mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-14 10:13:05 +02:00

History

Reid Thompson 4ea4e3f380 Update Fedora test image to Fedora 38. This should have been done in `434938e3` but somehow it didn't happen. Fedora 38 requires 2048 bit keys so update the VM builds to use them. Update the documentation to use 2048 bit keys. This is not technically required by this commit but it makes sense to do it now. Also update the key location for the yum.p.o repository. Lastly, shuffle test PostgreSQL versions since PostgreSQL 11 is not longer available in the yum.p.o repository.		2024-04-23 22:34:32 +10:00
..
ssh	Update Fedora test image to Fedora 38.	2024-04-23 22:34:32 +10:00
.gitignore	Add TLS Server.	2021-10-18 14:32:41 -04:00
pgbackrest-test-ca.crt	New test containers with static test certificates.	2018-11-21 18:13:37 -05:00
pgbackrest-test-ca.key	New test containers with static test certificates.	2018-11-21 18:13:37 -05:00
pgbackrest-test-client.cnf	Add TLS Server.	2021-10-18 14:32:41 -04:00
pgbackrest-test-client.crt	Add TLS Server.	2021-10-18 14:32:41 -04:00
pgbackrest-test-client.key	Add TLS Server.	2021-10-18 14:32:41 -04:00
pgbackrest-test-server.cnf	Migrate integration tests to C.	2024-03-06 11:00:09 +13:00
pgbackrest-test-server.crt	Migrate integration tests to C.	2024-03-06 11:00:09 +13:00
pgbackrest-test-server.key	Add TLS Server.	2021-10-18 14:32:41 -04:00
README.md	Remove double spaces from comments and documentation.	2023-05-02 12:57:12 +03:00

README.md

pgBackRest Test Certificates

The certificates in this directory are used for testing purposes only and are not used for actual services. They are used only by the unit and integration tests and there should be no reason to modify them unless new tests are required.

Generating the Test CA (pgbackrest-test-ca.crt/key)

This is a self-signed CA that is used to sign all server certificates. No intermediate CAs will be generated since they are not needed for testing.

cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test-ca.key 4096
openssl req -new -x509 -extensions v3_ca -key pgbackrest-test-ca.key -out pgbackrest-test-ca.crt -days 99999 \
    -subj "/C=US/ST=All/L=All/O=pgBackRest/CN=test.pgbackrest.org"
openssl x509 -in pgbackrest-test-ca.crt -text -noout

Generating the Server Test Key (pgbackrest-test-server.key)

This key will be used for all server certificates to keep things simple.

cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test-server.key 4096

Generating the Server Test Certificate (pgbackrest-test-server.crt/key)

This certificate will be used in unit and integration tests. It is expected to pass verification but won't be subjected to extensive testing.

cd [pgbackrest-root]/test/certificate
openssl req -new -sha256 -nodes -out pgbackrest-test-server.csr -key pgbackrest-test-server.key -config pgbackrest-test-server.cnf
openssl x509 -req -in pgbackrest-test-server.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
    -out pgbackrest-test-server.crt -days 99999 -extensions v3_req -extfile pgbackrest-test-server.cnf
openssl x509 -in pgbackrest-test-server.crt -text -noout

Generating the Client Test Key (pgbackrest-test-client.key)

This key will be used for all client certificates to keep things simple.

cd [pgbackrest-root]/test/certificate
openssl genrsa -out pgbackrest-test-client.key 4096

Generating the Client Test Certificate (pgbackrest-test-client.crt/key)

This certificate will be used in unit and integration tests. It is expected to pass verification but won't be subjected to extensive testing.

cd [pgbackrest-root]/test/certificate
openssl req -new -sha256 -nodes -out pgbackrest-test-client.csr -key pgbackrest-test-client.key -config pgbackrest-test-client.cnf
openssl x509 -req -in pgbackrest-test-client.csr -CA pgbackrest-test-ca.crt -CAkey pgbackrest-test-ca.key -CAcreateserial \
    -out pgbackrest-test-client.crt -days 99999 -extensions v3_req -extfile pgbackrest-test-client.cnf
openssl x509 -in pgbackrest-test-client.crt -text -noout