added chain processing with intermediate certificates

Basic test chains can be generated manually with openssl, see details in
server/testdata/x509/README.md.

1 files changed, 35 insertions, 0 deletions

diff --git a/server/testdata/x509/README.md b/server/testdata/x509/README.md
new file mode 100644
index 0000000..c9f03de
--- /dev/null
+++ b/server/testdata/x509/README.md
@@ -0,0 +1,35 @@
+# Create new certificate chains
+## Initial setup
+```
+$ touch index
+$ echo 1000 > serial
+```
+
+## Root certificate
+```
+$ openssl genpkey -algorithm ed25519 -out root.key
+$ openssl req -new -x509 -config ca.conf -extensions v3_ca -days 4096 -key root.key -out root.pem
+$ openssl x509 -in root.pem -text -noout
+```
+
+## Intermediate certificate
+```
+$ openssl genpkey -algorithm ed25519 -out intermediate.key
+$ openssl req -new -config ca.conf -extensions v3_intermediate_ca -key intermediate.key -out intermediate.csr
+$ openssl ca -config ca.conf -extensions v3_intermediate_ca -days 4096 -in intermediate.csr -notext -out intermediate.pem
+$ openssl x509 -in intermediate.pem -text -noout
+```
+
+## End-entity certificate
+```
+$ openssl genpkey -algorithm ed25519 -out end-entity.key
+$ openssl req -new -key end-entity.key -out end-entity.csr
+$ openssl x509 -req -days 4096 -CA intermediate.pem -CAkey intermediate.key -CAcreateserial -in end-entity.csr -out end-entity.pem
+$ openssl x509 -in end-entity.pem -text -noout
+```
+
+## Make chain
+```
+$ cat end-entity.pem > chain.pem
+$ cat intermediate.pem >> chain.pem
+```