From 0168f18229402b299a3fb3bb6fe3edb8e3ffa7fc Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Tue, 3 Nov 2020 20:01:08 +0100
Subject: added chain processing with intermediate certificates

Basic test chains can be generated manually with openssl, see details in
server/testdata/x509/README.md.
---
 server/testdata/x509/README.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 server/testdata/x509/README.md

(limited to 'server/testdata/x509/README.md')

diff --git a/server/testdata/x509/README.md b/server/testdata/x509/README.md
new file mode 100644
index 0000000..c9f03de
--- /dev/null
+++ b/server/testdata/x509/README.md
@@ -0,0 +1,35 @@
+# Create new certificate chains
+## Initial setup
+```
+$ touch index
+$ echo 1000 > serial
+```
+
+## Root certificate
+```
+$ openssl genpkey -algorithm ed25519 -out root.key
+$ openssl req -new -x509 -config ca.conf -extensions v3_ca -days 4096 -key root.key -out root.pem
+$ openssl x509 -in root.pem -text -noout
+```
+
+## Intermediate certificate
+```
+$ openssl genpkey -algorithm ed25519 -out intermediate.key
+$ openssl req -new -config ca.conf -extensions v3_intermediate_ca -key intermediate.key -out intermediate.csr
+$ openssl ca -config ca.conf -extensions v3_intermediate_ca -days 4096 -in intermediate.csr -notext -out intermediate.pem
+$ openssl x509 -in intermediate.pem -text -noout
+```
+
+## End-entity certificate
+```
+$ openssl genpkey -algorithm ed25519 -out end-entity.key
+$ openssl req -new -key end-entity.key -out end-entity.csr
+$ openssl x509 -req -days 4096 -CA intermediate.pem -CAkey intermediate.key -CAcreateserial -in end-entity.csr -out end-entity.pem
+$ openssl x509 -in end-entity.pem -text -noout
+```
+
+## Make chain
+```
+$ cat end-entity.pem > chain.pem
+$ cat intermediate.pem >> chain.pem
+```
-- 
cgit v1.2.3