From 1dd83f9776d42157b5647329412603db73cdddb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 15 Mar 2022 11:19:14 +0000 Subject: [PATCH] test: improve https_renew_cert.sh script To avoid unnecessarily large diffs, only generate a new private key if necessary. Otherwise, reuse the existing private key and only issue a new certificate. Extend the certificate validity from 1 year to 10 years. Show a text representation of the issued certificate upon completion such that the user can verify the validity. Refs: https://github.com/nodejs/node/pull/42342 Refs: https://github.com/nodejs/node/pull/37990 --- .../keys/selfsigned-no-keycertsign/.gitignore | 1 + .../keys/selfsigned-no-keycertsign/cert.pem | 33 ++++++++++--------- .../https_renew_cert.sh | 9 ++--- 3 files changed, 23 insertions(+), 20 deletions(-) create mode 100644 test/fixtures/keys/selfsigned-no-keycertsign/.gitignore diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore b/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore new file mode 100644 index 00000000000000..818cfbe2fdb895 --- /dev/null +++ b/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore @@ -0,0 +1 @@ +csr.pem diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem b/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem index c0829b82caf8d3..31720eac562437 100644 --- a/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem +++ b/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem @@ -1,18 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIC9jCCAd6gAwIBAgIJANHflGRpZM1IMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV -BAMMCWxvY2FsaG9zdDAeFw0yMTAzMTUwOTEzMjdaFw0yMjAzMTUwOTEzMjdaMBQx -EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBANMt6TLw9gIxucRgZBn8owavEIMAddxMTjkHiR7jGfaBrvvVTB8ymsIizw/Q -KTANmu2r3EOqeR9Ht25KZFKxOKCDMd3aKHht38HInXIF6CQe8c5P0xsVKZAWkell -8ohL05EsFpcrJODIdHfaovODrtX8w1WexqDsUoPQdEk7pISJ2HhmXzpf7QmV00Ux -8J+64v2pTg8/C9VgpSgxE4oXlfJEqdSIAzGDT+VX96GWXTh7QqLjiQ9T96QHUJEn -Bx0Sr4rO9mY2lOQG408QuCLR/ng2J+lYx+03SC8Lq7lrtt4M06Ffr8TQRgpDAjkU -0YitbuysD5XgtCeFq0Fi3v1z700CAwEAAaNLMEkwCwYDVR0PBAQDAgWgMBMGA1Ud -JQQMMAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCCTEyNy4wLjAuMYIJbG9jYWxob3N0 -hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQDAUCt/8Le2EO0ONOkQYUcPmSut6Siz -UIQrJ8Lwfs0fb+Zk9ElNGLwYTzooKDgzK8cLQ8g8F2WkolBEPXDsy1Ab+e66WkJH -NH/zAgEyG6cXXRNc+ObM5KbjY0YuDGiajKcndknuuCB+onlC1Pv5oFUSNa3/06+S -sziFloGbg5S0AHT6lYnwZSM6G7Pre8mcRNRxL6Yw1FOOUpQZKPd7juy4GBRlCucn -wmp/Fl0wIBDs91Vprig2TO+U6GvtqJ3n/RKXUz1ykUKETtRneSkqa6hFYjwRzawd -ANpjy/orrVkqXriAbI/1xvBMInWdcMpXNeiOkxQeQdy8TLBk0ZViSJnf +MIIDATCCAemgAwIBAgIUP43Bp80IGab48gk9ijW6oVGj0PMwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDMxNTExMTgxOVoXDTMyMDMx +MjExMTgxOVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA0y3pMvD2AjG5xGBkGfyjBq8QgwB13ExOOQeJHuMZ9oGu ++9VMHzKawiLPD9ApMA2a7avcQ6p5H0e3bkpkUrE4oIMx3dooeG3fwcidcgXoJB7x +zk/TGxUpkBaR6WXyiEvTkSwWlysk4Mh0d9qi84Ou1fzDVZ7GoOxSg9B0STukhInY +eGZfOl/tCZXTRTHwn7ri/alODz8L1WClKDETiheV8kSp1IgDMYNP5Vf3oZZdOHtC +ouOJD1P3pAdQkScHHRKvis72ZjaU5AbjTxC4ItH+eDYn6VjH7TdILwuruWu23gzT +oV+vxNBGCkMCORTRiK1u7KwPleC0J4WrQWLe/XPvTQIDAQABo0swSTALBgNVHQ8E +BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4wHIIJMTI3LjAuMC4x +gglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAMMW1VNLj+1jZfIU +DtZcR70RgAJ4SyOU4XqhmYOLloRZYFZAbkVN63RT0miiEiBsBDoh0OokT6ZkS7oz +uK1vmM+zBW1GOd12YkbtEXK3ej/xG1sWu/iESqpAcX1k4A9lG+JqGJtyMot9F1an +7ymSqH6QH0pi/jmdHdeo/ED9rjZsHvhJvWv19qN2gG36NIg3sm6U2MwqPHaXaTt9 +AdxtOgfKJLYhZqQtK9Uap8gn2vXoM6lp4/Ut6tXv74Z3ef2MOKE+9x7r2mBwLXin +9Ldn4aYU7+9z3lSexFHzJlyPBf/6Cc3E7Kbg+FHwTTQkKuTnsSxC04+Rp/dP3B41 +30utgNk= -----END CERTIFICATE----- diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh b/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh index 092f27a8867cbb..9e7aefda8a90ed 100644 --- a/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh +++ b/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh @@ -1,6 +1,7 @@ #!/bin/bash -openssl genrsa -out rsa.pem 2048 -openssl rsa -in rsa.pem -out key.pem +if [ ! -f key.pem ]; then + openssl genrsa -out key.pem 2048 +fi openssl req -sha256 -new -key key.pem -out csr.pem -subj "/CN=localhost" -openssl x509 -req -extfile cert.conf -extensions v3_req -days 365 -in csr.pem -signkey key.pem -out cert.pem - +openssl x509 -req -extfile cert.conf -extensions v3_req -days 3650 -in csr.pem -signkey key.pem -out cert.pem +openssl x509 -in cert.pem -noout -text