@@ -40,6 +40,14 @@ all: \
4040 ec-cert.pem \
4141 ec.pfx \
4242 fake-cnnic-root-cert.pem \
43+ intermediate-ca-cert.pem \
44+ intermediate-ca-key.pem \
45+ leaf-from-intermediate-cert.pem \
46+ leaf-from-intermediate-key.pem \
47+ non-trusted-intermediate-ca-cert.pem \
48+ non-trusted-intermediate-ca-key.pem \
49+ non-trusted-leaf-from-intermediate-cert.pem \
50+ non-trusted-leaf-from-intermediate-key.pem \
4351 rsa_private.pem \
4452 rsa_private_encrypted.pem \
4553 rsa_private_pkcs8.pem \
@@ -236,6 +244,102 @@ fake-startcom-root-cert.pem: fake-startcom-root.cnf \
236244 echo ' 01' > fake-startcom-root-serial
237245 touch fake-startcom-root-database.txt
238246
247+
248+ intermediate-ca-key.pem :
249+ openssl genrsa -out intermediate.key 2048
250+
251+ intermediate-ca-cert.pem : intermediate-ca-key.pem
252+ openssl req -new \
253+ -sha256 \
254+ -nodes \
255+ -key intermediate.key \
256+ -subj " /C=US/ST=CA/L=SF/O=NODEJS/CN=NodeJS-Test-Intermediate-CA" \
257+ -out test-intermediate-ca.csr
258+
259+ openssl x509 -req \
260+ -extensions v3_ca \
261+ -extfile fake-startcom-root.cnf \
262+ -in test-intermediate-ca.csr \
263+ -CA fake-startcom-root-cert.pem \
264+ -CAkey fake-startcom-root-key.pem \
265+ -CAcreateserial \
266+ -out intermediate-ca.pem \
267+ -days 99999 \
268+ -sha256
269+ rm -f test-intermediate-ca.csr
270+
271+ leaf-from-intermediate-key.pem :
272+ openssl genrsa -out leaf-from-intermediate-key.pem 2048
273+
274+ leaf-from-intermediate-cert.pem : leaf-from-intermediate-key.pem
275+ openssl genrsa -out leaf-from-intermediate-key.pem 2048
276+ openssl req -new \
277+ -sha256 \
278+ -nodes \
279+ -key leaf-from-intermediate-key.pem \
280+ -addext " subjectAltName = DNS:localhost" \
281+ -subj " /C=US/ST=CA/L=SF/O=NODEJS/CN=localhost" \
282+ -out leaf-from-intermediate-cert.csr
283+ openssl x509 -req \
284+ -in leaf-from-intermediate-cert.csr \
285+ -CA intermediate-ca.pem \
286+ -CAkey intermediate.key \
287+ -CAcreateserial \
288+ -out leaf-from-intermediate-cert.pem \
289+ -days 99999 \
290+ -copy_extensions copy \
291+ -sha256
292+
293+ rm -f leaf-from-intermediate-cert.csr
294+
295+ non-trusted-intermediate-ca-key.pem :
296+ openssl genrsa -out non-trusted-intermediate.key 2048
297+
298+ non-trusted-intermediate-ca-cert.pem : non-trusted-intermediate-ca-key.pem
299+ openssl req -new \
300+ -sha256 \
301+ -nodes \
302+ -key non-trusted-intermediate.key \
303+ -subj " /C=US/ST=CA/L=SF/O=NODEJS/CN=NodeJS-Non-Trusted-Test-Intermediate-CA" \
304+ -out non-trusted-test-intermediate-ca.csr
305+
306+ openssl x509 -req \
307+ -extensions v3_ca \
308+ -extfile fake-startcom-root.cnf \
309+ -in non-trusted-test-intermediate-ca.csr \
310+ -passin "pass:password" \
311+ -CA ca1-cert.pem \
312+ -CAkey ca1-key.pem \
313+ -CAcreateserial \
314+ -out non-trusted-intermediate-ca.pem \
315+ -days 99999 \
316+ -sha256
317+ rm -f non-trusted-test-intermediate-ca.csr
318+
319+ non-trusted-leaf-from-intermediate-key.pem :
320+ openssl genrsa -out non-trusted-leaf-from-intermediate-key.pem 2048
321+
322+ non-trusted-leaf-from-intermediate-cert.pem : non-trusted-leaf-from-intermediate-key.pem
323+ openssl genrsa -out non-trusted-leaf-from-intermediate-key.pem 2048
324+ openssl req -new \
325+ -sha256 \
326+ -nodes \
327+ -key non-trusted-leaf-from-intermediate-key.pem \
328+ -addext " subjectAltName = DNS:localhost" \
329+ -subj " /C=US/ST=CA/L=SF/O=NODEJS/CN=localhost" \
330+ -out non-trusted-leaf-from-intermediate-cert.csr
331+ openssl x509 -req \
332+ -in non-trusted-leaf-from-intermediate-cert.csr \
333+ -CA non-trusted-intermediate-ca.pem \
334+ -CAkey non-trusted-intermediate.key \
335+ -CAcreateserial \
336+ -out non-trusted-leaf-from-intermediate-cert.pem \
337+ -days 99999 \
338+ -copy_extensions copy \
339+ -sha256
340+
341+ rm -f non-trusted-leaf-from-intermediate-cert.csr
342+
239343#
240344# agent1 is signed by ca1.
241345#
0 commit comments