recreate certs

connamara · Jul 9, 2024 · 2eb8d82 · 2eb8d82
1 parent 8d0a5ed
commit 2eb8d82
Show file tree

Hide file tree

Showing 13 changed files with 84 additions and 7 deletions.
diff --git a/Examples/Executor/executor_ssl.cfg b/Examples/Executor/executor_ssl.cfg
@@ -17,10 +17,10 @@ ScreenLogShowEvents=Y
 
 SSLEnable=Y
 # It is recommended to install the certificate and refer to it by name instead of using filename + password
-SSLCertificate=../QuickFixn-TestServer.pfx
-SSLCertificatePassword=QuickFixn-TestServer
+SSLCertificate=../qfn-server.demo.pfx
+SSLCertificatePassword=qfnpass123
 # For production refer to certificate by name instead: SSLCertificate=CN=QuickFixn-TestServer
-SSLCACertificate=../QuickFixn-TestCA.cer
+SSLCACertificate=../quickfixn-CA.demo.cer
 SSLCheckCertificateRevocation=N
 
 [SESSION]

diff --git a/Examples/QuickFixn-TestCA.cer b/Examples/QuickFixn-TestCA.cer
diff --git a/Examples/QuickFixn-TestCA.pfx b/Examples/QuickFixn-TestCA.pfx
diff --git a/Examples/QuickFixn-TestClient.pfx b/Examples/QuickFixn-TestClient.pfx
diff --git a/Examples/QuickFixn-TestServer.pfx b/Examples/QuickFixn-TestServer.pfx
diff --git a/Examples/TradeClient/tradeclient_ssl.cfg b/Examples/TradeClient/tradeclient_ssl.cfg
@@ -19,11 +19,11 @@ LogoutTimeout=5
 ResetOnLogon=Y
 
 # It is recommended to install the certificate and refer to it by name instead of using filename + password
-SSLCertificate=../QuickFixn-TestClient.pfx
-SSLCertificatePassword=QuickFixn-TestClient
+SSLCertificate=../qfn-client.demo.pfx
+SSLCertificatePassword=qfnpass123
 # For production refer to certificate by name instead: SSLCertificate=CN=QuickFixn-TestClient
-SSLServerName=QuickFixn-TestServer
-SSLCACertificate=../QuickFixn-TestCA.cer
+SSLServerName=qfn-server.demo
+SSLCACertificate=../quickfixn-CA.demo.cer
 
 [SESSION]
 # inherit ConnectionType, ReconnectInterval and SenderCompID from default

diff --git a/Examples/gen-cert-scripts/step1_gen_ca_cert.sh b/Examples/gen-cert-scripts/step1_gen_ca_cert.sh
@@ -0,0 +1,14 @@
+###################
+# Generate CA cert
+# (may not need SAN here)
+
+openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
+  -nodes -keyout quickfixn-CA.demo.key -out quickfixn-CA.demo.cer -subj "/CN=quickfixn-CA.demo" \
+  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
+
+
+# I'm using "qfnpass123" for all passwords
+
+openssl pkcs12 -export -out quickfixn-CA.demo.pfx -inkey quickfixn-CA.demo.key -in quickfixn-CA.demo.cer
+
+
diff --git a/Examples/gen-cert-scripts/step2_gen_server_cert.sh b/Examples/gen-cert-scripts/step2_gen_server_cert.sh
@@ -0,0 +1,16 @@
+###################
+# Generate Server cert
+
+openssl req -new -nodes -newkey rsa:4096 \
+  -keyout qfn-server.demo.key \
+  -out qfn-server.demo.csr \
+  -subj "/CN=qfn-server.demo" \
+  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" \
+  -addext "extendedKeyUsage=serverAuth"
+
+openssl x509 -req -in qfn-server.demo.csr -CA quickfixn-CA.demo.cer -CAkey quickfixn-CA.demo.key \
+  -CAcreateserial -out qfn-server.demo.cer -days 3650 -sha256 -copy_extensions copy
+
+openssl pkcs12 -export -out qfn-server.demo.pfx -inkey qfn-server.demo.key -in qfn-server.demo.cer
+
+
diff --git a/Examples/gen-cert-scripts/step3_gen_client_cert.sh b/Examples/gen-cert-scripts/step3_gen_client_cert.sh
@@ -0,0 +1,17 @@
+###################
+# Generate Client cert
+
+openssl req -new -nodes -newkey rsa:4096 \
+  -keyout qfn-client.demo.key \
+  -out qfn-client.demo.csr \
+  -subj "/CN=qfn-client.demo" \
+  -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" \
+  -addext "extendedKeyUsage=clientAuth"
+
+openssl x509 -req -in qfn-client.demo.csr -CA quickfixn-CA.demo.cer -CAkey quickfixn-CA.demo.key \
+  -CAcreateserial -out qfn-client.demo.cer -days 3650 -sha256 -copy_extensions copy
+
+openssl pkcs12 -export -out qfn-client.demo.pfx -inkey qfn-client.demo.key -in qfn-client.demo.cer
+
+
+
diff --git a/Examples/qfn-client.demo.pfx b/Examples/qfn-client.demo.pfx
diff --git a/Examples/qfn-server.demo.pfx b/Examples/qfn-server.demo.pfx
diff --git a/Examples/quickfixn-CA.demo.cer b/Examples/quickfixn-CA.demo.cer
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNTCCAx2gAwIBAgIUYOHtQANN5RgxdpEA/CCSoH6jspQwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRcXVpY2tmaXhuLUNBLmRlbW8wHhcNMjQwNzA5MTYwODQ2
+WhcNMzQwNzA3MTYwODQ2WjAcMRowGAYDVQQDDBFxdWlja2ZpeG4tQ0EuZGVtbzCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALzcuXwP0zE2T4WMQhGM2j8c
+eJRZRCm0VeGnYZsOuHC2X+krhNm2hEuUecB+F3fohIJFCccQgyoqIQw6ET1GBEy0
+B/u+HoxkpISepV23xY7gog96YaUX1l6N7+f/XwCrZE03AGl/kVeIO6tDvQCQNfKK
++e9Yk8A0qKKG+K9aN84oQEubJdjmFnrhqa10s/DrUxP14pKWChWDLJQAdpZip+KS
+Vmyn1bF9evwsxIz9Nrk9/XcMRYujpgNiuhjbM8jNZouhzbqha6LATpPFa74cffeI
+dZEJx4ZKoOEqANCz76rbZ0bq+wh/zuOka+0Y5PX3iUlvneHMNj4RfSElDn6vN9Px
+5WOgZIIFaGj8rlXndIsPD2hyEx34TJwqLpf4urHi6OCo4G7AdDhoeV7vuwVgcdco
+7vdg8BM3UEAOoqKQ+XwE0HBivWHE0PCJE4EcU5HocBXKasviQD8Kqv0qkGfIx+5v
+hLYdLmWs7fb8DXqbYIds2Yu0caVzd553BYv7PtRX3iafDkFxW1Y3QT1YwL1SAW9Z
+EXyMMJSVt2UUNGnKO7ek9jdvxoas8jRj8Na3+zOW4Bcd00utVGP6NpAfuxcQePd3
+/mKLS70VJDXR6VTAeWZbezx9/PWo9WF0aLe9b4MYcrMBoUQ/PURwUHsVUHPVvm+i
+6BNPREiAHg2xDtpcDGyhAgMBAAGjbzBtMB0GA1UdDgQWBBSN54oannOQsK9xDMrn
+1wnGDeCO+jAfBgNVHSMEGDAWgBSN54oannOQsK9xDMrn1wnGDeCO+jAPBgNVHRMB
+Af8EBTADAQH/MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0B
+AQsFAAOCAgEAJ0ysTei9WwN1DX6Kf0AmTTk11sbJDEbPwqeWyuy6ontzFgzAGKjW
+Ckaz1gCHi2Kb4mLLCR6sthvCvQV20TXdKJ7sa2mVlDF6d75B3bghkSmul+wUlbSs
+AiI/iYD8FlPdUwQKaOn7NModlfE7Bs4zSW1jDVhdid709rNjETLVZVz5MO+0WKfH
+xdR65Xcfw4YeJr+IqEeX+YgACPiO+lMjKE/6RChpKI2uqw/XI+cIQLAbkhPKYTdy
+6P5U4m/XB23JlBLU7untE8bE7Ar4yWY4oBHIR6KsqVtyfChL27TRwoJE/GxAXphn
+sKNKNrjqwtoeVYMT87iDLx3zBdN3lgp6NQPNnQHKZdM0UhXhQxGcxFgo80VCkYC2
+AJf1R7v5QC6hQbk2fFhpkIx4e6Qa0OgyBHcfIagw8plyXrkg4TSsS5KHOQwG2TlS
+qLrANx8YAx5IOW9hopm/NecrUY/Fokt9boapWGRm46mA8D1QwlTFbwDzk6R2vGbU
+IqIO1j5Bc1sCtNJuWoj+q2R2hbN3v1ZX9Z+2tp1iDukiGy2sZwRmd8OVmDkcUnET
+68rzrfHmQUGDGB7zLf8mvxkPa37bUV3zLpbgSOcffrgQEAxwQFRWhJ4BHRjz/AmW
+JFijHme/jLgZsTzg4nuKmxfM5fDTbWqaVNn+K57I8OBqImGK8pBDEiw=
+-----END CERTIFICATE-----
diff --git a/Examples/quickfixn-CA.demo.pfx b/Examples/quickfixn-CA.demo.pfx