testing: Add some notes about how to reissue attribute certificates
This commit is contained in:
parent
16469e8474
commit
7ab320def3
|
@ -0,0 +1,23 @@
|
|||
# Carols acert for sales and finance
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
|
||||
--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
|
||||
--group sales --group finance -l 87600 -f pem \
|
||||
> hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
|
||||
|
||||
# Daves acert for marketing
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
|
||||
--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
|
||||
--group marketing -l 87600 -f pem \
|
||||
> hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
|
||||
|
||||
# Daves expired acert for sales
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
|
||||
--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
|
||||
--group sales -F "01.01.13 08:00:00" -l 240 -f pem \
|
||||
> hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
|
|
@ -0,0 +1,15 @@
|
|||
# Carols expired acert for finance
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
|
||||
--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
|
||||
--group finance -F "01.01.13 08:00:00" -l 240 -f pem \
|
||||
> ./hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
|
||||
|
||||
# Carols valid acert for sales
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
|
||||
--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
|
||||
--group sales -l 87600 -f pem \
|
||||
> hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
|
|
@ -0,0 +1,23 @@
|
|||
# Carols sales acert
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \
|
||||
../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
|
||||
--group sales -l 87600 -f pem \
|
||||
> hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
|
||||
|
||||
# Daves marketing acert
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
|
||||
--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
|
||||
--group marketing -l 87600 -f pem
|
||||
> hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
|
||||
|
||||
# Daves sales acert from expired AA
|
||||
pki --acert \
|
||||
--issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \
|
||||
--issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \
|
||||
--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
|
||||
--group sales -l 87600 -f pem \
|
||||
> hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem
|
Loading…
Reference in New Issue