Enable 'client auth' in certificates tool

Without that option X509v3 certificate can be only used for server
authentication. While that works for some services, Galera requries this
to enable SSL connectivity.

Change-Id: Id6ec42aeef06533d56e37c372dbfff3d16c950f0
This commit is contained in:
Aleksandr Mogylchenko 2017-03-02 23:37:10 +01:00
parent 6f3a0699e3
commit 95c1bd4c87
2 changed files with 69 additions and 59 deletions

View File

@ -13,69 +13,79 @@ configs:
create_certificates: true
ca_cert: |
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIJALGXjHvRo799MA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
BAMMDWNsdXN0ZXIubG9jYWwwHhcNMTcwMTI3MTEwNDAzWhcNNDQwNjE0MTEwNDAz
WjAYMRYwFAYDVQQDDA1jbHVzdGVyLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwq4euabI7gTs44zF2i6QyYRSlGS8PG77v7jTwAXQZm6kFmUC
CES0b7VMn2H3PCxE2S8BWEp2+N5RXRLTB05tqEj5yukMy0USU3dbpq+HR/vm57Ck
iDgqAyOPX9Y2mYMGETBmdmj1cbvH+u0ZGZfDEokfwltDtu7CRsMpQykdduUcgBuX
+l09CTbIuwOWMHNdq1W0W/4QhArgDK+klZuf7p5synmHpMgkThheV/9h3aDz20Bw
pjfrtXy++Gji6gaJV2N+Ld6DeMUBR0EB6l5cYA2Kpk6j3Yn/zHOnJWP1cvhjuTe3
HqWqsCA5D0955u0pi0PrQx+ufl72goxGs1U4kwIDAQABo1AwTjAdBgNVHQ4EFgQU
/+jaw7Ctuh7tizBJLRoBub2M0kowHwYDVR0jBBgwFoAU/+jaw7Ctuh7tizBJLRoB
ub2M0kowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApX4MOGUmToDr
J1oirJ+HD8qTsfy36uaz/CuMoFK0Xq+dVKLIl8RfwnvC71oTtDCxnsCNtJihhkfy
NxttFFfYYX+rllZ0Fs7MUmhIHI7ZBPImR33IzcgHVwidcK7OAVMEJAfL2HeVhW6z
38Uu0VGJuNnlcvVRhNBMNI1xPivZ9K/lQiI+rXxdBaebuvkoZJhWV+HHWmTJSfP5
9YeKMd4QFHQ8p9wfXKM5p3uhaexMqVJFVKvPPB6mhMLe0J3CSo5/aoy8OZVfuTvA
hlSIa4oSUPlGpTc0KIlqpvmhKnkxDa8mr+knhBfxhQ0zw9tkIyFC0n9QwO7toOSg
F0GE+MEfsQ==
MIIDtjCCAp6gAwIBAgIUC+RCyvJfFg6qZQfyBMt845rpdgkwDQYJKoZIhvcNAQEL
BQAwczELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxETAPBgNVBAsTCE9yZyBV
bml0MRIwEAYDVQQDEwlNeSBvd24gQ0EwHhcNMTcwMzAyMjIyMzAwWhcNMjIwMzAx
MjIyMzAwWjBzMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNU2FuIEZyYW5jaXNjbzEL
MAkGA1UEBxMCQ0ExGDAWBgNVBAoTD015IENvbXBhbnkgTmFtZTERMA8GA1UECxMI
T3JnIFVuaXQxEjAQBgNVBAMTCU15IG93biBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN1hRNhLyDp8gC3D+s1J0vMBK8icOJyrE+z34c6JcZCUgX0f
xwdtwCFj9TGyBsVp6xIRzK1b7YPlMQl47+FlnLPglB7DH4qk2GKooi/SRTVIw83e
z8TwP3hdoPy00ZXCqkT391hv3GctoPBjcatHvRYAG+4kS8Wv3vKWteV+e9Yv12Kv
1Oz5w3l1PBU7HorhXCHCb1YBfxEirSBpo7a3nEwILLaTFAcVjrBBJc2sa9c2LcRI
p/yfp4CoCHJZ8MRnCN0EXKnD4kGS9wuRF6JmzH523v5MDzVc2HrhIuBV1OoY/L8C
zgXRB6+ShgMtoRNqIUlft8TPz657nJEkqFlqR28CAwEAAaNCMEAwDgYDVR0PAQH/
BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFM/Qckh3b96p4NOTaitm
vLbT/Cs8MA0GCSqGSIb3DQEBCwUAA4IBAQABfQflJjp9a3ZdL68b9XrJMoI1ZvL9
eulVs0ilI9Q/Ae/Up0uoMpyW1aaDQnzf3N8W7FF9QJmOvqamAH+1P1+JMcZS3J25
JG5A3gCMO6TT23ETE2WicjQDUcqJpQSWc1j8TQ1fIv7uZr+FDHzf+UbAslpj/kGU
vOPpnZwmLc9o24ZMxroEpR4TYAgaS5VX1mkT8J+1wLAC1XCf0fCOpWcnRmkZuAYj
Ql3SBX+SLaiPuOcyjjxlDFOdzFgFgOE0GHrbwc7Q6QEKUwvwKOa09QErcWTx5mOf
H2y2PuBLmU3jRw/x+Gwjg39U4Uj5CipAtqKrsEu4rgfo8AloouYvIWR4
-----END CERTIFICATE-----
server_cert: |
-----BEGIN CERTIFICATE-----
MIICrjCCAZYCAf8wDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UEAwwNY2x1c3Rlci5s
b2NhbDAeFw0xNzAxMjcxMTA0NDlaFw00NDA2MTQxMTA0NDlaMCIxIDAeBgNVBAMM
FyouY2NwLnN2Yy5jbHVzdGVyLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA4QM8AS/YbcKSUQpnvtDXY1ILCkZTAwx+aJw9mW8byIrMx8kqdSzD
YO8WUoMnIen6LF+m2WIZySQO4UzolTc2t10J15vGpw3XmPwICh9Pb5B5f6Kxhdjb
yLcAoYhmPesfs4A+Wrlk5nDCETdDrEYUR4mVG5m/bo9ocAsZWwQmmH2xYeM+I9Be
JwmQvBZWZFHjB4Lgf+z7M+STsO9F2o9pNlXvPNhjMLPMzbEFU7BPgCAkvDi/9Wq7
DRD0aWniU5JmCGIqUpa8aKpHQIzybJx9ilV4ZMd9hHRgllsrLUFHMyzVwjlJgSeJ
qGlyE8Z5W7JK6rECBJ9N/3OuxiRzjenxXwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQAYe5OzX5OA0FLmfqHtfYKGBRXG+U+ROC1DmALJ5/KUIe8RRUNhBdvoEwxgDNHW
+YoDkSqrG7tQQQZzYpmqZArilEVowCHV9QdFeU1peJ8pjMlMPkHLu23HfG3xlEUV
yEZUpsCprrYjkN4cg0Cu8e+q5mYj+lPD37MJriWYx9Srz4zo2p5ylN5rKfaAbac2
pdFcSvKi/cTFBKVTn95P4dKPQkbTEQgcF8UxnK58aBuOI8GFH46uIw6lfpfiwx9U
k1xeHKCsorpDw2x8tekLWH3BXRvdReWTRcUh9CHbmqZ33qdwvHin06mboKqGSfCD
7kqc5uJ16r8SP1AY7nxdN274
MIIECTCCAvGgAwIBAgIUVWM9dR6M+PffvdsSlMGEkMcV+RowDQYJKoZIhvcNAQEL
BQAwczELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxETAPBgNVBAsTCE9yZyBV
bml0MRIwEAYDVQQDEwlNeSBvd24gQ0EwHhcNMTcwMzAyMjIyMzAwWhcNMjIwMzAx
MjIyMzAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNh
biBGcmFuY2lzY28xIDAeBgNVBAMTFyouY2NwLnN2Yy5jbHVzdGVyLmxvY2FsMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxcSayfzt4rxnb3UC5nPn8rm
QljYrMnCCeVQeWygbeAkC+rpJELvX5pVii03G7lqKEzFRF935rXgKOqDUENeQzgM
Hdg01Qr9bA5mOrs9BD05n7Zt1571U0OzD2c5HvWy9VnJXK/Ep2v8xt0FedqPSjCG
Le8U5WXL731bFvHrvpNH0TvJ0VXJDVVa6kGLDtyyU5INisfabUSVcEoJUAhhMJlB
Tq8/PrWOyzs4ju8h2OKwufpNDp83mol4RIWkozmT+xSMjyxXfkdQV2wZPwI1oHcn
GoiZBHgOAIDAb65dTtzd+4DBOB7rCdUuefPF3cSZsyNPoFMNfy+Ot4rofuxBcQID
AQABo4GzMIGwMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUfVl/9ncTkGeIL3BRIgG7
Q5aLFO0wHwYDVR0jBBgwFoAUz9BySHdv3qng05NqK2a8ttP8KzwwMQYDVR0RBCow
KIIXKi5jY3Auc3ZjLmNsdXN0ZXIubG9jYWyCDWNsdXN0ZXIubG9jYWwwDQYJKoZI
hvcNAQELBQADggEBABAHwNwofOzandLcxM3lMTR7v0pYU4hQVPdzM7Vq7nW+jx9R
TWPe8uSs99FXUZ1UvVoGobHQ9alUhP3oLMhva/+pRi+/00rf6bkFd+pGybriRqP/
al5mWhufQqt/7ISphsN1A0DuYzAHVg2uDBOqg2isx6UPbankSjq0DgH/0WC0PCWF
8f+zqB684VuUjjslXNmmEHEj56ZaEQMs/fzjwTozwIbstC+S2pJTdec+UmIzjbMp
/o8dUgvR8eTu0jEt1RqM/hY3SQCstI6CZ3ozKDDPjGNy0EDblwzMoj6sIAO3uRe7
Q1rXgPuRZ05X7fF/kYyC0uiLVn+nLP+88t3FPkU=
-----END CERTIFICATE-----
server_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA4QM8AS/YbcKSUQpnvtDXY1ILCkZTAwx+aJw9mW8byIrMx8kq
dSzDYO8WUoMnIen6LF+m2WIZySQO4UzolTc2t10J15vGpw3XmPwICh9Pb5B5f6Kx
hdjbyLcAoYhmPesfs4A+Wrlk5nDCETdDrEYUR4mVG5m/bo9ocAsZWwQmmH2xYeM+
I9BeJwmQvBZWZFHjB4Lgf+z7M+STsO9F2o9pNlXvPNhjMLPMzbEFU7BPgCAkvDi/
9Wq7DRD0aWniU5JmCGIqUpa8aKpHQIzybJx9ilV4ZMd9hHRgllsrLUFHMyzVwjlJ
gSeJqGlyE8Z5W7JK6rECBJ9N/3OuxiRzjenxXwIDAQABAoIBAD080BvSlahph8Ce
gFWiKLxTG8YUFYuC3vRBcVJMttcBT3IgAXoaUKIU75JNN103fGqPLa2D0Vi4g4Q1
libl+/IzU/Zl4s6cKczs6pM2qjvGqgpekMnIlygtBfLwWEMJtnr3sACo7Bj7HxXo
YHaGLAa8HuSAF2VTiizUGHZ4zrg5GilPf6ULkz69LBRkcm0yr7anG03csB36/b/u
ZUpfLCSLFm4xL9bEJGA4s0OjYw6wAbzx0/A3h2+c/f+9n7t5lWt7RfKAf4Jp+oxC
3iIb94y5DTClQEbfXR/PAxsRgHd7ly222b8lWEdESHZWcFNzQwOFSCXK+VYS1hca
/hGvt+ECgYEA/ukcdsz6RXTde+uMmKwRAIGMoB9IlRUXr3XBt4Z/RfQwDs69WKi0
Ngefho4XBPPHfXpkifQ+8lCZrb0Yc4OT/7lTAylYrjQo9SjnV+K6F6c9ztarAbEo
Nj11YpvHjnWtSc/GDymVzPVZ99A0euFf/sVoecuQDqGgGCKcKAFgtvUCgYEA4flp
szy5na+yjp7PzPe8MVSpdqziqZk3KjtZHTc8TxFb29GbJ8/g4sgtWO65ogOpbQca
TF2rW8fTzRBkgE6u3wfqcjsBSOVQDCHnP6Q00Vo2sdsCHkyr7btqIjdFxT3tkTXS
mNBDJfv3MjtRmNTdtzyH63GuLSbhetLTB1VzyoMCgYEAh4UzRs2u+KIq5ijSdJB1
8YjuVGqNUgUGtJesR3/PxkcODbFH5Qy70kW3P/fmsRFRq5oYPWeG15iWO1He3/rC
AiBqy7F9ng/I/p2icIzvVofpSj/CZoHi2QNPlv8u1sQlPqqhp4n6RB7kl+UvIW0U
dgRJiQb6LW0sCejMkFA7NMkCgYEAoBChdJqxCCcqHagUnaVlorPLjgqMS4IB92Iu
j2lOyNsM7Doe4yZ2r20H4hTHXSGm41nCoRFAjjSPrJPN/Ky/ZbAfu2ZcVJxKBS4G
tafE2f5C+9ycNYYtyqmUVkQ8oahqHQ+46xGqXr+JrAUkmVM+8cpopLfTnpwJ34xy
eqFm8a0CgYEA5v/3J+a1LbWe4PQIpgsCnogf8kLi0JHdwkGSu0K28BVz2Vn1dJyy
x8ThRJebbyM1nWgBVvmvEkJyXI8ikCmIORkLGU6Fx8trtqz++JS/+oQkLiMEIV3O
Mm6XkTAHmjRyKJatoTngtNWsV2rjw1d/yflP2LtiEN7ghRbWW8MtGUo=
MIIEowIBAAKCAQEAqxcSayfzt4rxnb3UC5nPn8rmQljYrMnCCeVQeWygbeAkC+rp
JELvX5pVii03G7lqKEzFRF935rXgKOqDUENeQzgMHdg01Qr9bA5mOrs9BD05n7Zt
1571U0OzD2c5HvWy9VnJXK/Ep2v8xt0FedqPSjCGLe8U5WXL731bFvHrvpNH0TvJ
0VXJDVVa6kGLDtyyU5INisfabUSVcEoJUAhhMJlBTq8/PrWOyzs4ju8h2OKwufpN
Dp83mol4RIWkozmT+xSMjyxXfkdQV2wZPwI1oHcnGoiZBHgOAIDAb65dTtzd+4DB
OB7rCdUuefPF3cSZsyNPoFMNfy+Ot4rofuxBcQIDAQABAoIBAHAN5V9PRF1C4Cpr
CLUsYQKMFjEAFbFdVvu6N/G/BnfQJGu1yEqamEKqRzn/kSdUUcXhOhYk3Ne66PyD
U8u+w78Mt0rYrwmVcBNUfvoaZcUgAFytU9Wz44NMRLti5NN1Imd1Dd/pssfgfycT
3SFI1y5FB6yP+MSh3maVWJJ3keo3Y3H0o552grmjcPyYHvCHeBwfT7OXvoAXzpMa
/gdjqKh/IReOBqTv/se/jbfrDx1g9EbJEL27rIycvihBlsV1DbK2HMoYMD9sAKFe
dOGW1tEpDSO5XkQT8O1oq1R3vJgGQTSVd/qtinXV/p2zJZAy0EUngP1s4GsRoBME
J9bsftECgYEA3UpL1lgWP7jQTv7vHgz1sWtoWyL1kKs5A+tKhY52k5ufwaZQbWc5
JQZXIQXlvc1dYPPXaogs1zUA4EdluCjI64TGbWyr2u4rMrJ6+3UuvWHrrWy5sX/Y
xWeyjVnOct2SsR9B+Gevnyab2Eruz3fXhm9U88Jrxl9L2l12gEWL5dUCgYEAxe0J
k19Tv3XGYVsQ5PFnLPj8O6vkz/DZo24xlsqeegRc2KUc/fJtpD/SiuW7rW/8m+Vt
n+smN+j+eI04dEayLGu2xBQd0DZ0d/s5l2jQhuX1tpei6agSbYNUtgQZ3ocNzHBH
IYMvCaQuFF7y6Epz7yn4fSc70iNCS5x9RqU37y0CgYAPoHOCi23myhJLwcz4/klL
Yh5YcTuOH8lC8Zatn8XX3qGFd00urJ9oce4tMtFqedoiQpXvu/YOrHuHWwNf4eFu
YE3y5D2ulCsQxXHR2BCY5xVRheAHHNQd/JirSrA9hFAbme16sTfBsWRH/eKnW/so
TyxcmloqBAjDPt5jaIXckQKBgDtKNoQfGkdQUIz5aqYqam3eaDC33WMtEwUSDWjO
aYrDo8yCKZ0o8g8xzzAsgXwC//jzUVOGbXxyH0idhTvPsa/81FMIc6XbqigG6cmh
bFX8rQ51fifgYSTNIqMjt1whuNB1EdnIIl8Q/3y6tKlBJFmQiQ90oUbhqQpdZmmz
NH5BAoGBAIeJybJsxVoekesYv05+m/7mq5H3IOLYYe4cX+d6yl9DjzTeG135Habo
vQMuDkRbr3iQnJt4B9lAvsP02jUEeZY48tuCAUyHzXrWDBnG4osxh/tV0pY37OEs
qt54cnFUq0oAgMhsZkhpKroQqSZSux90/4d9UrbtRNYcl2kiAjsX
-----END RSA PRIVATE KEY-----
dhparam: |
-----BEGIN DH PARAMETERS-----
@ -86,4 +96,3 @@ configs:
j44cnTAdWbn6EDrPOiJkm/uPv67a8jBWNGZwkWi8H6jIt05HPMivYvtyHucFhORT
Jh3t5tPNIJw5JBev4SAfaObVtm30tFSvOwIBAg==
-----END DH PARAMETERS-----

View File

@ -5,7 +5,8 @@
"usages": [
"signing",
"key encipherment",
"server auth"
"server auth",
"client auth"
]
}
}