X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/f5d786885721c374cc22a1f1311ca01408a496fd..1d717e1c110562fd6bf28478c79f180cafeba776:/test/aux-fixed/exim-ca/README diff --git a/test/aux-fixed/exim-ca/README b/test/aux-fixed/exim-ca/README old mode 100644 new mode 100755 index b8d2a41f9..cb0894640 --- a/test/aux-fixed/exim-ca/README +++ b/test/aux-fixed/exim-ca/README @@ -1,7 +1,9 @@ The three directories each contain a complete CA with server signing certificate, OCSP signing certificate and a selection of server -certificates under each domain. +certificates under each domain. The "server1" certificates have +a CRL distribution point extension; the "server2" ones instead have +a Authority Key extension/ For each directory there are a number of subdirectories. @@ -22,7 +24,7 @@ by that name; those in the "expired" ones are out-of-date (the rest expire in 2038). The "1" and "2" systems/certs have equivalent properties. -In each certicate subdir: the ".db" files are NSS version of the cert, +In each certificate subdir: the ".db" files are NSS version of the cert, the ".pem", ".key" and ".unlocked.key" are usable by OpenSSL (the ca_chain.pem being a copy of the CA public information and signer public information). @@ -35,7 +37,7 @@ The ocsp response files are those gotten that way. in .der format; is out-of-date, and "revoked" meaning the cert has been revoked. -The files were created using the genall script which utilises a +The files were created using the "genall" script which utilises a combination of tools, openssl @@ -47,5 +49,9 @@ line CA tool which can be found at http://people.redhat.com/mpoole/clica/ +NOTE: + During running of "genall" you need to manipulate the system + date/time. Shutdown ntpd service before doing this, and restart + after.