"Fossies" - the Fresh Open Source Software Archive

Member "memcached-1.6.15/t/README-TLS.md" (21 Feb 2022, 1873 Bytes) of package /linux/www/memcached-1.6.15.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

Certificates creation process

The following certificates are used in tests, that assume expiration date to always be in the future, so instead of a normal cert validity of 1-5 years. we use 500 years here.

Create certificate authority key and certificate

$ openssl genrsa -out cakey.pem 2048
$ openssl req -x509 -new -nodes -key cakey.pem -sha256 -days 182500 -out cacert.pem \
    -subj "/CN=Test Root Certificate Authority/ST=CA/C=US/emailAddress=root@test.com/O=Test/OU=Test Department"

Create server key and certificate

$ openssl genrsa -out server_key.pem 2048
$ openssl req -new -sha256 -key server_key.pem \
    -subj "/C=US/ST=CA/O=Test/OU=Subunit of Test Organization/CN=test.com/emailAddress=root@test.com" \
    -addext "subjectAltName=DNS:test.com,DNS:alt.test.com" \
    -out server_crt.csr
$ openssl x509 -req -in server_crt.csr -CA cacert.pem -CAkey cakey.pem \
    -extfile <(printf "subjectAltName=DNS:test.com,DNS:alt.test.com") \
    -CAcreateserial -out server_crt.pem -days 182500 -sha256 -text

Create client key and certificate

$ openssl genrsa -out client_key.pem 2048
$ openssl req -new -sha256 -key client_key.pem \
    -subj "/C=US/ST=CA/O=Test Client/OU=Subunit of Test Organization/CN=client.test.com/emailAddress=root@client.test.com" \
    -addext "subjectAltName=DNS:client.test.com,DNS:alt.client.test.com" \
    -out client_crt.csr
$ openssl x509 -req -in client_crt.csr -CA cacert.pem -CAkey cakey.pem \
    -extfile <(printf "subjectAltName=DNS:client.test.com,DNS:alt.client.test.com") \
    -CAcreateserial -out client_crt.pem -days 182500 -sha256 -text

NOTES: *.csr files are certificate signing requests which are needed in order to sign certificates with signing authority. -CAcreateserial option creates one file which we do not need but openssl does. You can delete it after you are done.