 -out ed25519_private.pem 7261cb0ef41Sopenharmony_ci 7271cb0ef41Sopenharmony_cied25519_public.pem: ed25519_private.pem 7281cb0ef41Sopenharmony_ci openssl pkey -in ed25519_private.pem -pubout -out ed25519_public.pem 7291cb0ef41Sopenharmony_ci 7301cb0ef41Sopenharmony_cix25519_private.pem: 7311cb0ef41Sopenharmony_ci openssl genpkey -algorithm x25519 -out x25519_private.pem 7321cb0ef41Sopenharmony_ci 7331cb0ef41Sopenharmony_cix25519_public.pem: x25519_private.pem 7341cb0ef41Sopenharmony_ci openssl pkey -in x25519_private.pem -pubout -out x25519_public.pem 7351cb0ef41Sopenharmony_ci 7361cb0ef41Sopenharmony_cied448_private.pem: 7371cb0ef41Sopenharmony_ci openssl genpkey -algorithm ed448 -out ed448_private.pem 7381cb0ef41Sopenharmony_ci 7391cb0ef41Sopenharmony_cied448_public.pem: ed448_private.pem 7401cb0ef41Sopenharmony_ci openssl pkey -in ed448_private.pem -pubout -out ed448_public.pem 7411cb0ef41Sopenharmony_ci 7421cb0ef41Sopenharmony_cix448_private.pem: 7431cb0ef41Sopenharmony_ci openssl genpkey -algorithm x448 -out x448_private.pem 7441cb0ef41Sopenharmony_ci 7451cb0ef41Sopenharmony_cix448_public.pem: x448_private.pem 7461cb0ef41Sopenharmony_ci openssl pkey -in x448_private.pem -pubout -out x448_public.pem 7471cb0ef41Sopenharmony_ci 7481cb0ef41Sopenharmony_ciec_p256_private.pem: 7491cb0ef41Sopenharmony_ci openssl ecparam -name prime256v1 -genkey -noout -out sec1_ec_p256_private.pem 7501cb0ef41Sopenharmony_ci openssl pkcs8 -topk8 -nocrypt -in sec1_ec_p256_private.pem -out ec_p256_private.pem 7511cb0ef41Sopenharmony_ci rm sec1_ec_p256_private.pem 7521cb0ef41Sopenharmony_ci 7531cb0ef41Sopenharmony_ciec_p256_public.pem: ec_p256_private.pem 7541cb0ef41Sopenharmony_ci openssl ec -in ec_p256_private.pem -pubout -out ec_p256_public.pem 7551cb0ef41Sopenharmony_ci 7561cb0ef41Sopenharmony_ciec_p384_private.pem: 7571cb0ef41Sopenharmony_ci openssl ecparam -name secp384r1 -genkey -noout -out sec1_ec_p384_private.pem 7581cb0ef41Sopenharmony_ci openssl pkcs8 -topk8 -nocrypt -in sec1_ec_p384_private.pem -out ec_p384_private.pem 7591cb0ef41Sopenharmony_ci rm sec1_ec_p384_private.pem 7601cb0ef41Sopenharmony_ci 7611cb0ef41Sopenharmony_ciec_p384_public.pem: ec_p384_private.pem 7621cb0ef41Sopenharmony_ci openssl ec -in ec_p384_private.pem -pubout -out ec_p384_public.pem 7631cb0ef41Sopenharmony_ci 7641cb0ef41Sopenharmony_ciec_p521_private.pem: 7651cb0ef41Sopenharmony_ci openssl ecparam -name secp521r1 -genkey -noout -out sec1_ec_p521_private.pem 7661cb0ef41Sopenharmony_ci openssl pkcs8 -topk8 -nocrypt -in sec1_ec_p521_private.pem -out ec_p521_private.pem 7671cb0ef41Sopenharmony_ci rm sec1_ec_p521_private.pem 7681cb0ef41Sopenharmony_ci 7691cb0ef41Sopenharmony_ciec_p521_public.pem: ec_p521_private.pem 7701cb0ef41Sopenharmony_ci openssl ec -in ec_p521_private.pem -pubout -out ec_p521_public.pem 7711cb0ef41Sopenharmony_ci 7721cb0ef41Sopenharmony_ciec_secp256k1_private.pem: 7731cb0ef41Sopenharmony_ci openssl ecparam -name secp256k1 -genkey -noout -out sec1_ec_secp256k1_private.pem 7741cb0ef41Sopenharmony_ci openssl pkcs8 -topk8 -nocrypt -in sec1_ec_secp256k1_private.pem -out ec_secp256k1_private.pem 7751cb0ef41Sopenharmony_ci rm sec1_ec_secp256k1_private.pem 7761cb0ef41Sopenharmony_ci 7771cb0ef41Sopenharmony_ciec_secp256k1_public.pem: ec_secp256k1_private.pem 7781cb0ef41Sopenharmony_ci openssl ec -in ec_secp256k1_private.pem -pubout -out ec_secp256k1_public.pem 7791cb0ef41Sopenharmony_ci 7801cb0ef41Sopenharmony_ciincorrect_san_correct_subject-cert.pem: incorrect_san_correct_subject-key.pem 7811cb0ef41Sopenharmony_ci openssl req -x509 \ 7821cb0ef41Sopenharmony_ci -key incorrect_san_correct_subject-key.pem \ 7831cb0ef41Sopenharmony_ci -out incorrect_san_correct_subject-cert.pem \ 7841cb0ef41Sopenharmony_ci -sha256 \ 7851cb0ef41Sopenharmony_ci -days 3650 \ 7861cb0ef41Sopenharmony_ci -subj "/CN=good.example.com" \ 7871cb0ef41Sopenharmony_ci -addext "subjectAltName = DNS:evil.example.com" 7881cb0ef41Sopenharmony_ci 7891cb0ef41Sopenharmony_ciincorrect_san_correct_subject-key.pem: 7901cb0ef41Sopenharmony_ci openssl ecparam -name prime256v1 -genkey -noout -out incorrect_san_correct_subject-key.pem 7911cb0ef41Sopenharmony_ci 7921cb0ef41Sopenharmony_ciirrelevant_san_correct_subject-cert.pem: irrelevant_san_correct_subject-key.pem 7931cb0ef41Sopenharmony_ci openssl req -x509 \ 7941cb0ef41Sopenharmony_ci -key irrelevant_san_correct_subject-key.pem \ 7951cb0ef41Sopenharmony_ci -out irrelevant_san_correct_subject-cert.pem \ 7961cb0ef41Sopenharmony_ci -sha256 \ 7971cb0ef41Sopenharmony_ci -days 3650 \ 7981cb0ef41Sopenharmony_ci -subj "/CN=good.example.com" \ 7991cb0ef41Sopenharmony_ci -addext "subjectAltName = IP:1.2.3.4" 8001cb0ef41Sopenharmony_ci 8011cb0ef41Sopenharmony_ciirrelevant_san_correct_subject-key.pem: 8021cb0ef41Sopenharmony_ci openssl ecparam -name prime256v1 -genkey -noout -out irrelevant_san_correct_subject-key.pem 8031cb0ef41Sopenharmony_ci 8041cb0ef41Sopenharmony_ciclean: 8051cb0ef41Sopenharmony_ci rm -f *.pfx *.pem *.srl ca2-database.txt ca2-serial fake-startcom-root-serial *.print *.old fake-startcom-root-issued-certs/*.pem 8061cb0ef41Sopenharmony_ci @> fake-startcom-root-database.txt 8071cb0ef41Sopenharmony_ci 8081cb0ef41Sopenharmony_citest: agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify agent6-verify agent7-verify agent8-verify agent10-verify ec10-verify 8091cb0ef41Sopenharmony_ci 8101cb0ef41Sopenharmony_ci%-cert.pem.print: %-cert.pem 8111cb0ef41Sopenharmony_ci openssl x509 -in $< -text -noout > $@ 8121cb0ef41Sopenharmony_ci 8131cb0ef41Sopenharmony_ci.PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify agent6-verify agent7-verify agent8-verify agent10-verify ec10-verify 814