certgen

command
v1.9.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 27, 2021 License: MPL-2.0 Imports: 8 Imported by: 0

Documentation

Overview

certgen: a tool for generating test certificates on disk for use as test-fixtures and for end-to-end testing and local development.

Example usage: 

$ go run connect/certgen/certgen.go -out-dir /tmp/connect-certs

You can verify a given leaf with a given root using: 

$ openssl verify -verbose -CAfile ca1-ca.cert.pem ca1-svc-db.cert.pem

Note that to verify via the cross-signed intermediate, openssl requires it to be bundled with the _root_ CA bundle and will ignore the cert if it's passed with the subject. You can do that with: 

$ openssl verify -verbose -CAfile \
   <(cat ca1-ca.cert.pem ca2-xc-by-ca1.cert.pem) \
   ca2-svc-db.cert.pem
ca2-svc-db.cert.pem: OK

Note that the same leaf and root without the intermediate should fail: 

$ openssl verify -verbose -CAfile ca1-ca.cert.pem ca2-svc-db.cert.pem
ca2-svc-db.cert.pem: CN = db
error 20 at 0 depth lookup:unable to get local issuer certificate

NOTE: THIS IS A QUIRK OF OPENSSL; in Connect we distribute the roots alone and stable intermediates like the XC cert to the _leaf_.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.