testing: Add some notes about how to reissue attribute certificates

2014-10-03 12:31:01 +02:00 · 2014-10-03 12:31:01 +02:00 · 7ab320def3
parent 16469e8474
commit 7ab320def3
3 changed files with 61 additions and 0 deletions
--- a/testing/tests/ikev2/acert-cached/reissue.txt
+++ b/testing/tests/ikev2/acert-cached/reissue.txt
@ -0,0 +1,23 @@
+# Carols acert for sales and finance
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales --group finance -l 87600 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+
+# Daves acert for marketing
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group marketing -l 87600 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves expired acert for sales
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group sales -F "01.01.13 08:00:00" -l 240 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
--- a/testing/tests/ikev2/acert-fallback/reissue.txt
+++ b/testing/tests/ikev2/acert-fallback/reissue.txt
@ -0,0 +1,15 @@
+# Carols expired acert for finance
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group finance -F "01.01.13 08:00:00" -l 240 -f pem \
+	> ./hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
+
+# Carols valid acert for sales
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales -l 87600 -f pem \
+	> hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
--- a/testing/tests/ikev2/acert-inline/reissue.txt
+++ b/testing/tests/ikev2/acert-inline/reissue.txt
@ -0,0 +1,23 @@
+# Carols sales acert
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \
+	../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales -l 87600 -f pem \
+	> hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
+
+# Daves marketing acert
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group marketing -l 87600 -f pem
+	> hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves sales acert from expired AA
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group sales -l 87600 -f pem \
+	> hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem