Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
funkwhale
Manage
Activity
Members
Labels
Plan
Issues
0
Issue boards
Milestones
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Martin Giger
funkwhale
Commits
f37996fd
Verified
Commit
f37996fd
authored
5 years ago
by
Eliot Berriot
Browse files
Options
Downloads
Patches
Plain Diff
Better test SSL certificate
parent
a575f92a
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
docker/ssl/openssl.conf
+88
-0
88 additions, 0 deletions
docker/ssl/openssl.conf
docker/ssl/test.crt
+25
-20
25 additions, 20 deletions
docker/ssl/test.crt
docker/ssl/test.key
+26
-26
26 additions, 26 deletions
docker/ssl/test.key
with
139 additions
and
46 deletions
docker/ssl/openssl.conf
0 → 100644
+
88
−
0
View file @
f37996fd
# cf https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596
# create with openssl req -config openssl.conf -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout test.key -days 365 -out test.crt
[
req
]
default_bits
=
2048
default_keyfile
=
server
-
key
.
pem
distinguished_name
=
subject
req_extensions
=
req_ext
x509_extensions
=
x509_ext
string_mask
=
utf8only
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
# Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[
subject
]
countryName
=
Country
Name
(
2
letter
code
)
countryName_default
=
US
stateOrProvinceName
=
State
or
Province
Name
(
full
name
)
stateOrProvinceName_default
=
NY
localityName
=
Locality
Name
(
eg
,
city
)
localityName_default
=
New
York
organizationName
=
Organization
Name
(
eg
,
company
)
organizationName_default
=
Example
,
LLC
# Use a friendly name here because it's presented to the user. The server's DNS
# names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
# by both IETF and CA/Browser Forums. If you place a DNS name here, then you
# must include the DNS name in the SAN too (otherwise, Chrome and others that
# strictly follow the CA/Browser Baseline Requirements will fail).
commonName
=
Common
Name
(
e
.
g
.
server
FQDN
or
YOUR
name
)
commonName_default
=
Example
Company
emailAddress
=
Email
Address
emailAddress_default
=
test
@
example
.
com
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[
x509_ext
]
subjectKeyIdentifier
=
hash
authorityKeyIdentifier
=
keyid
,
issuer
# You only need digitalSignature below. *If* you don't allow
# RSA Key transport (i.e., you use ephemeral cipher suites), then
# omit keyEncipherment because that's key transport.
basicConstraints
=
CA
:
FALSE
keyUsage
=
digitalSignature
,
keyEncipherment
subjectAltName
= @
alternate_names
nsComment
=
"OpenSSL Generated Certificate"
# RFC 5280, Section 4.2.1.12 makes EKU optional
# CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused
# In either case, you probably only need serverAuth.
# extendedKeyUsage = serverAuth, clientAuth
# Section req_ext is used when generating a certificate signing request. I.e., openssl req ...
[
req_ext
]
subjectKeyIdentifier
=
hash
basicConstraints
=
CA
:
FALSE
keyUsage
=
digitalSignature
,
keyEncipherment
subjectAltName
= @
alternate_names
nsComment
=
"OpenSSL Generated Certificate"
# RFC 5280, Section 4.2.1.12 makes EKU optional
# CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused
# In either case, you probably only need serverAuth.
# extendedKeyUsage = serverAuth, clientAuth
[
alternate_names
]
DNS
.
1
=
funkwhale
.
test
DNS
.
2
=
node1
.
funkwhale
.
test
DNS
.
3
=
node2
.
funkwhale
.
test
DNS
.
4
=
node3
.
funkwhale
.
test
DNS
.
5
=
localhost
DNS
.
6
=
127
.
0
.
0
.
1
# Add these if you need them. But usually you don't want them or
# need them in production. You may need them for development.
# DNS.5 = localhost
# DNS.6 = localhost.localdomain
# DNS.7 = 127.0.0.1
# IPv6 localhost
# DNS.8 = ::1
This diff is collapsed.
Click to expand it.
docker/ssl/test.crt
+
25
−
20
View file @
f37996fd
-----BEGIN CERTIFICATE-----
MIIDljCCAn6gAwIBAgIJAOA/w9NwL3aMMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMMECouZnVua3doYWxlLnRlc3QwHhcNMTgw
NDA4MTMwNDAzWhcNMjgwNDA1MTMwNDAzWjBgMQswCQYDVQQGEwJBVTETMBEGA1UE
CAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
MRkwFwYDVQQDDBAqLmZ1bmt3aGFsZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyGqRLEMFs1mpRwauTicIRj2zwBUe6JMNRbIvOUkaj2KY6avA
7tiNti/ygBoTyJl2JK3mmLqxElqedpMhjVvYde/PyjXoZ+0Vq4FWv89LV6ZM/Scf
TCIYwWF1ppi6GYFmU3WCIMISkKiPBtMArB0oZxiUWLmkyd8jih2wnQOpkQ20FfG0
CtlrKlQKyAe7X3zPuqGfaMUN7J4w9g3/SC66YulbAtI1/Z4tuG8J4m2RC6jH1hVy
364l3ifEC+m9Kax/ystfu/mkLdyQgRfOZTNf2JhS3BL8zpoWMXFK+4+7TYisrV1h
0pzIAsoQeBB+cFOOFEwRAv0FxSWnZ+/shjnwbwIDAQABo1MwUTAdBgNVHQ4EFgQU
sULmofttRyWUMM93IsD8jBvyCd4wHwYDVR0jBBgwFoAUsULmofttRyWUMM93IsD8
jBvyCd4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUg/fiXut
hW6fDx9f0JdB4uLiLnv8tDP35ackLLapFJhXtflIXcqCzxStQ46nMs1wjaZPb+ws
pLULzvTKTxJbu+JYc2nvis4m2oSFczJ3S9tgug4Ppv8yS7N1pp7kfjOvBjgh6sYW
p+Ctb5r8qvgvT9yDTeCnsqktb/OkRHlHwhRYfnuxh+96s4mzifqFUP4uCCcFYPTc
RE0Ag3oI5sHOdDk/cdYE5PGQPjSP6gzn0lsrz1Q3x1C8+txSHzsJnvS3Ost+dwcy
JSjDBXauy9cZv93Voevcl16Ioo7trtkp4dwAoep52vOT/KMkJ4zm19msV3BP4wMa
BUqrV2F7twD5zw==
MIIEiTCCA3GgAwIBAgIUYxpKxPZIyG2n6qTPNESvYX/VpkowDQYJKoZIhvcNAQEL
BQAwfzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMREwDwYDVQQHDAhOZXcgWW9y
azEVMBMGA1UECgwMRXhhbXBsZSwgTExDMRgwFgYDVQQDDA9FeGFtcGxlIENvbXBh
bnkxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wHhcNMjAwMTA5MTM0
ODMyWhcNMzAwMTA2MTM0ODMyWjB/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkx
ETAPBgNVBAcMCE5ldyBZb3JrMRUwEwYDVQQKDAxFeGFtcGxlLCBMTEMxGDAWBgNV
BAMMD0V4YW1wbGUgQ29tcGFueTEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxl
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1SKznmggF6IaCF
4Jq+CHl9x8tmteQkws+ix65J2Id104fSibrRK8If3LMbKlrmXrpXFIl1TvDGPJQd
emcJhy3tFXR0eRqPTyqOfwxVy4AW7plMpemsoDrk8uONtwUdwmNNRsPeppIIEov7
aj6SWGLzFUjoKwHbXsfy2ff80/9EP7zkJr1ts6VPbPafExDKT225OoANlZ4B3bOG
bviWcP5+HuWUolA1wcyIqLXpc9Lw1M6NsC252sgje9IBpx1NhGe5QNAg5p3BA75/
jbOQH0qSo1xm9cV+FNQJpBybnZ5wuUEgsPJ87MtTIbr0cM5IiarUr/kvyg4sywDV
e07Aaw0CAwEAAaOB/DCB+TAdBgNVHQ4EFgQU9wRYbfo7sxyDITOZCK0H8udIaiww
HwYDVR0jBBgwFoAU9wRYbfo7sxyDITOZCK0H8udIaiwwCQYDVR0TBAIwADALBgNV
HQ8EBAMCBaAwcQYDVR0RBGowaIIOZnVua3doYWxlLnRlc3SCFG5vZGUxLmZ1bmt3
aGFsZS50ZXN0ghRub2RlMi5mdW5rd2hhbGUudGVzdIIUbm9kZTMuZnVua3doYWxl
LnRlc3SCCWxvY2FsaG9zdIIJMTI3LjAuMC4xMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAmXD3
pjwYG4M4NTixkxs9KvdQE5yDqOMEh5ZMygA7/kRbKrYLaFgDYYsNlRFqJNz3sDLe
jTU663Eur5TdwTNiksa11VB3qKCrgQIzhjOavofF0ODfaNBtHtBWwEcpq0t2MnWP
kWot/kqpUcphbx5zyzqHHjiSnNUu16PS/lepNZyQIrfSy23+WIEYEiTbDYqS38SX
p8Pc+i9hQyeOwo4CYnuoPcIRtL/zsFl7WnWKVqXqr7w0PDWus226xO2ZMMLRkMi5
scufzyGBJAsedlCXIbJ+azYlZ2yTr98C7ffEA1PSuhO7wTUim/LUo0UBC/bs6wpc
ZxMkNLp6IaHhNEIeyA==
-----END CERTIFICATE-----
This diff is collapsed.
Click to expand it.
docker/ssl/test.key
+
26
−
26
View file @
f37996fd
-----BEGIN PRIVATE KEY-----
MIIE
wA
IBADANBgkqhkiG9w0BAQEFAASCBK
o
wggS
m
AgEAAoIBAQ
DIapEsQwWzWalH
Bq5OJwhGPbPAFR7okw1Fsi85SRqPYpjpq8Du2I22L/KAGhPImXYkreaYurESWp52
kyGNW9h178/KNehn7RWrgVa/z0tXpkz9Jx9MIhjBYXWmmLoZgWZTdYIgwhKQqI8G
0wCsHShnGJRYuaTJ3yOKHbCdA6mRDbQV8bQK2WsqVArIB7tffM+6oZ9oxQ3snjD2
Df9ILrpi6VsC0jX9ni24bwnibZELqMfWFXLfriXeJ8QL6b0prH/Ky1+7+aQt3JCB
F85lM1/YmFLcEvzOmhYxcUr7j7tNiKytXWHSnMgCyhB4EH5wU44UTBEC/QXFJadn
7+yGOfBv
AgMBAAECggE
BAMVB3lEqRloYTbxSnwzc7g/0ew77usg+tDl8/23qvfGS
od6b5fEvw4sl9hCPmhk+skG3x9dbKR1fg8hBWCzB0XOC7YmhNXXUrBd53eA8L3O9
gtlHwE424Ra0zg+DEug3rHdImSOU4KDwxpV46Jh+ul1+m8QYNFFdBqXSQxrHmAXj
MQ6++rjoJ+bhucmjBouzMYXHTGhdae3kjDFrFJ4cUsH6F03NcDwS+AmZxa/DWQ/H
SoBQBeLoE6I1aKhLgY91yO1e7CtSzS2GFCODReN4b3cylaR7jE7Mg87TZcga6Wfa
Xcd120VVlVq6HmZc/Xob7aUim3AuY2er8bcvmg1XOsECgYEA5EMM5UlpLdNWv1hp
5IMvkeCbXtLJ3IOHO0xLkFdx0CxaR9TyAAqIrSh1t9rFhYqLUNiOdMc2TqrvdgEU
B/QZrAevWRc5sjPvFXmYeWSCi/tjRgQh4jClWDX/TlfAlP55z2BFyMPMX6//WbBQ
5aL9xymTymzFFcaE8EytT5Jz8rUCgYEA4MVF3IkaQepl6H1gf2T6ev+MtGk9AGg9
DSJpio7hfMcY5X3NrTJJFF9DJFXqfo3ILOMyUpIUHqkCGKXil0n9ypLp4vq7l+6c
m1gtKFXh7uKAV4XtSnR0nuK/N10JJp2HbbFYGlziRaa1iEPAFvLDQHu4jyf5sXyV
HvreuQgGWRMCgYEAlUaQKWaP5UsfoPUGE04DjwfvM9zv7EkL6CimBhhZswU+aVmG
haZd6bfa/EiTAhkvsMheqVoaVuoMvgRIgEcPfuRrtPyuW68A/O9PWpvzj+3v5zsO
maisiPqPI0HaDNY6/PZ9zKTXhABKIvJehT7JbjTvlOL7JJl2GNxcPvyM3T0CgYEA
tnVtUKi69+ce8qtUOhXufwoTXiBPtJTpelAE/MUfpfq46xJEc+PuDuuFxWk5AaJ2
bHnBz+VlD76CRR/j4IvfySGZWvfOcHbyCeh6P9P3o8OaC3JcPaRrRs8qCfcsBny6
A
wGDU2MzCvdZRVQ6CmbmuOG13//DYaCQLKXZRrqM7KECgYEAxDsqtyHA/a38UhS8
iQ8HqrZp8CuzJoJw/QILvzjojD1cvmwF73RrPEpRfEaLWVQGQ5F1IlHk/009C5zy
eUT4ZaPxLem6khBf7pn3xXaVBGZsYoltek5sUBsu/jA+4Sw6bcUmhBRBCs98JGpR
DVJtvOTk9aGW8M8UbgqwW+e/6ng
=
MIIE
vQ
IBADANBgkqhkiG9w0BAQEFAASCBK
c
wggS
j
AgEAAoIBAQ
C9Uis55oIBeiGg
heCavgh5fcfLZrXkJMLPoseuSdiHddOH0om60SvCH9yzGypa5l66VxSJdU7wxjyU
HXpnCYct7RV0dHkaj08qjn8MVcuAFu6ZTKXprKA65PLjjbcFHcJjTUbD3qaSCBKL
+2o+klhi8xVI6CsB217H8tn3/NP/RD+85Ca9bbOlT2z2nxMQyk9tuTqADZWeAd2z
hm74lnD+fh7llKJQNcHMiKi16XPS8NTOjbAtudrII3vSAacdTYRnuUDQIOadwQO+
f42zkB9KkqNcZvXFfhTUCaQcm52ecLlBILDyfOzLUyG69HDOSImq1K/5L8oOLMsA
1XtOwGsN
AgMBAAECggE
AAbgEQnNQTNkiAwYUIvOEui2lKbiWACtBRYdRzshG2fv8
3qfPrk2F2y5U359ohAjBZWmy+wiAnfj+xc16tgLFImqbnkIMc2xHqLhAeQkyXshW
hDfI7dUuYzp+5gf8WGSLxkEGWnLkCkFegbzXmxfTC5rvX4kUEuE9/Ay9Y938wr2E
26qdRGxtfVsnFFkLXmj50W3AyF6nBRqZsaS2x8JpHTdw7AjevpL/au2nz1p1rTK9
6cR/V4Hy+dtXLgm0mLdg1G+CJmanjqiweaD4+m91rFTagFIFKf/t5i4IZMu/BLT7
OuylxvEnvZH4p3aSOF1ME0Uv4n2Pzb7Iov/ZZ52/AQKBgQD4qnuj4V3ASXqsraMH
m5MtpBlKAZkngWFesi5ZFijgyutfbIcCPwFOGuXmcaTMj9HtTIwAki+mxkN87UmV
ZM+em2ZJz6srRGvIGN5CMJaJtOPdh3iMjI5QdefJ5gkk207YKzKVw4sw5C+tr4Sr
Uyf3K5ttL+CS5bo26CVXGLlpwQKBgQDC55wrgIzC1VDoFU0N2AZqU31tpP2DTIxc
eu4PqEMF0hjtTh4R5JHR827PmcW3VCaZ1+Fet8+yJ5nZTHWJlFyIg3dIyebn9dau
Yy256S+/1tq7ACmTzw3tn/125g4Is6Sz8yHdZ1YejHqyrK8nmyxuHJVEpWgLI+Ru
U9qQAQqcTQKBgAYb2hG6lZ0FsRfQ5DJppgH3CBADXgnUadnzsqPJoZN0KLgdaGur
tJKAoqk4nX3RAq07tizFappEQKAvDCG5akhRNQAXM/NKKQOvaLZjjy8u3HIyw8lg
IpbjbqBNIGhhYtx4ozN+rEq1MF6p8y5qSo8N6TGTfYbeUebLaS9skhGBAoGAcmZF
uRb8CAPzODYAg0awBUq6DVhRYPbWUBXrk48cv9bgwLEgXzo9CPGMshe9AG1JNvWK
l/Dl3Nj3qZ8CQl2trocTxcqUWMRoXPVjyoJ/f2eZ/TcMMHDQ6RAGUvqXdC4VV3Y3
A
2B7IPUts6A+Ms4W1w654o//sMJBeyyG1g12b+UCgYEA9oLi1licSby9pGuuZXqf
q5zyGzM3adQzOrUNR+GTOAnoQD7tcz2jTvlmn0yv66NzBoy8FAD+UNOiMGipe8Au
1Y3XVCeYho0crCRJP3/fLLmjNe1P/Ijgujpb5jEgCA91opWSpqRVjIspGU0YOApU
jCCVQukqEnud65ur9FLD4a8
=
-----END PRIVATE KEY-----
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
