1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-01-18 04:58:51 +02:00
pgbackrest/test/certificate
David Steele ac426bc456 New test containers with static test certificates.
Test certificates were generated dynamically but there are advantages to using static certificates.  For example, it possible to use the same certificate between container versions.  Mostly, it is easier to document the certificates if they are not buried deep in the container code.

The new test certificates are initially intended to be used with the C unit tests but they will eventually be used for integration tests as well.

Two new certificates have been defined. See test/certificate/README.md for details.

The old dynamic certificates will be retained until they are replaced.
2018-11-21 18:13:37 -05:00
..
.gitignore New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test-alt-name.cnf New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test-alt-name.crt New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test-ca.crt New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test-ca.key New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test.cnf New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test.crt New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
pgbackrest-test.key New test containers with static test certificates. 2018-11-21 18:13:37 -05:00
README.md New test containers with static test certificates. 2018-11-21 18:13:37 -05:00

pgBackRest Test Certificates

The certificates in this directory are used for testing purposes only and are not used for actual services. They are used only by the unit and integration tests and there should be no reason to modify them unless new tests are required.

Generating the Test CA (pgbackrest-test-ca.crt/key)

This is a self-signed CA that is used to sign all server certificates. No intermediate CAs will be generated since they are not needed for testing.

cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test-ca.key 4096
openssl req -new -x509 -extensions v3_ca -key pgbackrest-test-ca.key -out pgbackrest-test-ca.crt -days 99999 \
    -subj "/C=US/ST=All/L=All/O=pgBackRest/CN=test.pgbackrest.org"
openssl x509 -in pgbackrest-test-ca.crt -text -noout

Generating the Test Key (pgbackrest-test.key)

This key will be used for all server certificates to keep things simple.

cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test.key 4096

Generating the Alt Name Test Certificate (pgbackrest-test-alt-name.crt)

This certificate will include alternate names and will only be used in unit tests to check alternate name verification functionality.

cd [pgbackrest-root]/test/certificate
openssl req -new -sha256 -nodes -out pgbackrest-test-alt-name.csr -key pgbackrest-test.key -config pgbackrest-test-alt-name.cnf
openssl x509 -req -in pgbackrest-test-alt-name.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
    -out pgbackrest-test-alt-name.crt -days 99999 -extensions v3_req -extfile pgbackrest-test-alt-name.cnf
openssl x509 -in pgbackrest-test-alt-name.crt -text -noout

Generating the Test Certificate (pgbackrest-test.crt)

This certificate will be used in unit and integration tests. It is expected to pass verification but won't be subjected to extensive testing.

cd [pgbackrest-root]/test/certificate
openssl req -new -sha256 -nodes -out pgbackrest-test.csr -key pgbackrest-test.key -config pgbackrest-test.cnf
openssl x509 -req -in pgbackrest-test.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
    -out pgbackrest-test.crt -days 99999 -extensions v3_req -extfile pgbackrest-test.cnf
openssl x509 -in pgbackrest-test.crt -text -noout