github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21495 Commits
1703 Branches
457 Tags
696 MiB
 
 
 
 
 
 
Tree: 3c3bdba926
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3c3bdba926'
${ noResults }
consul/test/CA-GENERATION.md

2.4 KiB
Raw Blame History

CA certificate generation procedure

Client certificates

if tests like TestAPI_ClientTLSOptions (or any other test using certificates located in ./test/client_certs ) are failing because of expired certificates, use ./generate.sh script to regenerate a new set of certificate.

cd test/client_certs/
rm -rf *.pem *.crt *.key && ./generate.sh

CA certificates

if tests like TestAgent_ReloadConfigTLSConfigFailure (or any other test using certificates located in ./test/ca ) are failing because of expired certificates, use ./generate.sh script to regenerate a new set of certificate.

cd test/ca/
rm -rf *.pem *.crt *.key && ./generate.sh

It also possible for the root CA to expire. In this case, use the instructions [here](Instructions from https://langui.sh/2009/01/18/openssl-self-signed-ca/) to regenerate root.cer and privkey.pem. Configure the cert as follows:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:HashiCorp Test Cert
Organizational Unit Name (eg, section) []:Dev
Common Name (e.g. server FQDN or YOUR name) []:test.internal
Email Address []:test@internal.com

Ensure that you run ./test/ca/generate.sh after recreating the root CA.

Hostname certificates

if tests like TestNewDialer_WithALPNWrapper (or any other test using certificates located in ./test/hostname ) are failing because of expired certificates, use ./generate.sh script to regenerate a new set of certificate.

cd test/hostname/
# Avoid deleting CertAuth.crt and privkey.pem since they're referenced in myca.conf
rm -rf "[Bonnie|Betty|Bob|Alice].crt" *.key && ./generate.sh

It also possible for the root CA to expire. In this case, use the instructions [here](Instructions from https://langui.sh/2009/01/18/openssl-self-signed-ca/) to regenerate CertAuth.crt and privkey.pem.

openssl req -newkey rsa:2048 -days 3650 -x509 -nodes -out CertAuth.crt

Configure the cert as follows:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:HashiCorp Test Cert
Organizational Unit Name (eg, section) []:Test
Common Name (e.g. server FQDN or YOUR name) []:CertAuth
Email Address []:test@internal.com