Create Test SSL CA & Client Server Keys#973
Create Test SSL CA & Client Server Keys#973dckorben wants to merge 8 commits intoconnamara:masterfrom
Conversation
|
This isn't quite there yet. |
|
This is ready to go. The examples work with the newly generated keys. I did include the powershell from the previous effort, but it can be dropped. The C# is building almost exactly the same key structure as the powershell script is. Both methods build certs that can be used by the example apps. Given that the tests I created for SSL Factory Tests work cross platform, I am taking a leap that this isn't a bridge too far and the C# code solves the portability issue and works on linux as well. Please confirm. |
| SSLCertificatePassword=QuickFixn-TestClient | ||
| SSLCertificatePassword=qfnpass123 | ||
| # For production refer to certificate by name instead: SSLCertificate=CN=QuickFixn-TestClient | ||
| SSLServerName=QuickFixn-TestServer |
There was a problem hiding this comment.
Key Resolution really cares about Subject Alternative Names
| SSLServerName=QuickFixn-TestServer | ||
| SSLCACertificate=../QuickFixn-TestCA.cer | ||
| SSLCheckCertificateRevocation=N | ||
| SSLProtocols=Default |
There was a problem hiding this comment.
Use SSLProtocols=Default instead of SSLProtocols=None to let the OS pick the best one.
| $clientCertPath = "QuickFixn-TestClient.pfx" | ||
| $password = ConvertTo-SecureString -String "qfnpass123" -Force -AsPlainText | ||
| Export-Certificate -Cert $clientCert -FilePath "QuickFixn-TestClient.cer" | ||
| Export-PfxCertificate -Cert $clientCert -FilePath $clientCertPath -Password $password No newline at end of file |
There was a problem hiding this comment.
This works in an elevated prompt on windows.
powershell -noexit -executionpolicy bypass -File .\GenerateKeys.ps1
1 participant
Addresses #961
@gbirchmeier Since we weren't able get the cross platform powershell to work earlier this year, I thought I'd try again. This is kinda overkill but it will do the job as needed and hopefully works in all environments. I've set the half-life on these keys to be VERY, very short and can be changed but I basically cribbed myself from the SSL Factory Tests I added to the project.
Effectively, you could remove the keys currently in the project entirely (probably good practice) and if someone wants to run the examples, they generate their own first. I haven't confirmed what the rest of the library throws if you try to use an expired key yet, so I suppose consider this a draft proposal but if you can confirm it does work cross platform... then this is an answer to your need.
I tried to get this to work in C# interactive and it did NOT like it, probably the Cryptography dependency.