diff options
author | Patrick Freed <patrick.freed@mongodb.com> | 2018-10-25 12:24:27 -0400 |
---|---|---|
committer | Patrick Freed <patrick.freed@mongodb.com> | 2018-11-02 18:46:38 -0400 |
commit | d7ac4da9c4167a55040986502af0451736e7f94d (patch) | |
tree | b730dced580eb5d1a661917ecc3d46d2c85d7b87 /jstests/libs/README.ssl | |
parent | b2f8859fbb0fd0aaaf96dcd1451df3b9844c2eb1 (diff) | |
download | mongo-d7ac4da9c4167a55040986502af0451736e7f94d.tar.gz |
SERVER-36619 Test that ECDSA certificates can be loaded by OpenSSL on Linux
Diffstat (limited to 'jstests/libs/README.ssl')
-rw-r--r-- | jstests/libs/README.ssl | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/jstests/libs/README.ssl b/jstests/libs/README.ssl index 1e230e730ff..662f64aed18 100644 --- a/jstests/libs/README.ssl +++ b/jstests/libs/README.ssl @@ -17,7 +17,24 @@ cat client-multivalue-rdn.rsa >> client-multivalue-rdn.pem rm ca.srl client-multivalue-rdn.key client-multivalue-rdn.rsa client-multivalue-rdn.csr --------------------------- +ecdsa-*.pem are ECDSA signed certificates: +generate an ec-key (from a well known curve) +opensl ecparam -name prime256v1 -genkey -out mykey.key + +create certificate request +openssl req -new -key mykey.key -out mycsr.csr + +sign key and generate certificate +openssl x509 -req -days 3650 -in mycsr.csr -CA ecdsa-ca.pem -CAcreateserial -out mycrt.crt -sha256 + +to include SANs in the certificate, instead run +openssl x509 -req -days 3650 -in mycsr.csr -CA ecdsa-ca.pem -CAcreateserial -out mycrt.crt -sha256 -extfile <(printf "subjectAltName=DNS:localhost,DNS:127.0.0.1") + +combine key and certificate +cat mycrt.crt mykey.key > mycrt.pem + +--------------------------- The other ceriticates in this directory come from x509gen. How to generate a certificate with a custom extension: |