[L] Change in osmo-ttcn3-hacks[master]: ipad: add an extra certificate+bundle for host "testsuite" - gerrit-log

22 Apr 2024

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36621?usp=email )
Change subject: ipad: add an extra certificate+bundle for host "testsuite"
......................................................................
ipad: add an extra certificate+bundle for host "testsuite"
Change-Id: I2d4ba8b710b9cf518b90c7f7acc8982350705531
---
M ipad/example_ca/pki/.rnd
A ipad/example_ca/pki/certs_by_serial/1D1B580C1B235125A87BE06C70121913.pem
M ipad/example_ca/pki/extensions.temp
M ipad/example_ca/pki/index.txt
A ipad/example_ca/pki/index.txt.attr.old
M ipad/example_ca/pki/index.txt.old
A ipad/example_ca/pki/issued/testsuite.cabundle
A ipad/example_ca/pki/issued/testsuite.crt
A ipad/example_ca/pki/issued/testsuite.notes
M ipad/example_ca/pki/openssl-easyrsa.temp
A ipad/example_ca/pki/private/testsuite.key
A ipad/example_ca/pki/reqs/testsuite.req
M ipad/example_ca/pki/safessl-easyrsa.cnf
M ipad/example_ca/pki/serial
M ipad/example_ca/pki/serial.old
15 files changed, 298 insertions(+), 18 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/21/36621/1

diff --git a/ipad/example_ca/pki/.rnd b/ipad/example_ca/pki/.rnd
index 1334945..4bcee5a 100644
--- a/ipad/example_ca/pki/.rnd
+++ b/ipad/example_ca/pki/.rnd
Binary files differ
diff --git a/ipad/example_ca/pki/certs_by_serial/1D1B580C1B235125A87BE06C70121913.pem b/ipad/example_ca/pki/certs_by_serial/1D1B580C1B235125A87BE06C70121913.pem
new file mode 100644
index 0000000..2395451
--- /dev/null
+++ b/ipad/example_ca/pki/certs_by_serial/1D1B580C1B235125A87BE06C70121913.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            1d:1b:58:0c:1b:23:51:25:a8:7b:e0:6c:70:12:19:13
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Apr  3 12:54:27 2024 GMT
+            Not After : Mar 19 12:54:27 2027 GMT
+        Subject: CN=testsuite
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:cd:59:25:9d:ed:cf:96:f5:11:27:fe:53:28:be:
+                    9a:34:7d:52:8b:ba:67:17:d6:b9:01:c6:a5:a3:e3:
+                    f9:13:76:4a:f6:98:0a:d7:75:49:8c:b5:aa:3e:d4:
+                    24:0f:8a:f4:4e:b2:63:b1:6e:04:20:79:27:94:6e:
+                    35:9b:94:26:d7:bf:25:f2:98:48:e8:8a:87:54:7c:
+                    b9:c5:83:59:42:9d:11:aa:3b:a3:35:b2:e9:c6:9f:
+                    ba:65:30:1d:ac:92:da:1a:63:b7:7c:73:84:1d:7a:
+                    73:d1:8e:c4:f3:84:9a:c3:2a:b3:00:e1:5e:b3:0c:
+                    6b:5d:c9:a2:db:15:53:31:bb:24:6a:e5:26:80:32:
+                    7e:9a:0f:5f:a6:10:ac:76:4f:9e:17:13:6c:92:51:
+                    39:08:ba:89:ec:ae:16:33:eb:48:48:a6:24:a7:4c:
+                    0e:ba:20:e9:b8:bb:ef:c8:f6:6f:25:f2:27:c1:25:
+                    34:cd:7a:52:bc:99:ce:e1:d3:f7:96:7e:ea:19:cc:
+                    0b:f6:03:11:c0:2e:63:61:90:88:81:2e:d1:f2:5c:
+                    3e:65:ff:1e:9a:57:16:d8:b3:97:35:18:0e:cc:37:
+                    d4:52:cd:1c:81:ba:69:9a:15:85:13:99:7a:2d:36:
+                    e5:77:62:2b:70:4a:78:57:ff:30:71:6d:41:27:cc:
+                    10:93
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                7E:68:CE:CF:F2:02:43:81:28:66:84:80:BC:16:F2:56:D6:9E:3D:AE
+            X509v3 Authority Key Identifier: 
+                keyid:C3:81:B8:A8:1B:DE:BF:A6:69:00:20:FF:C5:CF:C5:08:37:9D:EE:76
+                DirName:/CN=Easy-RSA CA
+                serial:60:40:F9:60:0A:22:43:66:68:46:32:52:8B:73:FF:57:5B:78:F5:9E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:testsuite
+    Signature Algorithm: sha256WithRSAEncryption
+         2d:d4:04:33:c9:2b:c1:1e:ed:f3:b6:81:3d:24:03:9e:dc:fa:
+         94:38:d3:ee:7c:50:7c:e8:c2:9c:f0:c9:f8:6b:36:c2:ca:73:
+         f7:f2:8d:61:92:3f:4d:a9:19:de:a4:46:13:ac:8f:ca:18:de:
+         2d:2f:e2:d6:8a:f4:b9:2c:9a:89:33:1f:b8:52:9e:9f:e2:28:
+         ec:9b:c5:88:50:05:81:b3:68:eb:3a:19:d1:44:ab:31:32:ef:
+         a5:f0:aa:4c:c0:e6:08:77:40:b8:33:69:b1:f3:ab:a3:53:c1:
+         7a:73:78:ab:88:18:01:6c:23:23:ed:f8:09:2d:f8:6b:c3:c2:
+         66:7d:b5:fa:2e:a5:ed:9d:0d:8b:c3:7f:cc:7e:69:e7:ff:83:
+         ba:df:2c:ad:7e:d2:8c:a3:82:fd:4f:cb:25:9c:d2:56:6f:2d:
+         72:09:ab:7b:f9:3e:86:58:41:0e:d6:b7:fa:49:ce:21:8a:85:
+         96:d6:33:a6:7f:c1:68:b5:78:ac:e3:33:6d:ed:f7:40:57:8d:
+         d5:c1:20:21:b3:be:be:ea:7e:37:d5:27:92:a7:a4:8d:8d:e9:
+         90:35:8d:36:77:b3:ee:c8:94:6d:07:f9:7c:2a:1b:45:5c:ca:
+         59:45:07:79:4c:d6:28:c9:68:f9:05:5a:f5:fa:6f:83:12:58:
+         29:3a:d4:52
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIQHRtYDBsjUSWoe+BscBIZEzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNDA0MDMxMjU0MjdaFw0yNzAzMTkx
+MjU0MjdaMBQxEjAQBgNVBAMMCXRlc3RzdWl0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM1ZJZ3tz5b1ESf+Uyi+mjR9Uou6ZxfWuQHGpaPj+RN2SvaY
+Ctd1SYy1qj7UJA+K9E6yY7FuBCB5J5RuNZuUJte/JfKYSOiKh1R8ucWDWUKdEao7
+ozWy6cafumUwHayS2hpjt3xzhB16c9GOxPOEmsMqswDhXrMMa13JotsVUzG7JGrl
+JoAyfpoPX6YQrHZPnhcTbJJROQi6ieyuFjPrSEimJKdMDrog6bi778j2byXyJ8El
+NM16UryZzuHT95Z+6hnMC/YDEcAuY2GQiIEu0fJcPmX/HppXFtizlzUYDsw31FLN
+HIG6aZoVhROZei025XdiK3BKeFf/MHFtQSfMEJMCAwEAAaOBuDCBtTAJBgNVHRME
+AjAAMB0GA1UdDgQWBBR+aM7P8gJDgShmhIC8FvJW1p49rjBRBgNVHSMESjBIgBTD
+gbioG96/pmkAIP/Fz8UIN53udqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
+FGBA+WAKIkNmaEYyUotz/1dbePWeMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
+DwQEAwIFoDAUBgNVHREEDTALggl0ZXN0c3VpdGUwDQYJKoZIhvcNAQELBQADggEB
+AC3UBDPJK8Ee7fO2gT0kA57c+pQ40+58UHzowpzwyfhrNsLKc/fyjWGSP02pGd6k
+RhOsj8oY3i0v4taK9LksmokzH7hSnp/iKOybxYhQBYGzaOs6GdFEqzEy76XwqkzA
+5gh3QLgzabHzq6NTwXpzeKuIGAFsIyPt+Akt+GvDwmZ9tfoupe2dDYvDf8x+aef/
+g7rfLK1+0oyjgv1PyyWc0lZvLXIJq3v5PoZYQQ7Wt/pJziGKhZbWM6Z/wWi1eKzj
+M23t90BXjdXBICGzvr7qfjfVJ5KnpI2N6ZA1jTZ3s+7IlG0H+XwqG0VcyllFB3lM
+1ijJaPkFWvX6b4MSWCk61FI=
+-----END CERTIFICATE-----
diff --git a/ipad/example_ca/pki/extensions.temp b/ipad/example_ca/pki/extensions.temp
index fba838c..b50d5af 100644
--- a/ipad/example_ca/pki/extensions.temp
+++ b/ipad/example_ca/pki/extensions.temp
@@ -14,4 +14,4 @@
 keyUsage = digitalSignature,keyEncipherment
-subjectAltName = DNS:localhost,IP:127.0.0.1
+subjectAltName = DNS:testsuite
diff --git a/ipad/example_ca/pki/index.txt b/ipad/example_ca/pki/index.txt
index 3343ef2..42250af 100644
--- a/ipad/example_ca/pki/index.txt
+++ b/ipad/example_ca/pki/index.txt
@@ -1 +1,2 @@
 V	270318133909Z		11192A13CF3A3BC43FE1594BA8567DF0	unknown	/CN=alttest
+V	270319125427Z		1D1B580C1B235125A87BE06C70121913	unknown	/CN=testsuite
diff --git a/ipad/example_ca/pki/index.txt.attr.old b/ipad/example_ca/pki/index.txt.attr.old
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/ipad/example_ca/pki/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/ipad/example_ca/pki/index.txt.old b/ipad/example_ca/pki/index.txt.old
index e69de29..3343ef2 100644
--- a/ipad/example_ca/pki/index.txt.old
+++ b/ipad/example_ca/pki/index.txt.old
@@ -0,0 +1 @@
+V	270318133909Z		11192A13CF3A3BC43FE1594BA8567DF0	unknown	/CN=alttest
diff --git a/ipad/example_ca/pki/issued/testsuite.cabundle b/ipad/example_ca/pki/issued/testsuite.cabundle
new file mode 100644
index 0000000..bc4e6ce
--- /dev/null
+++ b/ipad/example_ca/pki/issued/testsuite.cabundle
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIQHRtYDBsjUSWoe+BscBIZEzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNDA0MDMxMjU0MjdaFw0yNzAzMTkx
+MjU0MjdaMBQxEjAQBgNVBAMMCXRlc3RzdWl0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM1ZJZ3tz5b1ESf+Uyi+mjR9Uou6ZxfWuQHGpaPj+RN2SvaY
+Ctd1SYy1qj7UJA+K9E6yY7FuBCB5J5RuNZuUJte/JfKYSOiKh1R8ucWDWUKdEao7
+ozWy6cafumUwHayS2hpjt3xzhB16c9GOxPOEmsMqswDhXrMMa13JotsVUzG7JGrl
+JoAyfpoPX6YQrHZPnhcTbJJROQi6ieyuFjPrSEimJKdMDrog6bi778j2byXyJ8El
+NM16UryZzuHT95Z+6hnMC/YDEcAuY2GQiIEu0fJcPmX/HppXFtizlzUYDsw31FLN
+HIG6aZoVhROZei025XdiK3BKeFf/MHFtQSfMEJMCAwEAAaOBuDCBtTAJBgNVHRME
+AjAAMB0GA1UdDgQWBBR+aM7P8gJDgShmhIC8FvJW1p49rjBRBgNVHSMESjBIgBTD
+gbioG96/pmkAIP/Fz8UIN53udqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
+FGBA+WAKIkNmaEYyUotz/1dbePWeMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
+DwQEAwIFoDAUBgNVHREEDTALggl0ZXN0c3VpdGUwDQYJKoZIhvcNAQELBQADggEB
+AC3UBDPJK8Ee7fO2gT0kA57c+pQ40+58UHzowpzwyfhrNsLKc/fyjWGSP02pGd6k
+RhOsj8oY3i0v4taK9LksmokzH7hSnp/iKOybxYhQBYGzaOs6GdFEqzEy76XwqkzA
+5gh3QLgzabHzq6NTwXpzeKuIGAFsIyPt+Akt+GvDwmZ9tfoupe2dDYvDf8x+aef/
+g7rfLK1+0oyjgv1PyyWc0lZvLXIJq3v5PoZYQQ7Wt/pJziGKhZbWM6Z/wWi1eKzj
+M23t90BXjdXBICGzvr7qfjfVJ5KnpI2N6ZA1jTZ3s+7IlG0H+XwqG0VcyllFB3lM
+1ijJaPkFWvX6b4MSWCk61FI=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUYED5YAoiQ2ZoRjJSi3P/V1t49Z4wDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjQwNDAyMTMzODE5WhcNMzQw
+MzMxMTMzODE5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKGJhlCT/JyJdNgCM5wgNhaXnQNa8m0tuIRBf0Fj
+si22T0NCIBORnJrHX2AuDkC0Rkg4j/sJPs6DjAIijQgjYNstwdODPP6cslNmqXM/
+4PRElAc/iR8Q4eCobdwSiAG26wG+rwspBEjIIi2oHkpl+n+c1sgqGhlOqlwAzXzX
+fhjHZpbpfi4/gOwgncG9PKylaIJqz2f8QS7zUB9q+Jm7rK9NKPF6qTcKMrh3VhSL
+Ja1klyX+TtTAqXsXwCeRQU/1FfihCYxciD9MPikWCUHMytdoCLBAo0N+qescZZYg
+8VVfcXocYTEivYsbx2BxQJlnVxcBB7sGpsIi3xNa5DJQ/a8CAwEAAaOBkDCBjTAd
+BgNVHQ4EFgQUw4G4qBvev6ZpACD/xc/FCDed7nYwUQYDVR0jBEowSIAUw4G4qBve
+v6ZpACD/xc/FCDed7nahGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRgQPlg
+CiJDZmhGMlKLc/9XW3j1njAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAX0fvL7WYcYPWx5tQrTrcqU4vtcO9GCgjsDB8FrqlZBW1
+Z8JbqrQ0qjt9mdfJkDu6EgncsV4du8IMiEx6YvvTYGEVmCTwYU+y3RjAeE79uu51
+UjDKL8r7Q7tkBsCf5jnkw0lmcYiEIErWTnCPy2XBIR/YLnMzoYmfRoqB8HjgFL+M
+IQw1sWH387n/DOrwQrXDxtnO6Hb6G+2Ym6t2Gh0aGihCnDVrOpyZ5lsp9XYT+/Yt
+AjS1zUUT+RdjiD55aAQi5vJhaa6C9NOIEiO7zV2Z4f9Fyb3AnQw9OMxYjuGTVf3d
+P2stdjKvd2TythsmHnkRJ/gDkmqrPxoDHEYNkNqK1g==
+-----END CERTIFICATE-----
diff --git a/ipad/example_ca/pki/issued/testsuite.crt b/ipad/example_ca/pki/issued/testsuite.crt
new file mode 100644
index 0000000..2395451
--- /dev/null
+++ b/ipad/example_ca/pki/issued/testsuite.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            1d:1b:58:0c:1b:23:51:25:a8:7b:e0:6c:70:12:19:13
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Apr  3 12:54:27 2024 GMT
+            Not After : Mar 19 12:54:27 2027 GMT
+        Subject: CN=testsuite
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:cd:59:25:9d:ed:cf:96:f5:11:27:fe:53:28:be:
+                    9a:34:7d:52:8b:ba:67:17:d6:b9:01:c6:a5:a3:e3:
+                    f9:13:76:4a:f6:98:0a:d7:75:49:8c:b5:aa:3e:d4:
+                    24:0f:8a:f4:4e:b2:63:b1:6e:04:20:79:27:94:6e:
+                    35:9b:94:26:d7:bf:25:f2:98:48:e8:8a:87:54:7c:
+                    b9:c5:83:59:42:9d:11:aa:3b:a3:35:b2:e9:c6:9f:
+                    ba:65:30:1d:ac:92:da:1a:63:b7:7c:73:84:1d:7a:
+                    73:d1:8e:c4:f3:84:9a:c3:2a:b3:00:e1:5e:b3:0c:
+                    6b:5d:c9:a2:db:15:53:31:bb:24:6a:e5:26:80:32:
+                    7e:9a:0f:5f:a6:10:ac:76:4f:9e:17:13:6c:92:51:
+                    39:08:ba:89:ec:ae:16:33:eb:48:48:a6:24:a7:4c:
+                    0e:ba:20:e9:b8:bb:ef:c8:f6:6f:25:f2:27:c1:25:
+                    34:cd:7a:52:bc:99:ce:e1:d3:f7:96:7e:ea:19:cc:
+                    0b:f6:03:11:c0:2e:63:61:90:88:81:2e:d1:f2:5c:
+                    3e:65:ff:1e:9a:57:16:d8:b3:97:35:18:0e:cc:37:
+                    d4:52:cd:1c:81:ba:69:9a:15:85:13:99:7a:2d:36:
+                    e5:77:62:2b:70:4a:78:57:ff:30:71:6d:41:27:cc:
+                    10:93
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                7E:68:CE:CF:F2:02:43:81:28:66:84:80:BC:16:F2:56:D6:9E:3D:AE
+            X509v3 Authority Key Identifier: 
+                keyid:C3:81:B8:A8:1B:DE:BF:A6:69:00:20:FF:C5:CF:C5:08:37:9D:EE:76
+                DirName:/CN=Easy-RSA CA
+                serial:60:40:F9:60:0A:22:43:66:68:46:32:52:8B:73:FF:57:5B:78:F5:9E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:testsuite
+    Signature Algorithm: sha256WithRSAEncryption
+         2d:d4:04:33:c9:2b:c1:1e:ed:f3:b6:81:3d:24:03:9e:dc:fa:
+         94:38:d3:ee:7c:50:7c:e8:c2:9c:f0:c9:f8:6b:36:c2:ca:73:
+         f7:f2:8d:61:92:3f:4d:a9:19:de:a4:46:13:ac:8f:ca:18:de:
+         2d:2f:e2:d6:8a:f4:b9:2c:9a:89:33:1f:b8:52:9e:9f:e2:28:
+         ec:9b:c5:88:50:05:81:b3:68:eb:3a:19:d1:44:ab:31:32:ef:
+         a5:f0:aa:4c:c0:e6:08:77:40:b8:33:69:b1:f3:ab:a3:53:c1:
+         7a:73:78:ab:88:18:01:6c:23:23:ed:f8:09:2d:f8:6b:c3:c2:
+         66:7d:b5:fa:2e:a5:ed:9d:0d:8b:c3:7f:cc:7e:69:e7:ff:83:
+         ba:df:2c:ad:7e:d2:8c:a3:82:fd:4f:cb:25:9c:d2:56:6f:2d:
+         72:09:ab:7b:f9:3e:86:58:41:0e:d6:b7:fa:49:ce:21:8a:85:
+         96:d6:33:a6:7f:c1:68:b5:78:ac:e3:33:6d:ed:f7:40:57:8d:
+         d5:c1:20:21:b3:be:be:ea:7e:37:d5:27:92:a7:a4:8d:8d:e9:
+         90:35:8d:36:77:b3:ee:c8:94:6d:07:f9:7c:2a:1b:45:5c:ca:
+         59:45:07:79:4c:d6:28:c9:68:f9:05:5a:f5:fa:6f:83:12:58:
+         29:3a:d4:52
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIQHRtYDBsjUSWoe+BscBIZEzANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNDA0MDMxMjU0MjdaFw0yNzAzMTkx
+MjU0MjdaMBQxEjAQBgNVBAMMCXRlc3RzdWl0ZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAM1ZJZ3tz5b1ESf+Uyi+mjR9Uou6ZxfWuQHGpaPj+RN2SvaY
+Ctd1SYy1qj7UJA+K9E6yY7FuBCB5J5RuNZuUJte/JfKYSOiKh1R8ucWDWUKdEao7
+ozWy6cafumUwHayS2hpjt3xzhB16c9GOxPOEmsMqswDhXrMMa13JotsVUzG7JGrl
+JoAyfpoPX6YQrHZPnhcTbJJROQi6ieyuFjPrSEimJKdMDrog6bi778j2byXyJ8El
+NM16UryZzuHT95Z+6hnMC/YDEcAuY2GQiIEu0fJcPmX/HppXFtizlzUYDsw31FLN
+HIG6aZoVhROZei025XdiK3BKeFf/MHFtQSfMEJMCAwEAAaOBuDCBtTAJBgNVHRME
+AjAAMB0GA1UdDgQWBBR+aM7P8gJDgShmhIC8FvJW1p49rjBRBgNVHSMESjBIgBTD
+gbioG96/pmkAIP/Fz8UIN53udqEapBgwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0GC
+FGBA+WAKIkNmaEYyUotz/1dbePWeMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
+DwQEAwIFoDAUBgNVHREEDTALggl0ZXN0c3VpdGUwDQYJKoZIhvcNAQELBQADggEB
+AC3UBDPJK8Ee7fO2gT0kA57c+pQ40+58UHzowpzwyfhrNsLKc/fyjWGSP02pGd6k
+RhOsj8oY3i0v4taK9LksmokzH7hSnp/iKOybxYhQBYGzaOs6GdFEqzEy76XwqkzA
+5gh3QLgzabHzq6NTwXpzeKuIGAFsIyPt+Akt+GvDwmZ9tfoupe2dDYvDf8x+aef/
+g7rfLK1+0oyjgv1PyyWc0lZvLXIJq3v5PoZYQQ7Wt/pJziGKhZbWM6Z/wWi1eKzj
+M23t90BXjdXBICGzvr7qfjfVJ5KnpI2N6ZA1jTZ3s+7IlG0H+XwqG0VcyllFB3lM
+1ijJaPkFWvX6b4MSWCk61FI=
+-----END CERTIFICATE-----
diff --git a/ipad/example_ca/pki/issued/testsuite.notes b/ipad/example_ca/pki/issued/testsuite.notes
new file mode 100644
index 0000000..55594a6
--- /dev/null
+++ b/ipad/example_ca/pki/issued/testsuite.notes
@@ -0,0 +1,8 @@
+This certificate is suitable for tests where the testsuite runs on a separate
+machine or VM that has the hostname "testsuite"
+
+The testsuite.crt certificate has been created using the following commandline:
+./easyrsa --subject-alt-name="DNS:testsuite" build-server-full testsuite nopass
+
+The testsuite.cabundle file has been created manually (alttest certificate at the
+top, ca certificate at the bottom).
diff --git a/ipad/example_ca/pki/openssl-easyrsa.temp b/ipad/example_ca/pki/openssl-easyrsa.temp
index d27c05b..041a4df 100644
--- a/ipad/example_ca/pki/openssl-easyrsa.temp
+++ b/ipad/example_ca/pki/openssl-easyrsa.temp
@@ -66,7 +66,7 @@
 req_extensions = req_extra
 [ req_extra ]
-subjectAltName = DNS:localhost,IP:127.0.0.1
+subjectAltName = DNS:testsuite
####################################################################
 # Easy-RSA DN (Subject) handling
diff --git a/ipad/example_ca/pki/private/testsuite.key b/ipad/example_ca/pki/private/testsuite.key
new file mode 100644
index 0000000..91e655f
--- /dev/null
+++ b/ipad/example_ca/pki/private/testsuite.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNWSWd7c+W9REn
+/lMovpo0fVKLumcX1rkBxqWj4/kTdkr2mArXdUmMtao+1CQPivROsmOxbgQgeSeU
+bjWblCbXvyXymEjoiodUfLnFg1lCnRGqO6M1sunGn7plMB2sktoaY7d8c4QdenPR
+jsTzhJrDKrMA4V6zDGtdyaLbFVMxuyRq5SaAMn6aD1+mEKx2T54XE2ySUTkIuons
+rhYz60hIpiSnTA66IOm4u+/I9m8l8ifBJTTNelK8mc7h0/eWfuoZzAv2AxHALmNh
+kIiBLtHyXD5l/x6aVxbYs5c1GA7MN9RSzRyBummaFYUTmXotNuV3YitwSnhX/zBx
+bUEnzBCTAgMBAAECggEAPvUvCE2KENFQEj/yRRKy+pbVwQtEYlWt4TKDRE0351Sk
+RRh2cnp+M0rbSGoIKE/E+X/N+u8tCru6e9KSUwHIKutq+gbgi5M1TJz04+6SZk77
+xIKGVodlD0WXg0COSIO5pM+fyOMtxU/uxHgOQE8Ol/m2afWu8BxFqrqQWLUgDaWz
+OjCEDiWiIrv4/AV0CAs3kJHGlLmBD0OXWW51fZf5Tq0JgoIDm2a1obJSBEm9S4tc
+wJFUw+r7E7cYGUSvWpT2GiQshlqr7ZwDVBbIFCyZccQ24CqFqmD5EC2Olc9Il2gL
+gg9/BhLfRii1NT+gYJVBpSNupmJX1oMtFH1qvC6MiQKBgQDnq0y0AZ5mfbmlAeao
+PYp2kLtWdeMaAQMSDDxtffmyYU5tgUzdn8D8poLAJUNjazz7glnor5MOKIzmIMRc
+kCAGZdNJLXpiq8KnX/hrpgiYpxhSE453/XNuH9sUjf/AkCpd1dxiCdwAnWUEJQ5b
+doRWrbHOgkcM2am8sf+s3nP1bQKBgQDi6i2p8k6Gq5cukclQQJO5qfnDv5mVKlZ3
+D6Ac4Vh0p58pyGWGKvJHWNVQoVhwWimh3mwHzDaAsW2td3+jzMQEUWsgSzNa//xE
+LZlvhMVmH8KO3R47p8zL6PwzQqlHDYCj7te3m2dx+00LbKQLsGU+c81wquHlaWAE
++J1uP2pd/wKBgQCzBuCGdn3HLD9LMXXi63PV/jCXNxCh5shNqSEFaAWPAL1PyEzz
+M2I6nB6Mh/9Uk+mTXv9F3nBgz5tat1WnRkVJTGUDtt5N4/fPyk06OxuHhBE6VByT
+w0vxfTKa5sUONRpYW00sgfv+iaMnmc9HhQXtydqPAIQRfR87T76KA3pO3QKBgB61
+PErEbNYSwJnfxtOieZtlolRYSIuEOEFSjwN5h4P57zMzWHHou/Ll1bBctWA3A21R
+cWM4wqN133bbNh3PpzNCZXHwW1nUTKpZVWtfF2uznpvA1seR9MgflonFWq0v6ZnF
+x9GkKUKmlI2YPTcLvxfNih7WMU3fjcv+bSevU1C3AoGBAKAwDpQxrfMiS0B444cL
+lejp+dCLzuZn+8TH4CF2zE1qWlgIWUM0N9Rkb1tWle2Mcu6quuwyInqf6XStCvYZ
+CiFOMgpXm7YHBlJl/onT65WhgHZDCn8GF4IHcTf57cDCeaZENOTKt5XS4lfMudbA
+ap7oEzSJkkgiXeVhn/cr59uN
+-----END PRIVATE KEY-----
diff --git a/ipad/example_ca/pki/reqs/testsuite.req b/ipad/example_ca/pki/reqs/testsuite.req
new file mode 100644
index 0000000..1a822d3
--- /dev/null
+++ b/ipad/example_ca/pki/reqs/testsuite.req
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgDCCAWgCAQAwFDESMBAGA1UEAwwJdGVzdHN1aXRlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAzVklne3PlvURJ/5TKL6aNH1Si7pnF9a5Acalo+P5
+E3ZK9pgK13VJjLWqPtQkD4r0TrJjsW4EIHknlG41m5Qm178l8phI6IqHVHy5xYNZ
+Qp0RqjujNbLpxp+6ZTAdrJLaGmO3fHOEHXpz0Y7E84SawyqzAOFeswxrXcmi2xVT
+MbskauUmgDJ+mg9fphCsdk+eFxNsklE5CLqJ7K4WM+tISKYkp0wOuiDpuLvvyPZv
+JfInwSU0zXpSvJnO4dP3ln7qGcwL9gMRwC5jYZCIgS7R8lw+Zf8emlcW2LOXNRgO
+zDfUUs0cgbppmhWFE5l6LTbld2IrcEp4V/8wcW1BJ8wQkwIDAQABoCcwJQYJKoZI
+hvcNAQkOMRgwFjAUBgNVHREEDTALggl0ZXN0c3VpdGUwDQYJKoZIhvcNAQELBQAD
+ggEBAF/j6GFuLC0qfyEuUTSFxNncOkwGefIzF7pftqGQ7ljnzYpKoAaoR3S1fDMQ
+DUdhh9C74OR8/LVpKub2lb29iCRSMYtcJh/TcD9z+gMBpTdcy4ZeeGmsHSzHbGkK
+LEvH7HeQyzehWP6byCbQ4UfgUvmVD0hSpDB5BjhSZrfKiSZja31XPpsXDbl5X8ro
+vUQyrxXR7a00XUutpPzNb+NCsTFGT1r1MYPjImwpZAUi4d0qyLzWnzOzjMAvSCqd
+6Lp43OYTAHiKi3hT2jAldI0yl78rt3zdTPPZuI/w5NkPYJ5AlnlM4q0DCoL1X6kb
+VeRHvyVDz7asUfOT5vzmbaDwgyc=
+-----END CERTIFICATE REQUEST-----
diff --git a/ipad/example_ca/pki/safessl-easyrsa.cnf b/ipad/example_ca/pki/safessl-easyrsa.cnf
index f5c1ad8..b36fa6a 100644
--- a/ipad/example_ca/pki/safessl-easyrsa.cnf
+++ b/ipad/example_ca/pki/safessl-easyrsa.cnf
@@ -1,6 +1,6 @@
 # For use with Easy-RSA 3.1 and OpenSSL or LibreSSL
-RANDFILE		= /home/owner/example_ca/pki/.rnd
+RANDFILE		= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/.rnd
####################################################################
 [ ca ]
@@ -9,17 +9,17 @@
 ####################################################################
 [ CA_default ]
-dir		= /home/owner/example_ca/pki	# Where everything is kept
-certs		= /home/owner/example_ca/pki			# Where the issued certs are kept
-crl_dir		= /home/owner/example_ca/pki			# Where the issued crl are kept
-database	= /home/owner/example_ca/pki/index.txt	# database index file.
-new_certs_dir	= /home/owner/example_ca/pki/certs_by_serial	# default place for new certs.
+dir		= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki	# Where everything is kept
+certs		= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki			# Where the issued certs are kept
+crl_dir		= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki			# Where the issued crl are kept
+database	= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/index.txt	# database index file.
+new_certs_dir	= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/certs_by_serial	# default place for new certs.
-certificate	= /home/owner/example_ca/pki/ca.crt	 	# The CA certificate
-serial		= /home/owner/example_ca/pki/serial 		# The current serial number
-crl		= /home/owner/example_ca/pki/crl.pem 		# The current CRL
-private_key	= /home/owner/example_ca/pki/private/ca.key	# The private key
-RANDFILE	= /home/owner/example_ca/pki/.rand		# private random number file
+certificate	= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/ca.crt	 	# The CA certificate
+serial		= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/serial 		# The current serial number
+crl		= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/crl.pem 		# The current CRL
+private_key	= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/private/ca.key	# The private key
+RANDFILE	= /home/owner/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/.rand		# private random number file
x509_extensions	= basic_exts		# The extentions to add to the cert
@@ -66,7 +66,7 @@
 req_extensions = req_extra
 [ req_extra ]
-subjectAltName = DNS:localhost,IP:127.0.0.1
+subjectAltName = DNS:testsuite
####################################################################
 # Easy-RSA DN (Subject) handling
@@ -75,7 +75,7 @@
 [ cn_only ]
 commonName		= Common Name (eg: your user, host, or server name)
 commonName_max		= 64
-commonName_default	= alttest
+commonName_default	= testsuite
# Easy-RSA DN for org support:
 [ org ]
@@ -98,7 +98,7 @@
commonName			= Common Name (eg: your user, host, or server name)
 commonName_max			= 64
-commonName_default		= alttest
+commonName_default		= testsuite
emailAddress			= Email Address
 emailAddress_default		= me@example.net
diff --git a/ipad/example_ca/pki/serial b/ipad/example_ca/pki/serial
index c8d540a..56f3961 100644
--- a/ipad/example_ca/pki/serial
+++ b/ipad/example_ca/pki/serial
@@ -1 +1 @@
-11192A13CF3A3BC43FE1594BA8567DF1
+1D1B580C1B235125A87BE06C70121914
diff --git a/ipad/example_ca/pki/serial.old b/ipad/example_ca/pki/serial.old
index 85d677f..0750e3b 100644
--- a/ipad/example_ca/pki/serial.old
+++ b/ipad/example_ca/pki/serial.old
@@ -1 +1 @@
-11192a13cf3a3bc43fe1594ba8567df0
+1d1b580c1b235125a87be06c70121913
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36621?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: I2d4ba8b710b9cf518b90c7f7acc8982350705531
Gerrit-Change-Number: 36621
Gerrit-PatchSet: 1
Gerrit-Owner: dexter pmaier@sysmocom.de
Gerrit-MessageType: newchange



    