mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 20:03:13 +02:00
13b2313ace
I kept most of the certificate properties equal to the old certs, since some people's test scripts might rely on them (and it does not require any creativity from my part). Changes: * Add script to generate fresh test/sample keys (but keep sample keys in git for simple testing) * Switch from 1024 to 4096 bits RSA CA * Switch from 1024 to 2048 bits client/server RSA keys * Switch from 1024 to 2048 bits Diffie-Hellman parameters * Generate EC client and server cert, but sign with RSA CA (lets us test EC <-> RSA interoperability) * Remove 3DES cipher from 'sample' config * Add 'remote-cert-tls server' to client config * Update config files to deprecate nsCertType in favour of the keyUsage and extendedKeyUsage extensions. * Make naming more consistent Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Samuli Seppänen <samuli@openvpn.net> Message-Id: <CAA1AbxKZr_E6Wk9GBbB3xpLyJzyBxSa1k21UDXnC90d8refUzw@mail.gmail.com> URL: http://article.gmane.org/gmane.network.openvpn.devel/9226 Signed-off-by: Gert Doering <gert@greenie.muc.de>
20 lines
737 B
Plaintext
20 lines
737 B
Plaintext
Sample RSA and EC keys.
|
|
|
|
Run ./gen-sample-keys.sh to generate fresh test keys.
|
|
|
|
See the examples section of the man page for usage examples.
|
|
|
|
NOTE: THESE KEYS ARE FOR TESTING PURPOSES ONLY.
|
|
DON'T USE THEM FOR ANY REAL WORK BECAUSE
|
|
THEY ARE TOTALLY INSECURE!
|
|
|
|
ca.{crt,key} -- sample CA key/cert
|
|
server.{crt,key} -- sample server key/cert
|
|
client.{crt,key} -- sample client key/cert
|
|
client-pass.key -- sample client key with password-encrypted key
|
|
password = "password"
|
|
client.p12 -- sample client pkcs12 bundle
|
|
password = "password"
|
|
client-ec.{crt,key} -- sample elliptic curve client key/cert
|
|
server-ec.{crt,key} -- sample elliptic curve server key/cert
|