/usr/lib/mysql-testsuite/std_data/crl-certificate-readme.txt is in percona-server-test-5.6 5.6.22-rel71.0-0ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | These are the instructions on how to generate test files for the CRL tests
using openSSL.
1. Make sure you have the right validity periods in CA.pl and openssl.cnf
2. Create a new certification authority : CA.pl -newca
3. Copy demoCA/cacert.pem to crl-ca-cert.pem
4. Create one server certificate request : CA.pl -newreq
5. Sign the server certificate request : CA.pl -signreq
6. Copy demoCA/newcert.pem to crl-server-cert.pem
7. Remove the key from server's certificate key while copying it :
openssl rsa -in newkey.pem -out crl-server-key.pem
8. Create one client certificate request : CA.pl -newreq
9. Sign the client certificate request : CA.pl -signreq
10. Copy demoCA/newcert.pem to crl-client-cert.pem
11. Remove the key from client's certificate key while copying it :
openssl rsa -in newkey.pem -out crl-client-key.pem
12. Create one to-be-revoked client certificate request : CA.pl -newreq
13. Sign the to-be-revoked client certificate request : CA.pl -signreq
14. Copy demoCA/newcert.pem to crl-client-invalid-cert.pem
15. Remove the key from the to-be-revoked client's certificate
key while copying it :
openssl rsa -in newkey.pem -out crl-client-invalid-key.pem
16. Revoke the crl-client-invalid-cert.pem :
openssl ca -revoke crl-client-invalid-key.pem
17. Generate a CRL file :
openssl ca -gencrl -crldays=3650 -out crl-client-revoked.crl
18. Clean up all the files in the crldir directory
19. Copy the CA certificate into it :
cp crl-ca-cert.pem `openssl -in crl-ca-cert.pem -noout -hash`.0
20. Copy the CRL file into it :
cp crl-client-revoked.crl `openssl -in crl-ca-cert.pem -noout -hash`.r0
|