Mercurial Mercurial > hg / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
tests/sslcerts/README
changeset 29579 43f3c0df2fab
parent 29526 9d02bed8477b
equal deleted inserted replaced
29578:4a4b8d3b4e43 29579:43f3c0df2fab 
     2 
     2 
     3   $ openssl genrsa -out priv.pem 2048
 
     3   $ openssl genrsa -out priv.pem 2048
 
     4 
     4 
     5 Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
 
     5 Generate 2 self-signed certificates from this key (pub.pem, pub-other.pem):
 
     6 
     6 
     7   $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
 
     7   $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
 
     8     openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 -out pub.pem
 
     8     -out pub.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
 
     9 
     9   $ openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 \
 
    10   $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
 
    10     -out pub-other.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
 
    11     openssl req -new -x509 -key priv.pem -nodes -sha256 -days 9000 -out pub-other.pem
 
       
    12 
    11 
    13 Now generate an expired certificate by turning back the system time:
 
    12 Now generate an expired certificate by turning back the system time:
 
    14 
    13 
    15   $ date --set='2016-01-01T00:00:00Z'
 
    14   $ faketime 2016-01-01T00:00:00Z \
 
    16   $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
 
    15     openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
 
    17     openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-expired.pem
 
    16     -out pub-expired.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
 
    18 
    17 
    19 Generate a certificate not yet active by advancing the system time:
 
    18 Generate a certificate not yet active by advancing the system time:
 
    20 
    19 
    21   $ date --set='2030-01-01T00:00:00Z'
 
    20   $ faketime 2030-01-1T00:00:00Z \
 
    22   $ printf '.\n.\n.\n.\n.\nlocalhost\nhg@localhost\n' | \
 
    21     openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 \
 
    23     openssl req -new -x509 -key priv.pem -nodes -sha256 -days 1 -out pub-not-yet.pem
 
    22     -out pub-not-yet.pem -batch -subj '/CN=localhost/emailAddress=hg@localhost/'
 
    24 
       
    25 Note: When adjusting system time, verify the time change sticks. If running
 
       
    26 systemd, you may want to use `timedatectl set-ntp false` and e.g.
 
       
    27 `timedatectl set-time '2016-01-01 00:00:00'` to set system time.
 
       
    28 
    23 
    29 Generate a passphrase protected client certificate private key:
 
    24 Generate a passphrase protected client certificate private key:
 
    30 
    25 
    31   $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
 
    26   $ openssl genrsa -aes256 -passout pass:1234 -out client-key.pem 2048
 
    32 
    27
Mercurial