testing: Add some notes about how to reissue attribute certificates
authorMartin Willi <martin@revosec.ch>
Fri, 3 Oct 2014 10:31:01 +0000 (12:31 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 3 Oct 2014 10:31:01 +0000 (12:31 +0200)
testing/tests/ikev2/acert-cached/reissue.txt [new file with mode: 0644]
testing/tests/ikev2/acert-fallback/reissue.txt [new file with mode: 0644]
testing/tests/ikev2/acert-inline/reissue.txt [new file with mode: 0644]

diff --git a/testing/tests/ikev2/acert-cached/reissue.txt b/testing/tests/ikev2/acert-cached/reissue.txt
new file mode 100644 (file)
index 0000000..6ab98f1
--- /dev/null
@@ -0,0 +1,23 @@
+# Carols acert for sales and finance
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+       --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+       --group sales --group finance -l 87600 -f pem \
+       > hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+
+# Daves acert for marketing
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+       --group marketing -l 87600 -f pem \
+       > hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves expired acert for sales
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+       --group sales -F "01.01.13 08:00:00" -l 240 -f pem \
+       > hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
diff --git a/testing/tests/ikev2/acert-fallback/reissue.txt b/testing/tests/ikev2/acert-fallback/reissue.txt
new file mode 100644 (file)
index 0000000..2e1cd68
--- /dev/null
@@ -0,0 +1,15 @@
+# Carols expired acert for finance
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+       --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+       --group finance -F "01.01.13 08:00:00" -l 240 -f pem \
+       > ./hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
+
+# Carols valid acert for sales
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+       --in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+       --group sales -l 87600 -f pem \
+       > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
diff --git a/testing/tests/ikev2/acert-inline/reissue.txt b/testing/tests/ikev2/acert-inline/reissue.txt
new file mode 100644 (file)
index 0000000..994fa0f
--- /dev/null
@@ -0,0 +1,23 @@
+# Carols sales acert
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \
+       ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+       --group sales -l 87600 -f pem \
+       > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
+
+# Daves marketing acert
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+       --group marketing -l 87600 -f pem
+       > hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves sales acert from expired AA
+pki --acert \
+       --issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \
+       --issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \
+       --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+       --group sales -l 87600 -f pem \
+       > hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem