AnonSec Shell

Server IP : 185.86.78.101 / Your IP : 216.73.216.124
Web Server : Apache
System : Linux 675867-vds-valikoshka1996.gmhost.pp.ua 5.4.0-150-generic #167-Ubuntu SMP Mon May 15 17:35:05 UTC 2023 x86_64
User : www ( 1000)
PHP Version : 7.4.33
Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF
Directory : /www/server/mysql/mysql-test/std_data/

Upload File :

[ HOME ]

Current File : /www/server/mysql/mysql-test/std_data/crl-certificate-readme.txt

These are the instructions on how to generate test files for the CRL tests
using openSSL.

If you have root access on the system
=====================================

1. Make sure you have the right validity periods in CA.pl and openssl.cnf
2. Create a new certification authority : CA.pl -newca
3. Copy demoCA/cacert.pem to crl-ca-cert.pem
4. Create one server certificate request : CA.pl -newreq
5. Sign the server certificate request : CA.pl -signCA
6. Copy demoCA/newcert.pem to crl-server-cert.pem
7. Remove the key from server's certificate key while copying it :
     openssl rsa -in newkey.pem -out crl-server-key.pem
8. Create one client certificate request : CA.pl -newreq
9. Sign the client certificate request : CA.pl -signCA
10. Copy demoCA/newcert.pem to crl-client-cert.pem
11. Remove the key from client's certificate key while copying it :
     openssl rsa -in newkey.pem -out crl-client-key.pem
12. Create one to-be-revoked client certificate request : CA.pl -newreq
13. Sign the to-be-revoked client certificate request : CA.pl -signCA
14. Copy demoCA/newcert.pem to crl-client-cert-revoked.pem
15. Remove the key from the to-be-revoked client's certificate
  key while copying it :
     openssl rsa -in newkey.pem -out crl-client-key-revoked.pem
16. Revoke the crl-client-invalid-cert.pem :
     openssl ca -revoke crl-client-invalid-cert.pem
17. Generate a CRL file :
     openssl ca -gencrl -crldays=3650 -out crl-client-revoked.crl
18. Clean up all the files in the crldir directory
19. Copy the CRL file into it :
     cp crl-client-revoked.crl `openssl crl -in crl-client-revoked.crl -noout -hash`.r0


If you are using your own CA
============================

Prepare directory
-----------------

1. mkdir new_crlcerts && cd new_crlcerts
2. mkdir crldir
3. mkdir private

Generate CA and 3 set of certificates
-------------------------------------

4. Generate CA
openssl genrsa 2048 > crl-ca-key.pem
openssl req -new -x509 -nodes -days 3650 -key crl-ca-key.pem -out crl-ca-cert.pem

5. Generate Server certificate
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout crl-server-key.pem -out crl-server-req.pem
openssl rsa -in crl-server-key.pem -out crl-server-key.pem
openssl x509 -req -in crl-server-req.pem -days 3600 -CA crl-ca-cert.pem -CAkey crl-ca-key.pem -set_serial 01 -out crl-server-cert.pem

6. Generate Client certificate
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout crl-client-key.pem -out crl-client-req.pem
openssl rsa -in crl-client-key.pem -out crl-client-key.pem
openssl x509 -req -in crl-client-req.pem -days 3600 -CA crl-ca-cert.pem -CAkey crl-ca-key.pem -set_serial 02 -out crl-client-cert.pem

7. Generate Client certificate that will be revoked later
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout crl-client-revoked-key.pem -out crl-client-revoked-req.pem
openssl rsa -in crl-client-revoked-key.pem -out crl-client-revoked-key.pem
openssl x509 -req -in crl-client-revoked-req.pem -days 3600 -CA crl-ca-cert.pem -CAkey crl-ca-key.pem -set_serial 03 -out crl-client-revoked-cert.pem

Prepare for certificate revocation
----------------------------------

8. cp crl-ca-cert.pem cacert.pem
9. cp crl-ca-key.pem private/cakey.pem
10. touch index.txt
11. echo 1000 > crlnumber
12. copy global openssl.cnf to current working dirctory
13. Open local copy of openssl.cnf and in [CA_default] section
    - Update dir to point to current working directory
    - Update certs to point to $dir and not $dir/certs

Revoke a certificate and create crl file
----------------------------------------

14. openssl ca -config openssl.cnf -revoke crl-client-revoked-cert.pem
15. openssl ca -config openssl.cnf -gencrl -crldays 3600 -out crl-client-revoked.crl
16. cp crl-client-revoked.crl `openssl crl -in crl-client-revoked.pem -noout -hash`.r0

Replace existing certs
----------------------
17. Replace following files in <src>/mysql-test/std_data/ with files generated above
    crl-ca-cert.pem
    crl-client-cert.pem
    crl-client-key.pem
    crl-client-revoked-cert.pem
    crl-client-revoked-key.pem
    crl-client-revoked.crl
    crl-server-cert.pem
    crl-server-key.pem

18. Remove file in <src>/mysql-test/std_data/crldir
19. Copy file generated in step 16 above to <src>/mysql-test/std_data/crldir
20. You may now remove new_crls directory

Anon7 - 2022
AnonSec Team