open-consul/test/CA-GENERATION.md

# CA certificate generation procedure

## Client certificates
if tests like `TestAPI_ClientTLSOptions` (or any other test using certificates located in `./test/client_certs` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.

``` bash
cd test/client_certs/
rm -rf *.pem *.crt *.key && ./generate.sh
```

## CA certificates
if tests like `TestAgent_ReloadConfigTLSConfigFailure` (or any other test using certificates located in `./test/ca` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.

``` bash
cd test/ca/
rm -rf *.pem *.crt *.key && ./generate.sh
```

## Hostname certificates

if tests like `TestNewDialer_WithALPNWrapper` (or any other test using certificates located in `./test/hostname` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.

``` bash
cd test/hostname/
# Avoid deleting CertAuth.crt and privkey.pem since they're referenced in myca.conf
rm -rf "[Bonnie|Betty|Bob|Alice].crt" *.key && ./generate.sh
```
regenerate expired certs (#11462) * regenerate expired certs * add documentation to generate tests certificates 2021-11-01 15:40:16 +00:00			`# CA certificate generation procedure`

			`## Client certificates`
			if tests like `TestAPI_ClientTLSOptions` (or any other test using certificates located in `./test/client_certs` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.

			``` bash
			`cd test/client_certs/`
			`rm -rf .pem .crt *.key && ./generate.sh`
			```

			`## CA certificates`
			if tests like `TestAgent_ReloadConfigTLSConfigFailure` (or any other test using certificates located in `./test/ca` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.

			``` bash
			`cd test/ca/`
			`rm -rf .pem .crt *.key && ./generate.sh`
			```

			`## Hostname certificates`

			if tests like `TestNewDialer_WithALPNWrapper` (or any other test using certificates located in `./test/hostname` ) are failing because of expired certificates, use `./generate.sh` script to regenerate a new set of certificate.

			``` bash
			`cd test/hostname/`
Backport of Regen expired test certs into release/1.16.x (#19478) backport of commit d399654096b534615ae6bdb62a13eae69107c9cc Co-authored-by: Semir Patel <semir.patel@hashicorp.com> 2023-11-02 15:44:39 +00:00			`# Avoid deleting CertAuth.crt and privkey.pem since they're referenced in myca.conf`
			`rm -rf "[Bonnie\|Betty\|Bob\|Alice].crt" *.key && ./generate.sh`
regenerate expired certs (#11462) * regenerate expired certs * add documentation to generate tests certificates 2021-11-01 15:40:16 +00:00			```