diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2019-02-06 21:49:47 -0600 |
|---|---|---|
| committer | Sara Golemon <sara.golemon@mongodb.com> | 2019-03-01 16:06:08 +0000 |
| commit | 987e5fc980b2288371ebd2c133b58466cc646d60 (patch) | |
| tree | dfa2cb994cc27c23964aad50b040e83595b2d338 /jstests/libs | |
| parent | 6b601f1005a683fb5fd6050b8ecb618c49fd6e59 (diff) | |
| download | mongo-987e5fc980b2288371ebd2c133b58466cc646d60.tar.gz | |
SERVER-39217 SecureTransport with Intermediate CA
Diffstat (limited to 'jstests/libs')
| -rw-r--r-- | jstests/libs/server-intermediate-ca.pem | 69 | ||||
| -rwxr-xr-x | jstests/libs/server-intermediate-ca.pem.sh | 33 |
2 files changed, 102 insertions, 0 deletions
diff --git a/jstests/libs/server-intermediate-ca.pem b/jstests/libs/server-intermediate-ca.pem new file mode 100644 index 00000000000..49177236cdf --- /dev/null +++ b/jstests/libs/server-intermediate-ca.pem @@ -0,0 +1,69 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmECFHw+FnGIXPbuzpqG28urvjff3s2tMA0GCSqGSIb3DQEBCwUAMHUx +CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwNTmV3IFlv +cmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVsMRgwFgYD +VQQDDA9JbnRlcm1lZGlhdGUgQ0EwHhcNMTkwMjI3MTY0NjExWhcNMjkwMjI0MTY0 +NjExWjB9MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxFjAUBgNVBAcM +DU5ldyBZb3JrIENpdHkxEDAOBgNVBAoMB01vbmdvREIxDzANBgNVBAsMBktlcm5l +bDEgMB4GA1UEAwwXU2VydmVyIFZpYSBJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCZ7sGixY2OsOTWzB1Ww08iFToqFxdo7/nqoEX6 +kktPVSKdCCCsx55hWcgR0jwIfuXOQWFvD6b50NTmdxRSGodgcv4hcrGqPbyxxEns +2+hKUaULjgOox9wS8aiSSoQtGXEGlyd06coatOMIbPIG/7Txq8NuzCnznby86wkw +ptO21crMa/Q9B0sFzl8DJaGsMcDjoyzN52eJ7xnzDoyDkzLnJZDlK55m1xB2TpPY +0m+0eg2QUUP9KKkQ0oM4rChBgj3FeUlitiIQo6SS1VtgAgQh8Gecfrk4J9cp+W3Q +PoMZWM62WqVfEG3j4Fe2I5QS3R/8SeYYXcohI97ie5LAn2PTAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAFl7XxkK25GRW1J/pBYb6VJ3YiZeK5xVVSltIBoUs12Vq5se +BD05opUfQyfB7Y3CwbiSUcFmr+zqrQMPSgT08dRF+1VarRB5q/Pn3uHOPPGgO5uA +ZNzLjMkEwazKCs5R6+7z6INARW8356PQziYCRyMjBTi2vYghDq6Hji4V7w1n+9l2 +DUCPbAdD35NOv62y6SRBtWwV2zQJ8LSB7zRcQCzxz7e3WZSVv/ztP74huYrPeSpK +7oLAwItP+5o4dc6ApsvTspXb+m46+GU6DG4hdAJ6lX+9P96sHWTkR72lBIPVMs32 +RlD1A0yqVwxoFUKwyeMtmS0ZvX1zh9xxVj1wX/o= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAme7BosWNjrDk1swdVsNPIhU6KhcXaO/56qBF+pJLT1UinQgg +rMeeYVnIEdI8CH7lzkFhbw+m+dDU5ncUUhqHYHL+IXKxqj28scRJ7NvoSlGlC44D +qMfcEvGokkqELRlxBpcndOnKGrTjCGzyBv+08avDbswp8528vOsJMKbTttXKzGv0 +PQdLBc5fAyWhrDHA46Mszednie8Z8w6Mg5My5yWQ5SueZtcQdk6T2NJvtHoNkFFD +/SipENKDOKwoQYI9xXlJYrYiEKOkktVbYAIEIfBnnH65OCfXKflt0D6DGVjOtlql +XxBt4+BXtiOUEt0f/EnmGF3KISPe4nuSwJ9j0wIDAQABAoIBADblWtD9uvoEQ9gG +ewASLwpsn42bJpIZ4vq1pb8ypQDpz6pI175Ggkkdh6gzXY16E+J2lpTQ9C9rNkHq +fai6JUVUPSUYjhu0YLLU2bhKxJCchUuVneB3RhjLbd6eDH048YH0LfIX3iegEsdS +cw3j61e0dcHxtZRX0JNfDqv3EtHE5x76Qm7brfTwVt4O3dKKEodR8WKmIBPhJ/UI +vZWym79doEaHXgFdvn5qxRhxDS4Fm2l22x4apSV/mVYFONoV7RrUkKYxB02DPImM +mVtScNdYEI+LWnUJGFVvxpNYLR6IgoiPaGPFtFCH5X746tpW7Nj4eKHpQcIobEGt +yucbz2ECgYEAzTnvHSRXNeQlX3BntDYxYEjgW6RJGPaaSgI1Ggk6rJeO9XKJdUYQ +WfWgugL9GHmdda0V0CJQXyciarw4AXaGDb7IoxYi7lBhgAFYP2WNX5a6lYdQOyds +HKPxIBYjqNqyy4bnq1sBzDKlIdblluBX7H+lh7NIQykuTGveKtpENw8CgYEAwAQf +rZfaqPM8ppABqfkt1/rhvcpq+M+xN0WewLOQSGzXJdoJSnY263iPUYqVLjsjSr4v +cP8aUsLy7GR1vbyVf6BTBtVA556rcnWccpkEern+Ip2SoJX5UJl7+FhIrQsxrUzI +W6Pzurqa4EYLikigX8h31kkF47oz5EiAQ4ZrZv0CgYA5g/YGhcvHN7RdpgP6VoHK +CUKPjGBMFbix6yJ0tId0HVmcYkgxzLwCajtsRjAmbtb5RtPpK+S4diBIJ43Ooyf4 +rDJQuoB5p59bn4Ta55wSYQzToUOUAH1lHXETXAEMbpZTQfClbnD3iG4NKMvZV/Bs +QG3ktRMYd28ZTdXKzrb1cwKBgQCVIN7FgMHHI5pANmnEbA1px6SZNWNdOFkHd1+z +hAIT7cwuzqcWmLdQrAKLLtlr3WwseYb4+HemPVhTtjYnlRZ617aEAQ32lanMLIHE +EwmCk39HvR+K7s+CBKJen5paIu6DDLYzTiNWK+VrN5tw27UKjvRbjb0wP4Zbzt8n +EnfJtQKBgCPfec6SZ1ptZ1Tfhim2j61AnqMvGSm7drOLI5cMsLE92fEhttb21A7u +i1qy9Qkm4HN4DvqNPc8XVkdn3+qn/TAS30V8G/yrpUFJHSLAikKqyadpiTd60dqR +qrt3S81/HL9Mq0NLuFS9stiBDM2hVWB9dXiX2husS09ZZfXmyvvX +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDcDCCAlgCFDUYb355zUYCIVzHyv83FTWWlFDOMA0GCSqGSIb3DQEBCwUAMHQx +FzAVBgNVBAMTDktlcm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNV +BAoTB01vbmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5l +dyBZb3JrMQswCQYDVQQGEwJVUzAeFw0xOTAyMjcxNjQ2MTFaFw0yOTAyMjQxNjQ2 +MTFaMHUxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEWMBQGA1UEBwwN +TmV3IFlvcmsgQ2l0eTEQMA4GA1UECgwHTW9uZ29EQjEPMA0GA1UECwwGS2VybmVs +MRgwFgYDVQQDDA9JbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCojypRgkrYr12fDrPBsVChLHKXaoKVp+vSITmzxvwhu6iORUeF +nZCUxEDGreZrMF30KLtRNXOGrFlgUhxVdZrqt0YM4BFIJFeoYTuEOPrZVEtF6Qi8 +po+6zms8FBAdtk+zLJ4sRfq1Oqdbh/Fl6k53z/zV6ueRkSVZYArrzNwgUynRGvGN +7PF+ivb4qG8qCo9iKcwp2Ie4k346XyTxMOkzcV+kGmAgmfO+yehmS5XFu62tH1ek +V3BGgU2rbQlty40P0f1EVlF0mWyzzZVSIOUnYZruRsYHwXs1hy+l4otfEcBb76Sk +vLHtPC/nXmf6Vamw86FiJkIRGhwmmeYjHeo9AgMBAAEwDQYJKoZIhvcNAQELBQAD +ggEBAGO+3qQVjmwtjnoJY3DnWV15ySBj4b6Ir1LlKfngXfpfwlksOZaQsg0mLv3S +sNfWK1BgQAZZ6iRxIc+T4stpIe3GppDB+a194s7ZuhXP1HpdEZEjr5CkD5cQ5YKv +OgDry6iGeHnUkaATRHR1iXHCnbAWVkKRNObkcL5Haxa1jLlyiHdMJmqwlfVWVOlx +NlpEz/Nw6eVXE6vOfYx5lRCVxzP4Ym1RH8+D/c+xoixEgXpif5PpEeEP4IYm1xkr +nUCpkvESWaAVGnBpeHUs5WuovyvBrvxBSB6sjIvrr45jLMwX0agJ8rx8RzZ9IShA +WyA3ZWFlGiMWYzxi/2B/z+GhIS8= +-----END CERTIFICATE----- diff --git a/jstests/libs/server-intermediate-ca.pem.sh b/jstests/libs/server-intermediate-ca.pem.sh new file mode 100755 index 00000000000..3860ca899b9 --- /dev/null +++ b/jstests/libs/server-intermediate-ca.pem.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Create an intermediate signing authority and use it to sign a server certificate. +# Run this from the base directory of the server source. +set -ev + +PREFIX="/C=US/ST=New York/L=New York City/O=MongoDB/OU=Kernel" +OPENSSL="/opt/mongodbtoolchain/v3/bin/openssl" + +cd jstests/libs + +# Build intermediate CA. +$OPENSSL req -new -subj "${PREFIX}/CN=Intermediate CA" \ + -keyout intermediate-ca.key -out intermediate-ca.csr \ + -nodes -batch -sha256 -newkey rsa:2048 +$OPENSSL rsa -in intermediate-ca.key -out intermediate-ca.rsa +$OPENSSL x509 -in intermediate-ca.csr -out intermediate-ca.pem \ + -req -CA ca.pem -days 3650 -CAcreateserial + +# Build leaf cert signed by intermediate CA. +$OPENSSL req -new -subj "${PREFIX}/CN=Server Via Intermediate" \ + -keyout server-intermediate-ca.key -out server-intermediate-ca.csr \ + -nodes -batch -sha256 -newkey rsa:2048 +$OPENSSL rsa -in server-intermediate-ca.key -out server-intermediate-ca.rsa +$OPENSSL x509 -in server-intermediate-ca.csr -out server-intermediate-ca.pem \ + -req -CA intermediate-ca.pem -CAkey intermediate-ca.rsa \ + -days 3650 -CAcreateserial + +# Create final bundle and cleanup. +cat server-intermediate-ca.rsa intermediate-ca.pem >> server-intermediate-ca.pem + +rm ca.srl intermediate-ca.srl +rm server-intermediate-ca.key server-intermediate-ca.rsa server-intermediate-ca.csr +rm intermediate-ca.pem intermediate-ca.rsa intermediate-ca.key intermediate-ca.csr |