Browse Source

Add client-absolute-urn.pem to renewcerts.sh

Kareem 1 year ago
parent
commit
5b08b016af
2 changed files with 28 additions and 0 deletions
  1. 21 0
      certs/renewcerts.sh
  2. 7 0
      certs/renewcerts/wolfssl.cnf

+ 21 - 0
certs/renewcerts.sh

@@ -24,6 +24,7 @@
 #                       test/digsigku.pem
 #                       ecc-privOnlyCert.pem
 #                       client-uri-cert.pem
+#                       client-absolute-uri.pem
 #                       client-relative-uri.pem
 #                       client-crl-dist.pem
 #                       entity-no-ca-bool-cert.pem
@@ -112,6 +113,26 @@ run_renewcerts(){
     #openssl ec -inform pem -in certs/ecc-key.pem -outform der -out certs/ecc-keyPub.der -pubout
     openssl ec -inform pem -in certs/ecc-key.pem -outform pem -out certs/ecc-keyPub.pem -pubout
 
+    ############################################################
+    #### update the self-signed (2048-bit) client-absolute-urn.pem
+    ############################################################
+    echo "Updating 2048-bit client-absolute-urn.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\\nMontana\\nBozeman\\nwolfSSL_2048\\nABSOLUTE_URN\\nwww.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key client-key.pem -config ./wolfssl.cnf -nodes -out client-cert.csr
+    check_result $? "Step 1"
+
+
+    openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions absolute_urn -signkey client-key.pem -out client-absolute-urn.pem
+    check_result $? "Step 2"
+    rm client-cert.csr
+
+    openssl x509 -in client-absolute-urn.pem -text > tmp.pem
+    check_result $? "Step 3"
+    mv tmp.pem client-absolute-urn.pem
+    echo "End of section"
+    echo "---------------------------------------------------------------------"
+
     ############################################################
     #### update the self-signed (2048-bit) client-relative-uri.pem
     ############################################################

+ 7 - 0
certs/renewcerts/wolfssl.cnf

@@ -296,6 +296,13 @@ authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints=CA:false
 subjectAltName=URI:https://www.wolfssl.com
 
+# test parsing absolute URN
+[ absolute_urn ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:false
+subjectAltName=URI:urn:example:test
+
 # test parsing relative URI
 [ relative_uri ]
 subjectKeyIdentifier=hash