git://git.exim.org
/
users
/
jgh
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
OpenSSL: support OCSP stapling on multi-cert servers
[users/jgh/exim.git]
/
test
/
aux-fixed
/
exim-ca
/
README
diff --git
a/test/aux-fixed/exim-ca/README
b/test/aux-fixed/exim-ca/README
old mode 100644
(file)
new mode 100755
(executable)
index
b8d2a41
..
cb08946
--- a/
test/aux-fixed/exim-ca/README
+++ b/
test/aux-fixed/exim-ca/README
@@
-1,7
+1,9
@@
The three directories each contain a complete CA with server signing
certificate, OCSP signing certificate and a selection of server
The three directories each contain a complete CA with server signing
certificate, OCSP signing certificate and a selection of server
-certificates under each domain.
+certificates under each domain. The "server1" certificates have
+a CRL distribution point extension; the "server2" ones instead have
+a Authority Key extension/
For each directory there are a number of subdirectories.
For each directory there are a number of subdirectories.
@@
-22,7
+24,7
@@
by that name; those in the "expired" ones are out-of-date (the
rest expire in 2038). The "1" and "2" systems/certs have
equivalent properties.
rest expire in 2038). The "1" and "2" systems/certs have
equivalent properties.
-In each certicate subdir: the ".db" files are NSS version of the cert,
+In each certi
fi
cate subdir: the ".db" files are NSS version of the cert,
the ".pem", ".key" and ".unlocked.key" are usable by OpenSSL (the
ca_chain.pem being a copy of the CA public information and signer
public information).
the ".pem", ".key" and ".unlocked.key" are usable by OpenSSL (the
ca_chain.pem being a copy of the CA public information and signer
public information).
@@
-35,7
+37,7
@@
The ocsp response files are those gotten that way. in .der format;
is out-of-date, and "revoked" meaning the cert has been revoked.
is out-of-date, and "revoked" meaning the cert has been revoked.
-The files were created using the
genall
script which utilises a
+The files were created using the
"genall"
script which utilises a
combination of tools,
openssl
combination of tools,
openssl
@@
-47,5
+49,9
@@
line CA tool which can be found at
http://people.redhat.com/mpoole/clica/
http://people.redhat.com/mpoole/clica/
+NOTE:
+ During running of "genall" you need to manipulate the system
+ date/time. Shutdown ntpd service before doing this, and restart
+ after.