Force a recent hash in examples
On some systems openssl still defaults to sha1 in new certificate requests, which is rejected by Anchor. Force sha256 in all examples instead. Change-Id: I0c673392c7f6badd7d66c307ace594b1d711674d
This commit is contained in:
parent
e585255333
commit
6fdb9be69e
|
@ -93,14 +93,15 @@ can be done to create a test CA. The test certificate can be then used
|
||||||
to sign the new certificates.
|
to sign the new certificates.
|
||||||
|
|
||||||
openssl req -out CA/root-ca.crt -keyout CA/root-ca-unwrapped.key \
|
openssl req -out CA/root-ca.crt -keyout CA/root-ca-unwrapped.key \
|
||||||
-newkey rsa:4096 -subj "/CN=Anchor Test CA" -nodes -x509 -days 365
|
-newkey rsa:4096 -subj "/CN=Anchor Test CA" -nodes -x509 -days 365 \
|
||||||
|
-sha256
|
||||||
chmod 0400 CA/root-ca-unwrapped.key
|
chmod 0400 CA/root-ca-unwrapped.key
|
||||||
|
|
||||||
Next, a new certificate request may be generated:
|
Next, a new certificate request may be generated:
|
||||||
|
|
||||||
openssl req -out anchor-test.example.com.csr -nodes \
|
openssl req -out anchor-test.example.com.csr -nodes \
|
||||||
-keyout anchor-test.example.com.key -newkey rsa:2048 \
|
-keyout anchor-test.example.com.key -newkey rsa:2048 \
|
||||||
-subj "/CN=anchor-test.example.com"
|
-subj "/CN=anchor-test.example.com" -sha256
|
||||||
|
|
||||||
That reqest can be submitted using curl (while `pecan serve config.py`
|
That reqest can be submitted using curl (while `pecan serve config.py`
|
||||||
is running):
|
is running):
|
||||||
|
|
Loading…
Reference in New Issue