liiir1985
7f62dcda9f
|
||
|---|---|---|
| .. | ||
| README.md | ||
| audio_ref_dev_test_chain_3.pem | ||
| cast_crl_test_root_ca.pem | ||
| cast_root_ca.pem | ||
| cast_test_root_ca.pem | ||
| chromecast_audio.pem | ||
| chromecast_gen1.pem | ||
| chromecast_gen1_reissue.pem | ||
| chromecast_gen2.pem | ||
| expired_root.pem | ||
| extensions.conf | ||
| fugu.pem | ||
| mtk_audio_dev.pem | ||
| nc.pem | ||
| nc_fail.pem | ||
| policies_ica_anypolicy_leaf_anypolicy.pem | ||
| policies_ica_anypolicy_leaf_audioonly.pem | ||
| policies_ica_anypolicy_leaf_foo.pem | ||
| policies_ica_anypolicy_leaf_none.pem | ||
| policies_ica_audioonly_leaf_anypolicy.pem | ||
| policies_ica_audioonly_leaf_audioonly.pem | ||
| policies_ica_audioonly_leaf_foo.pem | ||
| policies_ica_audioonly_leaf_none.pem | ||
| policies_ica_none_leaf_anypolicy.pem | ||
| policies_ica_none_leaf_audioonly.pem | ||
| policies_ica_none_leaf_foo.pem | ||
| policies_ica_none_leaf_none.pem | ||
| rsa1024_device_cert.pem | ||
| rsa2048_device_cert.pem | ||
| test_tls_cert.pem | ||
| unchained.pem | ||
| violates_root_pathlen_constraint.pem | ||
| vizio.pem | ||
README.md
Generating Certificates
Name Constraints Examples
The following commands were used along with extensions.conf to generate the
certificates in nc.pem and nc_fail.pem.
# Once for each certificate.
$ openssl genrsa -out keyN.pem 2048
$ openssl req -new -key keyN.pem -out certN.csr
# <extension> will be v3_ca_nc for the intermediate and v3_req for the device.
$ openssl x509 -req -in certN.csr -CA certN-1.pem -CAkey keyN-1.pem
-CAcreateserial -extensions <extension> -extfile extensions.conf -out
certN.pem -days 365 -sha256
Note: it looks like openssl req also accepts extensions via -reqexts but
there is a known bug in openssl where extensions are transferred between CSRs
and X509 certs.