open-nomad/helper/tlsutil/testdata
Michael Schurter 401ed92847 config: accept CA PEM files with extra whitespace
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.

Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.

This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
2018-09-06 11:38:56 -07:00
..
ca-bad-csr.json
ca-bad-key.pem
ca-bad.csr
ca-bad.pem
ca-config.json
ca-csr.json
ca-key.pem
ca-whitespace.pem config: accept CA PEM files with extra whitespace 2018-09-06 11:38:56 -07:00
ca.csr
ca.pem
global-ca.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-client-key.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-client.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-server-key.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
global-server.pem client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00
nomad-bad-csr.json
nomad-bad-key.pem
nomad-bad.csr
nomad-bad.pem
nomad-foo-csr.json
nomad-foo-key.pem
nomad-foo.csr
nomad-foo.pem
README.md client: set host name when migrating over tls 2018-09-05 17:24:17 -07:00

Nomad Test Certificate

Using cfssl 1.2.0

File Description
ca.pem CA certificate
ca-key.pem CA Key
nomad-foo.pem Nomad cert for foo region
nomad-foo-key.pem Nomad key for foo region
ca-bad.pem CA cert for bad region
ca-key-bad.pem CA key for bad region
nomad-bad.pem Nomad cert for bad region
nomad-bad-key.pem Nomad key for bad region
global-*.pem For global region

Generating self-signed certs

# Write defaults and update
cfssl print-defaults csr > ca-csr.json
cfssl print-defaults config > ca-config.json

# Generate CA certificate and key
cfssl gencert -config ca-config.json -initca ca-csr.json | cfssljson -bare ca -

# Generate Nomad certificate and key
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config ca-config.json nomad-foo-csr.json | cfssljson -bare nomad-foo

# Generate bad region CA and certificate
cfssl gencert -config ca-config.json -initca ca-bad-csr.json | cfssljson -bare ca-bad -
cfssl gencert -ca ca-bad.pem -ca-key ca-bad-key.pem -config ca-config.json nomad-bad-csr.json | cfssljson -bare nomad-bad