Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
test: improve https_renew_cert.sh script
- To avoid unnecessarily large diffs, only generate a new private key
  if necessary. Otherwise, reuse the existing private key and only
  issue a new certificate.
- Remove an unnecessary conversion step using openssl rsa and the
  intermediate rsa.pem and csr.pem files.
- Extend the certificate validity from 1 year to 10 years.
- Show a text representation of the issued certificate upon completion
  such that the user can verify the validity.
- Make the script executable.
- Use "#!/usr/bin/env bash" instead of "#!/bin/bash".
- Allow the script to be called from any directory.

Refs: #42342
Refs: #37990

PR-URL: #42343
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
  • Loading branch information
tniessen authored and danielleadams committed Apr 24, 2022
1 parent 7073017 commit 04243a8
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 15 deletions.
20 changes: 10 additions & 10 deletions test/fixtures/keys/selfsigned-no-keycertsign/cert.pem
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIUetgkeY+KShrAfmm5LR+QFsKJWlUwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDMxNTEwMjIxMFoXDTIzMDMx
NTEwMjIxMFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
MIIDATCCAemgAwIBAgIUb32MablwTzVJh3UQXwdun9pBoF0wDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDMxNTE2MzQwOFoXDTMyMDMx
MjE2MzQwOFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA11wz7hAhdN072sp2aTySdsla65aZT10L1o74JNBZmMye
DSq7Lbbvqq8XuLlwogS0ACAQVEjL7GPVMgJwzRytdaSWdzr26dftPCL3m1h8azU/
Bs1nafHWhi3rx8RQnLfyusq0fThR9Xd3xfjDuaqhoa7Nc36XbG98XWkgxpm2R7wR
pLyNT9K2Ixvry9orZicTxv0Zyq+tD3CzSEch5OCApVZNaqEcIDgiN1zE/zqIe83v
9+NYpLo61yPiqqedCqZaKp037uwJCp/RL9g6bh7IFDGZcNFv3k0xjZB4BVm4BZMp
SlbI49hncVIJZNB7qWt5ilCzEbwOhgLt6Y3Yh8rgMwIDAQABo0swSTALBgNVHQ8E
BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4wHIIJMTI3LjAuMC4x
gglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAACPB26XVV99W575
p2iE1qHYAK6KCDrLyJTi0epITgzP5mAXv9aoq14qldvz4ryZp7X5R4rVvezPmfwk
NWTgCzFkVbGDozdrcmaXx1sAx1guxJMTpU+DkIw1cahD9UdqI6Dr5rVlGcZvdh9S
w0Q4fU6zSfp5e8wfGUxXaWqNpBzX0Z9VeHo3Rjgt6+V+9xSwEirE+5tzwy5MaMTs
N5nJbJH6YOBVUDsOszPX+2TcWvebMGkViN2qkSu8Kwxge5Ijbwb3tWMFByaaiWUp
XaRH77CoVU39LKj0u/M/GiHJ5FhR//7UqqtOqk2+keGNv61s/iBGKMdjbm7b2pJT
EYIl4lo=
gglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAEEXVnMzax6vmGPY
TNNK6HJuN8xUUbEKVHKPDTwKbn2ZPQRGNOs4CJ5vVc1h2tU1mfgg20FZzPqZ+y9N
hIFIaESTpX881NXM87aE21Gqo4rS66lubcoEUHWeY1+/LcdD6Gh/Ur0V4CBORZjA
W/H1nASZQKQLMHIkriopbclMQPOsUYM11JxLsTH6hOPCJRM5cl1K1KsHWY2yJ656
Gw9IX0NBTak0flEAL/JQkFlm2PRFJhWShPBHsC8/AWBcvgJH/0noNnDS5vAtCWa6
rJO6SoHFJwWK3xCVU2YsC6No2DrAukyqEdN8arifJ/2hEjx1XAfockNsWzrT1mB5
EpLq2L0=
-----END CERTIFICATE-----
17 changes: 12 additions & 5 deletions test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh 100644 → 100755
@@ -1,6 +1,13 @@
#!/bin/bash
openssl genrsa -out rsa.pem 2048
openssl rsa -in rsa.pem -out key.pem
openssl req -sha256 -new -key key.pem -out csr.pem -subj "/CN=localhost"
openssl x509 -req -extfile cert.conf -extensions v3_req -days 365 -in csr.pem -signkey key.pem -out cert.pem
#!/usr/bin/env bash
set -euo pipefail
shopt -s inherit_errexit

cd -- "$(dirname -- "${BASH_SOURCE[0]}")"

if [ ! -f key.pem ]; then
openssl genrsa -out key.pem 2048
fi

openssl req -sha256 -new -key key.pem -subj "/CN=localhost" | \
openssl x509 -req -extfile cert.conf -extensions v3_req -days 3650 -signkey key.pem -out cert.pem
openssl x509 -in cert.pem -noout -text

0 comments on commit 04243a8

Please sign in to comment.