1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
The following command has been used to generate test keys:
for x in 512 2048; do openssl genrsa -out rsa${k}_key.pem $k; done
For the elliptic curve private keys, this command was used:
for k in "prime256v1" "secp384r1" "secp521r1" do
openssl genpkey -algorithm ${k} -out ec_${k}_key.pem
done
and for the CSR PEM (Certificate Signing Request):
openssl req -new -out csr-Xsans_X.pem -key rsa512_key.pem [-config csr-Xsans_X.conf | -subj '/CN=example.com'] [-outform DER > csr_X.der]
and for the certificate:
openssl req -new -out cert_X.pem -key rsaX_key.pem -subj '/CN=example.com' -x509 [-outform DER > cert_X.der]
`csr-mixed.pem` was generated with pyca/cryptography using the following snippet:
from cryptography import x509
from cryptography.hazmat.primitives import hashes, serialization
k = serialization.load_pem_private_key(
open("./acme/acme/_internal/tests/testdata/rsa2048_key.pem", "rb").read(), None
)
csr = (
x509.CertificateSigningRequestBuilder().add_extension(
x509.SubjectAlternativeName([x509.DNSName('a.exemple.com'), x509.IPAddress(ipaddress.ipaddr('192.0.2.111'))]),
critical=False
).subject_name(
x509.Name([])
).sign(
k, hashes.SHA256()
)
)
open("./acme/acme/_internal/tests/testdata/csr-mixed.pem", "wb").write(
csr.public_bytes(serialization.Encoding.PEM)
)
|
