summaryrefslogtreecommitdiff
path: root/etc/README.certs.md
diff options
context:
space:
mode:
Diffstat (limited to 'etc/README.certs.md')
-rw-r--r--etc/README.certs.md281
1 files changed, 281 insertions, 0 deletions
diff --git a/etc/README.certs.md b/etc/README.certs.md
new file mode 100644
index 0000000..05487d1
--- /dev/null
+++ b/etc/README.certs.md
@@ -0,0 +1,281 @@
+/*! \mainpage
+
+README.certs
+============
+
+1. X.509 Certs and key files
+----------------------------
+
+In this directory you will find:
+
+a) rootCA_cert.pem -- ECC root CA PEM file; almost 10 years valid
+b) rootCA_key.pem -- encypted corresponding key file for signing - password 12345
+c) rootCA_key.pem.plain -- unencypted corresponding key file for signing
+
+e) ::1_cert.pem -- ECC IPv6 localhost PEM cert
+f) ::1_key.pem -- encrypted corresponding key file for authentication - password testcert
+g) ::1_key.pem.plain -- unencrypted corresponding key file for authentication
+
+h) 127.0.0.1_cert.pem -- ECC IPv4 localhost PEM cert
+i) 127.0.0.1_key.pem -- enrypted corresponding key file for authentication - password testcert
+j) 127.0.0.1_key.pem.plain -- unencrypted corresponding key file for authentication
+
+k) localhost_cert.pem -- ECC generic localhost PEM cert
+l) localhost.pem -- encrypted corresponding key file for authentication - password testcert
+m) localhost.pem -- unencrypted corresponding key file for authentication
+
+n) chain6.pem -- chained ::1_cert.pam + rootCA_cert.pem
+o) chain4.pem -- chained 127.0.0.1_cert.pam + rootCA_cert.pem
+
+p) dh2048.pem -- Diffie-Hellman parameter file with 2048 bit
+
+All x509 certs are generated by means of the ECC prime256v1 algorithm.
+CA cert validity: About 10 years from September 2023.
+Other certs valdity is about 5 years starting at September 2023.
+
+2. Usage
+--------
+
+These x509 certs and key files are provided to allow an initial
+setup and test of UCSPI-SSL's sslserver and companions.
+
+The use of ECC signatures requires OpenSSL > 1.1.1 or LibreSSL > 3.3.1.
+
+3. rootCA_cert.pem
+------------------
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 2a:33:3a:76:03:ac:7a:0f:23:38:0a:5c:e3:43:f2:9d:74:9d:ae:99
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = ucspi-ssl research ca
+ Validity
+ Not Before: Sep 20 13:04:38 2023 GMT
+ Not After : Oct 17 13:04:38 2033 GMT
+ Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = ucspi-ssl research ca
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:74:87:e3:06:ee:44:a1:7b:4c:ca:d4:d9:13:fa:
+ d2:8a:4c:08:42:84:ae:3f:f9:97:9d:c2:49:48:ad:
+ 0f:3d:ba:c2:26:df:28:22:45:63:7c:fe:28:b1:e1:
+ 90:1d:33:4f:62:3f:b0:ff:0c:04:52:0b:75:1b:6b:
+ 72:76:a1:00:07
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ A5:33:0C:F4:15:5B:BD:10:6A:71:A2:79:EB:00:77:8C:7A:30:35:83
+ X509v3 Authority Key Identifier:
+ keyid:A5:33:0C:F4:15:5B:BD:10:6A:71:A2:79:EB:00:77:8C:7A:30:35:83
+
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:21:00:99:53:0a:1c:5f:b2:1c:80:c0:05:17:05:f7:
+ 75:96:28:87:bd:c3:d5:ca:2f:bf:a4:17:5e:66:ac:bb:4f:68:
+ 50:02:20:37:25:2a:62:2e:5d:31:8f:d7:71:3a:4d:b9:39:6b:
+ f8:02:5a:50:7b:c9:74:33:11:57:24:a9:2b:7a:39:37:b6
+-----BEGIN CERTIFICATE-----
+MIICSzCCAfGgAwIBAgIUKjM6dgOseg8jOApc40PynXSdrpkwCgYIKoZIzj0EAwIw
+ezELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
+a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxHjAc
+BgNVBAMTFXVjc3BpLXNzbCByZXNlYXJjaCBjYTAeFw0yMzA5MjAxMzA0MzhaFw0z
+MzEwMTcxMzA0MzhaMHsxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazER
+MA8GA1UEBxMIQnJvb2tseW4xJjAkBgNVBAoTHXVjc3BpLXNzbCByZXNlYXJjaCBs
+YWJvcmF0b3J5MR4wHAYDVQQDExV1Y3NwaS1zc2wgcmVzZWFyY2ggY2EwWTATBgcq
+hkjOPQIBBggqhkjOPQMBBwNCAAR0h+MG7kShe0zK1NkT+tKKTAhChK4/+ZedwklI
+rQ89usIm3ygiRWN8/iix4ZAdM09iP7D/DARSC3Uba3J2oQAHo1MwUTAdBgNVHQ4E
+FgQUpTMM9BVbvRBqcaJ56wB3jHowNYMwHwYDVR0jBBgwFoAUpTMM9BVbvRBqcaJ5
+6wB3jHowNYMwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEAmVMK
+HF+yHIDABRcF93WWKIe9w9XKL7+kF15mrLtPaFACIDclKmIuXTGP13E6Tbk5a/gC
+WlB7yXQzEVckqSt6OTe2
+-----END CERTIFICATE-----
+
+4. ::1_cert.pem
+---------------
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 06:d5:47:e8:f3:8c:9e:62:65:2f:21:f4:32:e5:09:be:92:ad:4f:2f
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
+ Validity
+ Not Before: Sep 20 13:05:52 2023 GMT
+ Not After : Dec 2 13:05:52 2028 GMT
+ Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:2c:04:f7:2e:0a:84:7f:26:b2:e2:02:6c:b4:c4:
+ 9a:83:89:fa:a9:62:16:f8:0e:25:4d:2d:9c:a1:37:
+ 4a:a4:3a:ee:42:ef:b8:31:4f:e1:94:94:c8:f1:1b:
+ ed:60:fc:04:ed:0b:e7:eb:db:93:ad:05:24:38:04:
+ 88:df:bb:4c:30
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Alternative Name:
+ IP Address:0:0:0:0:0:0:0:1, DNS:localhost
+ X509v3 Authority Key Identifier:
+ DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=loopback
+ serial:06:D5:47:E8:F3:8C:9E:62:65:2F:21:F4:32:E5:09:BE:92:AD:4F:2F
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:21:00:84:ca:6c:81:c7:cf:aa:43:c5:cf:e3:95:7c:
+ 43:a7:09:3e:9a:b5:e4:ae:e8:55:a5:da:3f:6e:53:37:95:dc:
+ ea:02:20:35:83:1c:1b:bd:8e:9e:8c:eb:be:88:0e:a9:c1:23:
+ 00:d3:97:e7:ca:ea:cd:75:00:9b:89:2c:7f:89:ca:ac:cf
+-----BEGIN CERTIFICATE-----
+MIICzzCCAnWgAwIBAgIUBtVH6POMnmJlLyH0MuUJvpKtTy8wCgYIKoZIzj0EAwIw
+bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
+a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
+BgNVBAMTCGxvb3BiYWNrMB4XDTIzMDkyMDEzMDU1MloXDTI4MTIwMjEzMDU1Mlow
+bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
+a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
+BgNVBAMTCGxvb3BiYWNrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELAT3LgqE
+fyay4gJstMSag4n6qWIW+A4lTS2coTdKpDruQu+4MU/hlJTI8RvtYPwE7Qvn69uT
+rQUkOASI37tMMKOB8DCB7TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUE
+DDAKBggrBgEFBQcDATAmBgNVHREEHzAdhxAAAAAAAAAAAAAAAAAAAAABgglsb2Nh
+bGhvc3QwgZUGA1UdIwSBjTCBiqFypHAwbjELMAkGA1UEBhMCVVMxETAPBgNVBAgT
+CE5ldyBZb3JrMREwDwYDVQQHEwhCcm9va2x5bjEmMCQGA1UEChMddWNzcGktc3Ns
+IHJlc2VhcmNoIGxhYm9yYXRvcnkxETAPBgNVBAMTCGxvb3BiYWNrghQG1Ufo84ye
+YmUvIfQy5Qm+kq1PLzAKBggqhkjOPQQDAgNIADBFAiEAhMpsgcfPqkPFz+OVfEOn
+CT6ateSu6FWl2j9uUzeV3OoCIDWDHBu9jp6M676IDqnBIwDTl+fK6s11AJuJLH+J
+yqzP
+-----END CERTIFICATE-----
+
+5. 127.0.0.1_cert.pem
+---------------------
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 75:01:d6:e2:c8:06:cb:69:ab:1f:c0:78:db:5f:00:2b:ca:c3:70:3c
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
+ Validity
+ Not Before: Sep 20 13:05:14 2023 GMT
+ Not After : Dec 2 13:05:14 2028 GMT
+ Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = loopback
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:98:39:f8:09:02:bd:81:7b:1d:4f:23:34:2e:b0:
+ 5c:97:b7:77:98:bd:d7:8a:ed:d7:d0:48:25:c1:ff:
+ a6:a4:97:8f:fc:56:00:04:9b:14:ba:3f:db:d3:76:
+ d4:53:07:63:20:61:fb:c6:88:fa:09:06:b9:7f:85:
+ d2:cf:7a:28:00
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Alternative Name:
+ IP Address:127.0.0.1, DNS:localhost
+ X509v3 Authority Key Identifier:
+ DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=loopback
+ serial:75:01:D6:E2:C8:06:CB:69:AB:1F:C0:78:DB:5F:00:2B:CA:C3:70:3C
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:5b:38:50:24:5e:1f:43:d4:24:ad:eb:8d:43:ec:
+ db:2b:f5:04:bb:78:0a:f1:30:b0:5e:6d:69:6c:dd:00:57:9f:
+ 02:20:2b:b1:26:72:21:0f:ce:72:9a:5d:77:13:07:c9:fd:37:
+ 04:14:bc:c0:da:33:49:6a:a4:4d:17:c8:48:04:36:a0
+-----BEGIN CERTIFICATE-----
+MIICwjCCAmmgAwIBAgIUdQHW4sgGy2mrH8B4218AK8rDcDwwCgYIKoZIzj0EAwIw
+bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
+a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
+BgNVBAMTCGxvb3BiYWNrMB4XDTIzMDkyMDEzMDUxNFoXDTI4MTIwMjEzMDUxNFow
+bjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
+a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxETAP
+BgNVBAMTCGxvb3BiYWNrMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmDn4CQK9
+gXsdTyM0LrBcl7d3mL3Xiu3X0Eglwf+mpJeP/FYABJsUuj/b03bUUwdjIGH7xoj6
+CQa5f4XSz3ooAKOB5DCB4TAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDATBgNVHSUE
+DDAKBggrBgEFBQcDATAaBgNVHREEEzARhwR/AAABgglsb2NhbGhvc3QwgZUGA1Ud
+IwSBjTCBiqFypHAwbjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREw
+DwYDVQQHEwhCcm9va2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxh
+Ym9yYXRvcnkxETAPBgNVBAMTCGxvb3BiYWNrghR1AdbiyAbLaasfwHjbXwArysNw
+PDAKBggqhkjOPQQDAgNHADBEAiBbOFAkXh9D1CSt641D7Nsr9QS7eArxMLBebWls
+3QBXnwIgK7EmciEPznKaXXcTB8n9NwQUvMDaM0lqpE0XyEgENqA=
+-----END CERTIFICATE-----
+
+6. localhost_cert.pem
+---------------------
+
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7a:6a:2a:23:7c:b4:99:26:bd:19:ee:88:72:b4:1c:8e:4d:3b:5a:40
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = localhost
+ Validity
+ Not Before: Sep 20 13:06:24 2023 GMT
+ Not After : Dec 2 13:06:24 2028 GMT
+ Subject: C = US, ST = New York, L = Brooklyn, O = ucspi-ssl research laboratory, CN = localhost
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:13:bc:51:f1:ce:42:39:a5:da:fd:81:e7:4d:03:
+ fd:3d:93:9d:63:ce:d7:32:0c:1b:c1:f3:1a:43:84:
+ f4:c5:db:79:c9:7e:e5:3d:ad:de:ca:66:fd:f5:a7:
+ 1c:80:18:20:b6:c6:b1:18:76:30:0a:3f:5f:ac:ca:
+ a4:90:d4:8b:b0
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Key Usage:
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication
+ X509v3 Subject Alternative Name:
+ DNS:localhost, IP Address:0.0.0.0, IP Address:0:0:0:0:0:0:0:0
+ X509v3 Authority Key Identifier:
+ DirName:/C=US/ST=New York/L=Brooklyn/O=ucspi-ssl research laboratory/CN=localhost
+ serial:7A:6A:2A:23:7C:B4:99:26:BD:19:EE:88:72:B4:1C:8E:4D:3B:5A:40
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:71:4c:08:c1:2a:7e:31:a9:33:5a:92:cb:da:81:
+ 85:ed:74:66:38:f8:5b:f1:55:1c:e4:bb:ba:3e:4e:83:76:fb:
+ 02:21:00:d3:82:51:6f:87:b0:32:14:1e:e0:f0:8c:43:cf:1c:
+ f2:2b:ca:70:a9:d3:26:55:00:91:94:29:87:06:8d:3e:3e
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAn6gAwIBAgIUemoqI3y0mSa9Ge6IcrQcjk07WkAwCgYIKoZIzj0EAwIw
+bzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhCcm9v
+a2x5bjEmMCQGA1UEChMddWNzcGktc3NsIHJlc2VhcmNoIGxhYm9yYXRvcnkxEjAQ
+BgNVBAMTCWxvY2FsaG9zdDAeFw0yMzA5MjAxMzA2MjRaFw0yODEyMDIxMzA2MjRa
+MG8xCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMIQnJv
+b2tseW4xJjAkBgNVBAoTHXVjc3BpLXNzbCByZXNlYXJjaCBsYWJvcmF0b3J5MRIw
+EAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQTvFHx
+zkI5pdr9gedNA/09k51jztcyDBvB8xpDhPTF23nJfuU9rd7KZv31pxyAGCC2xrEY
+djAKP1+syqSQ1Iuwo4H3MIH0MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMCwGA1UdEQQlMCOCCWxvY2FsaG9zdIcEAAAAAIcQAAAA
+AAAAAAAAAAAAAAAAADCBlgYDVR0jBIGOMIGLoXOkcTBvMQswCQYDVQQGEwJVUzER
+MA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCEJyb29rbHluMSYwJAYDVQQKEx11
+Y3NwaS1zc2wgcmVzZWFyY2ggbGFib3JhdG9yeTESMBAGA1UEAxMJbG9jYWxob3N0
+ghR6aiojfLSZJr0Z7ohytByOTTtaQDAKBggqhkjOPQQDAgNIADBFAiBxTAjBKn4x
+qTNaksvagYXtdGY4+FvxVRzku7o+ToN2+wIhANOCUW+HsDIUHuDwjEPPHPIrynCp
+0yZVAJGUKYcGjT4+
+-----END CERTIFICATE-----
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-04 23:03:33 +0000