A R Karthick | eeac7e1 | 2017-03-10 17:35:39 -0800 | [diff] [blame^] | 1 | To update expired certificates, |
| 2 | use the current working certs_2 directory and copy it as certs_4 |
| 3 | cp -rv certs_2 certs_4 |
| 4 | cd certs_4 |
| 5 | Update ca.cnf,server.cnf,client.cnf default_days field to update certificate expiry. |
| 6 | Then type: |
| 7 | make clean |
| 8 | make |
| 9 | to create the new certificates. |
| 10 | |
| 11 | Now decrypt the openssl rsa keys for: |
| 12 | client.key, server.key and ca.key |
| 13 | |
| 14 | openssl rsa -in ca.key -out ca.key.decrypted |
| 15 | openssl rsa -in client.key -out client.key.decrypted |
| 16 | openssl rsa -in server.key -out server.key.decrypted |
| 17 | |
| 18 | passphrase for all 3 is whatever |
| 19 | |
| 20 | Next step is to update client.pem and server.pem, |
| 21 | BEGIN ENCRYPTED KEY SECTIONS |
| 22 | with the decrypted contents of client.key.decrypted and server.key.decrypted respectively. |
| 23 | |
| 24 | Then rename the decrypted files back to overwrite the encrypted key files. |
| 25 | mv ca.key.decrypted ca.key |
| 26 | mv client.key.decrypted client.key |
| 27 | mv server.key.decrypted server.key |
| 28 | |
| 29 | Now update the test code in cord-tester/src/test/utils/EapTLS.py with the contents of client.crt and client.key. |
| 30 | If you want, you can also populate the INVALID cert key field in cord-tester/src/test/tls/tlsTest.py with the contents of ca.pem (optional) |