diff options
author | Steffan Karger | 2017-06-18 12:57:40 +0200 |
---|---|---|
committer | Gert Doering | 2017-06-18 13:47:42 +0200 |
commit | 3d215d4c9d107fa153082e2bba8a3a9c8865be5d (patch) | |
tree | 82f9a35204469877009edb59ce4c8682d5d8120b /sample | |
parent | 3fd07c31fe8878dc75e760d151d291379c0f8743 (diff) | |
download | openvpn-3d215d4c9d107fa153082e2bba8a3a9c8865be5d.zip openvpn-3d215d4c9d107fa153082e2bba8a3a9c8865be5d.tar.gz |
Add a DSA test key/cert pair to sample-keys
Makes it easier to test changes to DSA-related code.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170618105740.10090-1-steffan@karger.me>
URL: https://www.mail-archive.com/search?l=mid&q=20170618105740.10090-1-steffan@karger.me
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'sample')
-rwxr-xr-x | sample/sample-keys/gen-sample-keys.sh | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh index 301cff2..920513a 100755 --- a/sample/sample-keys/gen-sample-keys.sh +++ b/sample/sample-keys/gen-sample-keys.sh @@ -61,6 +61,22 @@ openssl ca -batch -config openssl.cnf \ openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl +# Create DSA server and client cert (signed by 'regular' RSA CA) +openssl dsaparam -out sample-ca/dsaparams.pem 2048 + +openssl req -new -newkey dsa:sample-ca/dsaparams.pem -nodes -config openssl.cnf \ + -extensions server \ + -keyout sample-ca/server-dsa.key -out sample-ca/server-dsa.csr \ + -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-DSA/emailAddress=me@myhost.mydomain" +openssl ca -batch -config openssl.cnf -extensions server \ + -out sample-ca/server-dsa.crt -in sample-ca/server-dsa.csr + +openssl req -new -newkey dsa:sample-ca/dsaparams.pem -nodes -config openssl.cnf \ + -keyout sample-ca/client-dsa.key -out sample-ca/client-dsa.csr \ + -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-DSA/emailAddress=me@myhost.mydomain" +openssl ca -batch -config openssl.cnf \ + -out sample-ca/client-dsa.crt -in sample-ca/client-dsa.csr + # Create EC server and client cert (signed by 'regular' RSA CA) openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1 |