Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve UX around certificate errors #118

Merged
merged 4 commits into from
Aug 9, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions fixtures/chain-intermediate.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC/DCCAeSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJVEVT
VC1yb290MB4XDTIzMDgwMTAxNDUxM1oXDTI0MDczMTAxNDUxM1owHDEaMBgGA1UE
AwwRVEVTVC1pbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYpxiPSJIcdHoDlt6fueRkX8zBC5u9aItDrStM6/VGQRM/NmeAWB/ek1pU
749TaPUAcx5uoMaP2FKqnUN9sExslD5cLY5c/ixAfxBw6dLL3oYHB5vgwr5YUyS2
AHVnomYS4hXW1nhqK9oEBmx5MQzb7FFKXpamrOsGVMfVjROek/wz3YoW8fE30A8r
Zezc0uxkAyq7GQ4+ur/Em8qGhA7YXGmoHd4+h2PpU2Co8iW6i5Mftt8DfSFHFCyt
Yu9xMhX2o8HckPUXQTKVAcOY/S2JjpFdwjX6cc9iDZ3+ETMtIUtv+MSICaTU7PLv
eHAl5nodMctAI9+NaQkO81z8XdoZAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYD
VR0OBBYEFEuSnkkMoeox4UP07oJsZGcEMYAWMB8GA1UdIwQYMBaAFBBrunbDxn3d
ZwfysAIt6DjRylEIMA0GCSqGSIb3DQEBCwUAA4IBAQB00UMFcTDyDUidWamh/fzS
Z6pv2ms0mKHXeVYdqUGtWPjl9uocWGJXdgD3C77Ifpx02zayhtpdfSvvajyEnTAd
XPM8jb/VBXpgW7wA7vMRoewvXLG4xITbh+HXKhDh1n+KLAJLSB4uBrmbmx1/pgpM
rXJPAGv4ARzkozcs98qWND3dWAjDNn+7Wxb0wVhcYgrmvyQyNAUdgYImxZSqn7rR
sP5rr7FbAZLGSHx0h9hzav3XuWRv7+mn1m9QplsvaJV2EehiY92C0JmNHt9BvMcX
XTWGWgXMVeacm/0W+3XmQWtltDnBQq8fUsEy0Uts6fJdD/5tEmvYfwEtpomxdFds
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions fixtures/chain-intermediate.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDYpxiPSJIcdHoD
lt6fueRkX8zBC5u9aItDrStM6/VGQRM/NmeAWB/ek1pU749TaPUAcx5uoMaP2FKq
nUN9sExslD5cLY5c/ixAfxBw6dLL3oYHB5vgwr5YUyS2AHVnomYS4hXW1nhqK9oE
Bmx5MQzb7FFKXpamrOsGVMfVjROek/wz3YoW8fE30A8rZezc0uxkAyq7GQ4+ur/E
m8qGhA7YXGmoHd4+h2PpU2Co8iW6i5Mftt8DfSFHFCytYu9xMhX2o8HckPUXQTKV
AcOY/S2JjpFdwjX6cc9iDZ3+ETMtIUtv+MSICaTU7PLveHAl5nodMctAI9+NaQkO
81z8XdoZAgMBAAECggEAT8s/MuqWEc/ebnr/FJIJKeTUy1bkrd6WyD6733FaXV0z
Ywk9FpqeZkIcN4Mh5SUXc2pyz2j8qNcSH0+bn2uywhzZWObYc6yTjM+ftQ6Rek/D
SkyFn0LqiypYL4Y8t4YrFRJa280S/XuYKPpaskocA9XmXL84ujueti68iQ0UKEeH
5dWNveO40q2jLMTHQyB/+IdPtKqrpTd5CWKsRxIAO78hv+iQSEIAReEmdtUVXCTK
5YhWDkfqNcvQ2+LWz+W0ISbsoKILiTbRxIJGpOGKSkBhVTgYlywyYaUVqISHqwuh
fbhGzLFQ+eF1RLrtcqhkGTAH2zg6fHD7sZUSkG4kVwKBgQD82plKYXIorp4Vzgma
DhSJJtmSbJGcYtTNVhaq3AFTBmbnvWuCQea7Iugo+vhoA+man60XilWdgmarwPUQ
pjRPDQu3DG41el6fik9obtiXi/lqK40z1v3HbofMRmXM5MgLDYc/b1qX+Y8qAYlJ
05hC5REZRgNFmCuarfW8jKwTewKBgQDbWTAEbYnZ9QlVdO1thQI401rgywRmdBow
Yd7IxkztPFknwW0CtqmodqW3TPUhebX1BJlS6GfBONFCgBfT6gC4SH1a1X7E0U0M
GBYQ3lyddZYs+axM3sF5jCcUKZB4HD8Bvgs1uN/G+lIEG76Ke5Xd0OIX6b2GL8+3
iwIs0kIaewKBgE8Uy1ahDYQ9wMGPFB+zgaa3mNqbzBq+KlIiN6qubleaK/sUmhg+
JjynGTcf7ysQ9jHe+NLg+A/wJc5X5g2T/c4vhVd1ss5U/F0nc9h0upcDNzmGb34k
InEKV7yC0/n2H76dN4yWdh4L9kOsAVUusXNSkzt1Uzaj9hdFixKyaGsbAoGANXzJ
HbtMSy7aaNFLeFJf2VWIqpo253jWTgf/mHvqlEsL/orHN0stkdvkyw7kE5anTSki
7jmn21EsjgfIR6+fH1Dl6Hl5IStcm19gOhrPAMKErVDwuAn1qdsISH1eMjvJDXa3
KxF61/2AdGoDi6dZQy7Fg0lHIuqTv1ERZbab0fMCgYB2r7XmVoWI0rIU2ptCFqwO
KvBq8nwY/Nh10ETSGxLt77OSJJdQCcmzHuKc2Xb6mEqOj/lBZJibGrJcEHyGQTLg
RAYUR4wsGtrV3Lh0TSEV7aAjo/+hoOwsjJ7SW6BLphaBjJKfPKx6mGKSrS/W8R73
F1SDXNNKT6Wg/XNKG9Pdow==
-----END PRIVATE KEY-----
20 changes: 20 additions & 0 deletions fixtures/chain-leaf.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRVEVT
VC1pbnRlcm1lZGlhdGUwHhcNMjMwODAxMDE0NTEzWhcNMjQwNzMxMDE0NTEzWjAU
MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCiLsCk5U0Xb0VSRaHJNd1q/X2aAgf7EPGi/4ul6XpZp8gT3iRu6sErsRc3
3JS2svKRN0eRMXduvTO3q9S6aGgMAZUzy7jlDUzgRu8AckEiOATxfvb+4Bz0zGy/
pVw0bIUiYDMOeJ8RgX0MVT6NrBTztDAj6npTXrtRYzD+SoOq4NkVYCxzDAJtO1+Q
Ie59WJGCK5wz+VjfUbJbxbpQFs1de17uq3LrE6BqksKiZsIgd4vGAembsrIm8Z5U
v3bAJukLFtlL380sCrhRM84IelbSPKQLTjAwPcVFvgC+SS0ezD3I5Og2FcZqVnLS
yjAsCmeq5FENll1y66i3QxK0XtQ7AgMBAAGjgYUwgYIwCwYDVR0PBAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAUBgNVHREEDTALgglsb2NhbGhv
c3QwHQYDVR0OBBYEFAv7QgX2lWUAOdbV2sSERShHfiAxMB8GA1UdIwQYMBaAFEuS
nkkMoeox4UP07oJsZGcEMYAWMA0GCSqGSIb3DQEBCwUAA4IBAQBf5R8Jq11jmEV1
0i7hNPDp6wDknG7IGO7En3yShvEaXAPZlRpGzJuJ39KDz9Qb/imi5juP/i701Tee
OjvKOH5NGGklwIlzlmbNvtZNuZQAKpAUza0dKu1rPF6OZl65rmyYr2LVWyal9XUK
GGxhyB8A0+5W4XnNjAHDkpNI1yR3DcB+WtSeybAPQrTUSZxpMNRCUMG/Ph+dBfdz
5qC+kmDQoWB+G710CEdGfobkDPzYTq3obbjpBuOUqxBJHqAK8SFAjPkEcnr1GKvG
9DDOojHM6GBYp9k8vSof3P7ptrjTHDjz5ItjGCCohk1zAIwRT2fTE1TOwI2qvYxo
395vKvYI
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions fixtures/chain-leaf.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCiLsCk5U0Xb0VS
RaHJNd1q/X2aAgf7EPGi/4ul6XpZp8gT3iRu6sErsRc33JS2svKRN0eRMXduvTO3
q9S6aGgMAZUzy7jlDUzgRu8AckEiOATxfvb+4Bz0zGy/pVw0bIUiYDMOeJ8RgX0M
VT6NrBTztDAj6npTXrtRYzD+SoOq4NkVYCxzDAJtO1+QIe59WJGCK5wz+VjfUbJb
xbpQFs1de17uq3LrE6BqksKiZsIgd4vGAembsrIm8Z5Uv3bAJukLFtlL380sCrhR
M84IelbSPKQLTjAwPcVFvgC+SS0ezD3I5Og2FcZqVnLSyjAsCmeq5FENll1y66i3
QxK0XtQ7AgMBAAECggEAAmfHG6r69boEwS+fMqjF2+xejIYzMBoUO2Km45MO6X1/
jivhRnPc4ZUCzyVKX1tQFa9INHMTXmUX+0VlJk6eHG95kwcWeu8zkK/8o3kOVj+W
cy5641TXmRnfEwiU0YI6h0P9/dz0HwJYpHIvN1KyDNtDS4USw2HITXC3LU5VnZcq
FWdjKTQNdnm5AamTyov2SXb9LKJkxicCKxyJODuMYWe6MX0G51DUvmfWr5bQ3VbD
eOG1Nf1g2pSaDA+xYTeLwrn/LvdATzXsvQZdD2y5u3m11WZFoczHA6MNciyt5Jk2
kkXJlfxn10A3GXsedWxE1mq/VZ3l+vO311mdoqRiIQKBgQDQLxlkmmy3lbbNfVZc
yr8+7dal1puBTc2ZfIq7Kr4ZSCXaVO41hLpi299OY1UEOdoKfnFBg6c1icDuSfvi
MivU9a70h0XBTJXTYK+6FWXoRsiF9Ale/JmgMU/n0QiWoHMoi+jsXgQZ1WyUXcR6
45HDbzfSnZIKrTyfJu8LuT9arwKBgQDHbtgDvXA8ewZJi0RWq0oXNS5XYr9ySe94
LpWCoXT8hgeqNM8Ly43mUXHZiGsrbIHmgkAKJhylthc9CUCRJ4w0JL7UtkPZtcgi
UaydfJ4io9Sx0KgZ38e/1bq3rolC7kESNpGeJHMrF4hUAI2gEgZEtf0m5rzKpaGo
4yu8HVtSNQKBgBTi1MpaD9QvSgK9s19l2+AFXoaOzFUhqCHg884pUJ8atOl9odRu
t4BZjMLBhnMBFtX8r4IiIjFl25xMgd/Eps8bwuy3cZEeDN4DEj46DVpLV6zQuev0
rbj7mYepWhI6kLMdrkWgfQrWdalA6whlMmeIDfKsak116eIRtuPXNvrzAoGAUVHW
TTgaot67QpPCCuEPdgUeX02JqO2S8ttz5W82h52TVIjx/+pBcy+0j7H7mRpGoZps
yHaf6cYlFaNHK6kHl1+AXLXxVr2z3KKXEyR0SsWo/dSKJvrDtWpOF4XYvGzwJaAQ
on5UY7bVxQLwvNt8qNnYXttpEeyVzYrME4mY6h0CgYBBVY08DRSkrrBwiY9sQWbF
XVdWuffdLuuI27lVcBl0UwJh37EwXN0fsWhZ3upAitAzE3aBNwF5KHvq00yCsMKr
A4bo7DeckePIfCAxdvp8kAuq+NwW8tkpMcqeb1ja2TPrgSy9eyHingzvMtYNDTxB
i45lVy8xNJU85Fmzex0B0g==
-----END PRIVATE KEY-----
18 changes: 18 additions & 0 deletions fixtures/chain-root.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC5TCCAc2gAwIBAgIUXtcOjsFS175nGr07+htPEPGe2bYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJVEVTVC1yb290MB4XDTIzMDgwMTAxNDUxM1oXDTMzMDcy
OTAxNDUxM1owFDESMBAGA1UEAwwJVEVTVC1yb290MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA1cgfqUNIP0L356sUVEieG0ObtMDrnwnEXGSXX7c3dlSd
oiXJStYDsC+DbyV2+yV24sgkDJM2YwuWvKntHb56hVXzeTydWekDrfLlHw9alYml
llJUXbsTIBBUdk2aT/dFzPyZTN8HhtU8327w7latxKJXrYNpJCn6fcRtSSyo6dIm
QXxvyF/kMLHIirBoOHGKXVVfZFRrDafFbux//1duw+TIjUfVin0rQE/z28iN+3TY
ihXtJ2fhVm+WWR1w7IzoLFV6Xu23JIk92Fxvowho4p6BTOzsGeHPdlPoR0b5ECbI
8VqSLgsa8WOPLmxTNmcuk1BHYVf+Dr3YU/Xb9TBa5QIDAQABoy8wLTAMBgNVHRME
BTADAQH/MB0GA1UdDgQWBBQQa7p2w8Z93WcH8rACLeg40cpRCDANBgkqhkiG9w0B
AQsFAAOCAQEAXp7kVoWuGbI1nep/FTL+PVptYQzD4IfnsonSKZvB7yYcGS0OZtGI
cNr52WOx4EpksG58JsQxjowu5kAdeSwGI5cCKdAWMA/BpJhT+uOP+9Y+QBXFBM25
50cZax5FFFCKWUcOrv7SSeaGRe3X13G6pPULwwS5WqFb0LZdL0gI9GxN0S9X6F/N
g+T0akcluAe6xNIltnw6AeaUQXzK+jy/3zuSAulh6oiSm7kTU9kXLZ3Xiobko/MB
PaDKL+Ygt0c2hX5TRVJQ2Bdvn5z5kkBJxT7Rb9uj8kT9JETbwQD3bssZB+tPkwvE
O5mpOpR0Jkni8lJmOYrRYz9Jf9Cm0uQWlw==
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions fixtures/chain-root.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVyB+pQ0g/Qvfn
qxRUSJ4bQ5u0wOufCcRcZJdftzd2VJ2iJclK1gOwL4NvJXb7JXbiyCQMkzZjC5a8
qe0dvnqFVfN5PJ1Z6QOt8uUfD1qViaWWUlRduxMgEFR2TZpP90XM/JlM3weG1Tzf
bvDuVq3Eoletg2kkKfp9xG1JLKjp0iZBfG/IX+QwsciKsGg4cYpdVV9kVGsNp8Vu
7H//V27D5MiNR9WKfStAT/PbyI37dNiKFe0nZ+FWb5ZZHXDsjOgsVXpe7bckiT3Y
XG+jCGjinoFM7OwZ4c92U+hHRvkQJsjxWpIuCxrxY48ubFM2Zy6TUEdhV/4OvdhT
9dv1MFrlAgMBAAECggEAALkNTyeb4u4TCh5MX0yV9eAKP4sEQPFp6Vx3UCq9oUTM
xtn7dQ+4/quEDw6NX6QGY6+EwuLsi1rKrUo8M9GLdumN45pBqsApWjk41Rx0LfVD
l6whMbMkPJ0eUmTiYX4KJy59EwMRP3KqvG0Szq60WVBDNtViHm38TtiPL6Qn0UKT
3bc6+b7VlGeasb6vyChcSeemz+SIS0MvOG5kSVCOdJ0fTWVtayRPp5xCqIdIBtn6
fyeTALAKW7uQLrydmzei+JpUh38L6J/HLwTxC9R2Uq0kOgLV9ZxSFGNeIWPhih2Q
OgzqYgGMjSsYDeun+0aeS6j1z2ClIgywt5hSL6jHsQKBgQD3KifmzAUy14hweUak
hto8SuOT5ngV5Bt2RfOnu+dlxnRvZzyOIPoik6sLB6WK42x6T2AaHN9oSHOi1Jwd
2q3DP8PE/S4kFtaNmJVNFrMFoo/gP/ZRAvzo0qwFrIN6qYhkaG+s+ahwcj8dnnFj
E0JaPcSw+OxFWG8hOYzy1PeeMwKBgQDdbHmgz8A1dkq7PvONk9pBSfb5TaLRPY78
bVkONJnjmEQVi8kuucQxbeXBGfuOB9pzGdHUlkRCyiWjOpJ82eihaa35gpW/y4Sz
fKEq5hXneuZO2kq9sV9AZBAub8aUH5GFU9fpORXGx6N+QNWfHkrBERdKO/8AdVs6
7rKi6QpahwKBgQDOvUI2+Px4NHR5r9d5ExtER1fohGR52x1lZsmRyciaBs+px26N
a+QOO/pb9X9wlx5LiE1YSkJMlh2zW6diCWJC6Pk1sph/s2KveauYmZ4Q3pL9/kJo
LNmjXWRqMoyfc2MUqY6P3xwXQlisy7UILDnaBcSaSvxGXNxHrD3LeHvOpQKBgF8x
Nm0DQ7/4NhKf8rcoHEm7UblGPjw0eddd705jINGu8X5N1VUIOieB9qd40yPxjmGz
dPkvDPOl0l6FXNreF9vlAg1lrZmCFm/Pob4+oqYcuQynXkCFE80r96TvGvEtTTOD
oyw6BXmq9Eff+bbpn/u2rEuW1X9N9MW2Pwg4peHbAoGBAM+QoaXHB8e7TPPiEkxx
ppK8n34R5lhLc+DwvGCH6N3F+Dze/WlWRY+KzirE1QfJQTCJmp1cuQl1A0hzWUPL
X/xZUg+kA0yFu9EJROOrpv+f4MK8OzEUN/2n69tobQHU4446iGVOOMtnzoFvaI9H
h/z2c6S/DifigZ5sYSyL4TqJ
-----END PRIVATE KEY-----
56 changes: 56 additions & 0 deletions fixtures/chain.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UEAwwRVEVT
VC1pbnRlcm1lZGlhdGUwHhcNMjMwODAxMDE0NTEzWhcNMjQwNzMxMDE0NTEzWjAU
MRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCiLsCk5U0Xb0VSRaHJNd1q/X2aAgf7EPGi/4ul6XpZp8gT3iRu6sErsRc3
3JS2svKRN0eRMXduvTO3q9S6aGgMAZUzy7jlDUzgRu8AckEiOATxfvb+4Bz0zGy/
pVw0bIUiYDMOeJ8RgX0MVT6NrBTztDAj6npTXrtRYzD+SoOq4NkVYCxzDAJtO1+Q
Ie59WJGCK5wz+VjfUbJbxbpQFs1de17uq3LrE6BqksKiZsIgd4vGAembsrIm8Z5U
v3bAJukLFtlL380sCrhRM84IelbSPKQLTjAwPcVFvgC+SS0ezD3I5Og2FcZqVnLS
yjAsCmeq5FENll1y66i3QxK0XtQ7AgMBAAGjgYUwgYIwCwYDVR0PBAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAUBgNVHREEDTALgglsb2NhbGhv
c3QwHQYDVR0OBBYEFAv7QgX2lWUAOdbV2sSERShHfiAxMB8GA1UdIwQYMBaAFEuS
nkkMoeox4UP07oJsZGcEMYAWMA0GCSqGSIb3DQEBCwUAA4IBAQBf5R8Jq11jmEV1
0i7hNPDp6wDknG7IGO7En3yShvEaXAPZlRpGzJuJ39KDz9Qb/imi5juP/i701Tee
OjvKOH5NGGklwIlzlmbNvtZNuZQAKpAUza0dKu1rPF6OZl65rmyYr2LVWyal9XUK
GGxhyB8A0+5W4XnNjAHDkpNI1yR3DcB+WtSeybAPQrTUSZxpMNRCUMG/Ph+dBfdz
5qC+kmDQoWB+G710CEdGfobkDPzYTq3obbjpBuOUqxBJHqAK8SFAjPkEcnr1GKvG
9DDOojHM6GBYp9k8vSof3P7ptrjTHDjz5ItjGCCohk1zAIwRT2fTE1TOwI2qvYxo
395vKvYI
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC/DCCAeSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJVEVT
VC1yb290MB4XDTIzMDgwMTAxNDUxM1oXDTI0MDczMTAxNDUxM1owHDEaMBgGA1UE
AwwRVEVTVC1pbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYpxiPSJIcdHoDlt6fueRkX8zBC5u9aItDrStM6/VGQRM/NmeAWB/ek1pU
749TaPUAcx5uoMaP2FKqnUN9sExslD5cLY5c/ixAfxBw6dLL3oYHB5vgwr5YUyS2
AHVnomYS4hXW1nhqK9oEBmx5MQzb7FFKXpamrOsGVMfVjROek/wz3YoW8fE30A8r
Zezc0uxkAyq7GQ4+ur/Em8qGhA7YXGmoHd4+h2PpU2Co8iW6i5Mftt8DfSFHFCyt
Yu9xMhX2o8HckPUXQTKVAcOY/S2JjpFdwjX6cc9iDZ3+ETMtIUtv+MSICaTU7PLv
eHAl5nodMctAI9+NaQkO81z8XdoZAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYD
VR0OBBYEFEuSnkkMoeox4UP07oJsZGcEMYAWMB8GA1UdIwQYMBaAFBBrunbDxn3d
ZwfysAIt6DjRylEIMA0GCSqGSIb3DQEBCwUAA4IBAQB00UMFcTDyDUidWamh/fzS
Z6pv2ms0mKHXeVYdqUGtWPjl9uocWGJXdgD3C77Ifpx02zayhtpdfSvvajyEnTAd
XPM8jb/VBXpgW7wA7vMRoewvXLG4xITbh+HXKhDh1n+KLAJLSB4uBrmbmx1/pgpM
rXJPAGv4ARzkozcs98qWND3dWAjDNn+7Wxb0wVhcYgrmvyQyNAUdgYImxZSqn7rR
sP5rr7FbAZLGSHx0h9hzav3XuWRv7+mn1m9QplsvaJV2EehiY92C0JmNHt9BvMcX
XTWGWgXMVeacm/0W+3XmQWtltDnBQq8fUsEy0Uts6fJdD/5tEmvYfwEtpomxdFds
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC5TCCAc2gAwIBAgIUXtcOjsFS175nGr07+htPEPGe2bYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJVEVTVC1yb290MB4XDTIzMDgwMTAxNDUxM1oXDTMzMDcy
OTAxNDUxM1owFDESMBAGA1UEAwwJVEVTVC1yb290MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA1cgfqUNIP0L356sUVEieG0ObtMDrnwnEXGSXX7c3dlSd
oiXJStYDsC+DbyV2+yV24sgkDJM2YwuWvKntHb56hVXzeTydWekDrfLlHw9alYml
llJUXbsTIBBUdk2aT/dFzPyZTN8HhtU8327w7latxKJXrYNpJCn6fcRtSSyo6dIm
QXxvyF/kMLHIirBoOHGKXVVfZFRrDafFbux//1duw+TIjUfVin0rQE/z28iN+3TY
ihXtJ2fhVm+WWR1w7IzoLFV6Xu23JIk92Fxvowho4p6BTOzsGeHPdlPoR0b5ECbI
8VqSLgsa8WOPLmxTNmcuk1BHYVf+Dr3YU/Xb9TBa5QIDAQABoy8wLTAMBgNVHRME
BTADAQH/MB0GA1UdDgQWBBQQa7p2w8Z93WcH8rACLeg40cpRCDANBgkqhkiG9w0B
AQsFAAOCAQEAXp7kVoWuGbI1nep/FTL+PVptYQzD4IfnsonSKZvB7yYcGS0OZtGI
cNr52WOx4EpksG58JsQxjowu5kAdeSwGI5cCKdAWMA/BpJhT+uOP+9Y+QBXFBM25
50cZax5FFFCKWUcOrv7SSeaGRe3X13G6pPULwwS5WqFb0LZdL0gI9GxN0S9X6F/N
g+T0akcluAe6xNIltnw6AeaUQXzK+jy/3zuSAulh6oiSm7kTU9kXLZ3Xiobko/MB
PaDKL+Ygt0c2hX5TRVJQ2Bdvn5z5kkBJxT7Rb9uj8kT9JETbwQD3bssZB+tPkwvE
O5mpOpR0Jkni8lJmOYrRYz9Jf9Cm0uQWlw==
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions fixtures/chain.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCiLsCk5U0Xb0VS
RaHJNd1q/X2aAgf7EPGi/4ul6XpZp8gT3iRu6sErsRc33JS2svKRN0eRMXduvTO3
q9S6aGgMAZUzy7jlDUzgRu8AckEiOATxfvb+4Bz0zGy/pVw0bIUiYDMOeJ8RgX0M
VT6NrBTztDAj6npTXrtRYzD+SoOq4NkVYCxzDAJtO1+QIe59WJGCK5wz+VjfUbJb
xbpQFs1de17uq3LrE6BqksKiZsIgd4vGAembsrIm8Z5Uv3bAJukLFtlL380sCrhR
M84IelbSPKQLTjAwPcVFvgC+SS0ezD3I5Og2FcZqVnLSyjAsCmeq5FENll1y66i3
QxK0XtQ7AgMBAAECggEAAmfHG6r69boEwS+fMqjF2+xejIYzMBoUO2Km45MO6X1/
jivhRnPc4ZUCzyVKX1tQFa9INHMTXmUX+0VlJk6eHG95kwcWeu8zkK/8o3kOVj+W
cy5641TXmRnfEwiU0YI6h0P9/dz0HwJYpHIvN1KyDNtDS4USw2HITXC3LU5VnZcq
FWdjKTQNdnm5AamTyov2SXb9LKJkxicCKxyJODuMYWe6MX0G51DUvmfWr5bQ3VbD
eOG1Nf1g2pSaDA+xYTeLwrn/LvdATzXsvQZdD2y5u3m11WZFoczHA6MNciyt5Jk2
kkXJlfxn10A3GXsedWxE1mq/VZ3l+vO311mdoqRiIQKBgQDQLxlkmmy3lbbNfVZc
yr8+7dal1puBTc2ZfIq7Kr4ZSCXaVO41hLpi299OY1UEOdoKfnFBg6c1icDuSfvi
MivU9a70h0XBTJXTYK+6FWXoRsiF9Ale/JmgMU/n0QiWoHMoi+jsXgQZ1WyUXcR6
45HDbzfSnZIKrTyfJu8LuT9arwKBgQDHbtgDvXA8ewZJi0RWq0oXNS5XYr9ySe94
LpWCoXT8hgeqNM8Ly43mUXHZiGsrbIHmgkAKJhylthc9CUCRJ4w0JL7UtkPZtcgi
UaydfJ4io9Sx0KgZ38e/1bq3rolC7kESNpGeJHMrF4hUAI2gEgZEtf0m5rzKpaGo
4yu8HVtSNQKBgBTi1MpaD9QvSgK9s19l2+AFXoaOzFUhqCHg884pUJ8atOl9odRu
t4BZjMLBhnMBFtX8r4IiIjFl25xMgd/Eps8bwuy3cZEeDN4DEj46DVpLV6zQuev0
rbj7mYepWhI6kLMdrkWgfQrWdalA6whlMmeIDfKsak116eIRtuPXNvrzAoGAUVHW
TTgaot67QpPCCuEPdgUeX02JqO2S8ttz5W82h52TVIjx/+pBcy+0j7H7mRpGoZps
yHaf6cYlFaNHK6kHl1+AXLXxVr2z3KKXEyR0SsWo/dSKJvrDtWpOF4XYvGzwJaAQ
on5UY7bVxQLwvNt8qNnYXttpEeyVzYrME4mY6h0CgYBBVY08DRSkrrBwiY9sQWbF
XVdWuffdLuuI27lVcBl0UwJh37EwXN0fsWhZ3upAitAzE3aBNwF5KHvq00yCsMKr
A4bo7DeckePIfCAxdvp8kAuq+NwW8tkpMcqeb1ja2TPrgSy9eyHingzvMtYNDTxB
i45lVy8xNJU85Fmzex0B0g==
-----END PRIVATE KEY-----
134 changes: 134 additions & 0 deletions fixtures/generate.bash
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
#!/usr/bin/env bash

set -xeuo pipefail

function prepare() {
local cwd=$1
local fwd=$(readlink -f "$cwd")
mkdir -p "$cwd"/{certs,crl,newcerts,private}
echo 1000 > "$cwd/serial"
touch "$cwd"/{index.txt,index.txt.attr}

echo '
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = '"$fwd"'
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/ca.key.pem # The private key
RANDFILE = $dir/.rnd # private random number file
nameopt = default_ca
certopt = default_ca
policy = policy_match
default_days = 365
default_md = sha256

[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]

[v3_req]' > "$cwd/openssl.cnf"

if [[ $cwd == out ]] ; then
echo "keyUsage = digitalSignature, keyEncipherment" >> "$cwd/openssl.cnf"
echo "extendedKeyUsage = serverAuth, clientAuth" >> "$cwd/openssl.cnf"
echo "subjectAltName = DNS:localhost" >> "$cwd/openssl.cnf"
else
echo "basicConstraints = CA:TRUE" >> "$cwd/openssl.cnf"
fi
}

# chain generates three certificates in a chain.
function chain() {
rm {root,intermediate,out} -rf
prepare root
prepare intermediate
prepare out

# Create root certificate and key.
openssl genrsa -out root/private/ca.key 2048
openssl req -new -x509 -sha256 -days 3650 \
-config root/openssl.cnf -extensions v3_req \
-key root/private/ca.key --out root/certs/ca.crt \
-subj '/CN=TEST-root'

# Create intermediate key and request.
openssl genrsa -out intermediate/private/intermediate.key 2048
openssl req -new -sha256 \
-config intermediate/openssl.cnf -extensions v3_req \
-key intermediate/private/intermediate.key -out intermediate/certs/intermediate.csr \
-subj '/CN=TEST-intermediate'

# Sign intermediate request with root to create a cert.
openssl ca -batch -notext -md sha256 \
-config intermediate/openssl.cnf -extensions v3_req \
-keyfile root/private/ca.key -cert root/certs/ca.crt \
-in intermediate/certs/intermediate.csr \
-out intermediate/certs/intermediate.crt

# Create a key and request for an end certificate.
openssl req -new -days 365 -nodes -newkey rsa:2048 \
-config out/openssl.cnf -extensions v3_req \
-keyout out/private/localhost.key -out out/certs/localhost.csr \
-subj "/CN=localhost"

# Sign that with the intermediate.
openssl ca -batch \
-config out/openssl.cnf -extensions v3_req \
-keyfile intermediate/private/intermediate.key -cert intermediate/certs/intermediate.crt \
-out out/certs/localhost.crt \
-infiles out/certs/localhost.csr

mv out/certs/localhost.crt chain-leaf.crt
mv out/private/localhost.key chain-leaf.key
mv intermediate/certs/intermediate.crt chain-intermediate.crt
mv intermediate/private/intermediate.key chain-intermediate.key
mv root/certs/ca.crt chain-root.crt
mv root/private/ca.key chain-root.key

rm {out,intermediate,root} -r

cat chain-leaf.crt chain-intermediate.crt chain-root.crt > chain.crt
cp chain-leaf.key chain.key
}

# non-signing generates a self-signed certificate that has cert signing
# explicitly omitted.
function non-signing() {
openssl req -x509 -nodes -newkey rsa:2048 \
-keyout no-signing.key -out no-signing.crt \
-addext "keyUsage = digitalSignature, keyEncipherment" \
-addext "subjectAltName=DNS:localhost" \
-subj "/CN=localhost"
}

# self-signed generates a certificate without specifying key usage.
function self-signed() {
openssl req -x509 -nodes -newkey rsa:2048 \
-keyout self-signed.key -out self-signed.crt \
-addext "subjectAltName=DNS:localhost" \
-subj "/CN=localhost"
}

function main() {
local name=$1 ; shift
"$name" "$@"
}

main "$@"
19 changes: 19 additions & 0 deletions fixtures/no-signing.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDLDCCAhSgAwIBAgIUZVpY6+MUJZuW/UJhu7r8crizzh0wDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIzMDgwMTAxMDQ0OFoXDTIzMDgz
MTAxMDQ0OFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzIxlOvO0DmWd0a2dA3f3uy6VuQ6kLHp+D4QNUvzAqSGE
y6WCUQD0UWxqC+tXoHq9wX35qPPon9Ei2e3VarWv9Fc0BNN2I2pMgJDipxjuQC+P
RMwDwCD+zsVQbfTel2ntfP4OAcs58964Rc9ZgMiZwxBWMOBbTUt68R3ba/oKKdEV
AOBequ32qrmLMhNzFKdEooe8DzpPOXO3kaTxOoSUTx85UJfwdL+6vFYhDHJ6pvRU
QvJj7G+H03YL4zBKRucAlI3jcaNAcNm5JCAliv4yPzo2PEl2aFfG2DL5lVhDU8S4
62iTXpnPwSQAtloSNKE+xTzqsusfeJV/YFEnqTGYCwIDAQABo3YwdDAdBgNVHQ4E
FgQU35DsH5EDKMKE0VTWs+YSWjT6u1gwHwYDVR0jBBgwFoAU35DsH5EDKMKE0VTW
s+YSWjT6u1gwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCBaAwFAYDVR0RBA0w
C4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQDHgOSJfsSCD1SwFqY/k8eH
o95y7jqlCH48jw+BxHh7W/jr7NnUUXRP0NgQjhUcJSBZ8mWqCQtdpwttEe5eYYGg
0uA7FoiDfzEkyAs9QMAxDfgpHloafh1sJBdxiiUsu6LeYzzPcSajPEOlPNIpR7Uu
CFy1fr/PMAmOPeIuF6NNYfwk9Isevqf/U8R5QK99abWJnP8S2Lqk90EFAdO7RAAZ
g3xsVqO0Tzs9yvtHRSe92q5M/hyRMHTF8mPKQwTnSPXzxhVdYiTJ5VEZQOIhey0V
s1sGtEpSUwhNiMEypJJbDhDJ6S5pn9lqDbSoCiRjXufq3ltu90Zht+2kCUCjTSBb
-----END CERTIFICATE-----
Loading
Loading