X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/26e72755c101f59e24735e9ca9a320d5f1ebc2b7..f5d786885721c374cc22a1f1311ca01408a496fd:/test/aux-fixed/exim-ca/README diff --git a/test/aux-fixed/exim-ca/README b/test/aux-fixed/exim-ca/README new file mode 100644 index 000000000..b8d2a41f9 --- /dev/null +++ b/test/aux-fixed/exim-ca/README @@ -0,0 +1,51 @@ + +The three directories each contain a complete CA with server signing +certificate, OCSP signing certificate and a selection of server +certificates under each domain. + +For each directory there are a number of subdirectories. + + CA - The main certificate signing directory. + + Within this directory the primary file sof interest + will be the two CRL files, crl.empty and crl.v2 + These are valid CRLs; the "v2" containing the two + revoked certs. + + BLANK - a template usable for client-only machines + for clients of this private CA. + + *.example.* - individual server certificates. + +The six certificate subdirs each contain a cert for a machine +by that name; those in the "expired" ones are out-of-date (the +rest expire in 2038). The "1" and "2" systems/certs have +equivalent properties. + +In each certicate subdir: the ".db" files are NSS version of the cert, +the ".pem", ".key" and ".unlocked.key" are usable by OpenSSL (the +ca_chain.pem being a copy of the CA public information and signer +public information). + +The ".p12" file rolls up the CA, Signer and cert info. Both the ".p12" +and NSS info are passworded using the "pwdfile". +The ocsp request file is one a client would send to an OCSP responder. +The ocsp response files are those gotten that way. in .der format; +"good" being all well, "dated" meaning the response (not the cert) +is out-of-date, and "revoked" meaning the cert has been revoked. + + +The files were created using the genall script which utilises a +combination of tools, + + openssl + nss-tools + clica + +of these the only unfamiliar one is likely to be clica, a command +line CA tool which can be found at + + http://people.redhat.com/mpoole/clica/ + + +