Skip to content
Snippets Groups Projects
Select Git revision
  • improve-ci
  • 36-new-stable-nginx-release-1-26-3
  • master default protected
  • 29-rebase-on-openresty-1-21-4-1
4 results
Compare
Name Last commit Last update
..
certs/0.cert.pem
certs/0.key.pem
certs/0.pem
certs/1.cert.pem
certs/1.key.pem
certs/1.pem
certs/2.cert.pem
certs/2.key.pem
certs/2.pem
certs/3.cert.pem
certs/3.key.pem
certs/3.pem
certs/4.cert.pem
certs/4.key.pem
certs/4.pem
certs/5.cert.pem
certs/5.key.pem
certs/5.pem
certs/6.cert.pem
certs/6.key.pem
certs/6.pem
certs/7.cert.pem
certs/7.key.pem
certs/7.pem
certs/8.cert.pem
certs/8.key.pem
certs/8.pem
certs/README.md
certs/nginx_voms_example.cert.pem
certs/nginx_voms_example.key.pem
certs/test0.cert.pem
certs/test0.key.pem
certs/test0.p12
certs/voms_example.cert.pem
certs/voms_example.key.pem
certs/voms_example_2.cert.pem
certs/voms_example_2.key.pem
README.md

=======

Certificates for ngx_http_voms_module Testing

Proxy certificates are generated using VOMS client 3.3.1:

  • 0.pem: long-lived proxy certificate, without any Attribute Certificate (AC);
  • 1.pem: long-lived proxy certificate, with an expired AC;
  • 2.pem: expired proxy certificate;
  • 3.pem: long-lived proxy with valid VOMS attributes;
  • 4.pem: long-lived proxy with VOMS generic attributes containing reserved characters;
  • 5.pem: long-lived proxy with valid VOMS attributes, *.lsc file missing in vomsdir.
  • 6.pem: long-lived proxy with valid VOMS attributes, with an old format for fqans.
  • 7.pem: long-lived proxy (3 delegations), without VOMS attributes;
  • 8.pem: long-lived proxy (3 delegations), without VOMS attributes, plus CA certificate included in the chain;

To obtain such certificates the following command is used:

    VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_cert>/voms_example.key.pem -Dvoms.fake.notAfter=<AAAA-MM-GGT00:00:00 -Dvoms.fake.notBefore=AAAA-MM-GGT00:00:00 -Dvoms.fake.gas=<name>=<value>,<name>=<value> -Dvoms.fake.fqans=/<vo>/<fqan>,/<vo>/<fqan>/Role=<role> -Dvoms.fake.serial=<ac_serial_n>" voms-proxy-init -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity> --vomsdir <path_to_vomsdir>/vomsdir --certdir <path_to_trust_anchors>/trust-anchors/

Once VOMS proxy certificates are generated in a *.pem format, they need to be split in certificates and key to be used in Openresty tests. *.cert.pem and *.key.pem files are obtained by simpling typing in certs

awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' <name>.pem > <name>.key.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' <name>.pem > <name>.cert.pem

where <name> could be for instance 0,1,2,etc..

voms_example.cert.pem and voms_example.ket.pem can be found in certs.

For ../untrusted.t, voms_example_2.cert.pem and voms_example_2.key.pem are used as VOMS certificates and they are in certs.

To perform correctly the VOMS AC validation, a *.lsc or *.pem file is needed in /etc/grid-security/vomsdir, see VOMS client 3.3.1 User Guide for further details. An example of voms.example.lsc can be found in vomsdir/test.vo.

Nginx server certificate and key are nginx_voms_example.cert.pem and nginx_voms_example_key.pem.