forked from nappa/usoca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
58 lines (37 loc) · 1.83 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
UsoCA is a set of private/public key pairs and certificates
for test TLS servers and clients.
CA chains have designed to have very similier structure of
Verisign's (and other major Certificate Authority's) one,
like this:
Root CA ---> Server CA ---> Server certificate
Several strengths are available for benchmarking
included in each directory:
rsa2048 - RSA 2048bits Cert & Private Key
rsa4096 - RSA 4096bits Cert & Private Key
Each directory has PEM-formatted keys and certificates:
rootca_key.pem - private key of the root CA
rootca_cert_sha256.pem - Root CA self-signed certificate
(RSAWithSHA256Encryption)
serverca_key.pem - private key of the server CA
serverca_cert_sha256.pem - server CA certificate
(RSAWithSHA256Encryption)
server_key.pem - private key of the sample server
server_cert_sha256.pem - sample server certificate
(RSAWithSHA256Encryption)
for example, to obtain a certificate on your server by 'certtool'
command (included in GnuTLS),
1. Choice the strength of the chain and go to the directory.
cd rsa2048
2. Copy the example certificate config
cp server.cfg yourserver.cfg
3. Edit it.
vim yourserver.cfg
(don't forget to change 'cn' field to your server's FQDN)
4. Generate private key
certtool --generate-privkey --outfile yourserver_key.pem --bits 2048
5. Sign it and done.
certtool --generate-certificate --load-privkey yourserver_key.pem \
--outfile yourserver_cert_sha256.pem \
--load-ca-certificate serverca_cert_sha256.pem \
--load-ca-privkey serverca_key.pem \
--template yourserver.cfg --hash sha256