Skip to content

Commit

Permalink
👽 Re-generate self-signed certificates
Browse files Browse the repository at this point in the history 
They were generated 3 years ago and expired now.

Backport-of: 422d135
  • Loading branch information
@sergei-maertens
sergei-maertens committed Jul 3, 2024
1 parent dade4fe commit 7d7e9fe
Show file tree
Hide file tree
Showing 8 changed files with 81 additions and 49 deletions.
29 changes: 19 additions & 10 deletions docker/certs/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Certificates

The certificates in this directory are self-signed and used for testing Open Forms
certificate validation. **Do NOT use these in any real deployments.**
The certificates in this directory are self-signed and used for testing Open Forms certificate
validation. **Do NOT use these in any real deployments.**

Open Forms has a mode where you can specify additional (root) certificates to trust,
in addition to the [`certifi.where()`][certifi] certificate bundle. These certificates
are used to (automatically) test this.
Open Forms has a mode where you can specify additional (root) certificates to trust, in addition to
the [`certifi.where()`][certifi] certificate bundle. These certificates are used to (automatically)
test this.

## Testing

Expand All @@ -15,8 +15,8 @@ In the root of the repository, run:
docker-compose -f docker-compose.ci.yml up mock-endpoints.local
```

Now, navigate your browser (or any other HTTP client) to `https://localhost:9001` and
verify that the self-signed certificates are used.
Now, navigate your browser (or any other HTTP client) to `https://localhost:9001` and verify that
the self-signed certificates are used.

## Generate certificates

Expand All @@ -25,8 +25,16 @@ The certificates are generated following an [Azure guide][certicate guide].
```bash
# root certificate
openssl ecparam -out openforms.key -name prime256v1 -genkey
openssl req -new -sha256 -key openforms.key -out openforms.csr
openssl x509 -req -sha256 -days 1095 -in openforms.csr -signkey openforms.key -out openforms.crt
openssl req -new -sha256 -key openforms.key -out openforms.csr -config openforms.cnf
openssl x509 \
-req \
-sha256 \
-days 1095 \
-in openforms.csr \
-signkey openforms.key \
-out openforms.crt \
-extensions v3_ca \
-extfile openforms.cnf

# server certificate
openssl ecparam -out mocks.key -name prime256v1 -genkey
Expand Down Expand Up @@ -55,4 +63,5 @@ openssl x509 \
Note that the certificate expires after about 3 years.

[certifi]: https://pypi.org/project/certifi/
[certificate guide]: https://docs.microsoft.com/en-us/azure/application-gateway/self-signed-certificates
[certificate guide]:
https://docs.microsoft.com/en-us/azure/application-gateway/self-signed-certificates
23 changes: 12 additions & 11 deletions docker/certs/mocks.crt
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
-----BEGIN CERTIFICATE-----
MIIB6DCCAY6gAwIBAgIUDdJqIj8T0bb/XbgzVK7jZ8556nAwCgYIKoZIzj0EAwIw
ZTELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcM
CUFtc3RlcmRhbTEVMBMGA1UECgwMTWF5a2luIE1lZGlhMRMwEQYDVQQDDApPcGVu
IEZvcm1zMB4XDTIxMDYyMzA4NTExM1oXDTI0MDYyMjA4NTExM1owaTELMAkGA1UE
BhMCTkwxFjAUBgNVBAgMDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcMCUFtc3RlcmRh
bTEVMBMGA1UECgwMTWF5a2luIE1lZGlhMRcwFQYDVQQDDA5PcGVuRm9ybXNNb2Nr
czBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPkrVEFg+7Z9yUE/jvXnHO2Icl8N
6GKFTV88fVfJn9LAqNJMRUbWqXhPA88vnTzk0RoyeMf+A1JqY64luZ6JhFGjGDAW
MBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAKBggqhkjOPQQDAgNIADBFAiA+Og1cR1+/
X+OTSc4PAGJy73AtNMdEkon/oveIcQQZuQIhANcx8cARPW/2v3+JO/hbhlrHihxJ
y+dVbq1BQHG1/RwX
MIICDjCCAbOgAwIBAgIUDdJqIj8T0bb/XbgzVK7jZ8556nMwCgYIKoZIzj0EAwIw
UDELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcM
CUFtc3RlcmRhbTEVMBMGA1UEAwwMT3BlbkZvcm1zIENBMB4XDTI0MDYyNDEzMjU0
OFoXDTI3MDYyNDEzMjU0OFowYzELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3Jk
LUhvbGxhbmQxEjAQBgNVBAcMCUFtc3RlcmRhbTEPMA0GA1UECgwGTWF5a2luMRcw
FQYDVQQDDA5PcGVuRm9ybXNNb2NrczBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BCmQ8uTIya2d8EA1jm1Y3+UKbY/owWOOvHO1+SlaUB2px4Bt1Lk8VkhBed75trAv
p/lqWyEAt5ExzSuqtnx4RUKjWDBWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAdBgNV
HQ4EFgQUbhSY4vvdTZDa2cgl2osmXfPyRvEwHwYDVR0jBBgwFoAUzUoaQA9akpQS
UmMwNfIGu6iuGA0wCgYIKoZIzj0EAwIDSQAwRgIhAO+91GpjBUbkVQbK3x64SRdU
frTuPdPZpa2OVjvEge8OAiEAlfkYDE2gmo7/3+BvyIgnBkMzDWeQMeWsw91Zu1JI
K0A=
-----END CERTIFICATE-----
14 changes: 7 additions & 7 deletions docker/certs/mocks.csr
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBSjCB8gIBADBpMQswCQYDVQQGEwJOTDEWMBQGA1UECAwNTm9vcmQtSG9sbGFu
ZDESMBAGA1UEBwwJQW1zdGVyZGFtMRUwEwYDVQQKDAxNYXlraW4gTWVkaWExFzAV
BgNVBAMMDk9wZW5Gb3Jtc01vY2tzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+StUQWD7tn3JQT+O9ecc7YhyXw3oYoVNXzx9V8mf0sCo0kxFRtapeE8Dzy+dPOTR
GjJ4x/4DUmpjriW5nomEUaAnMCUGCSqGSIb3DQEJDjEYMBYwFAYDVR0RBA0wC4IJ
bG9jYWxob3N0MAoGCCqGSM49BAMCA0cAMEQCIAUflF1OuUvFBWyLLBDD3npIAuPv
63cFLH16G4wTaCKXAiBM9h/10ey1ZcQScw2Jr0ER8lBmZatSj1Cyx7aGMNw4Xg==
MIIBRTCB7AIBADBjMQswCQYDVQQGEwJOTDEWMBQGA1UECAwNTm9vcmQtSG9sbGFu
ZDESMBAGA1UEBwwJQW1zdGVyZGFtMQ8wDQYDVQQKDAZNYXlraW4xFzAVBgNVBAMM
Dk9wZW5Gb3Jtc01vY2tzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKZDy5MjJ
rZ3wQDWObVjf5Qptj+jBY468c7X5KVpQHanHgG3UuTxWSEF53vm2sC+n+WpbIQC3
kTHNK6q2fHhFQqAnMCUGCSqGSIb3DQEJDjEYMBYwFAYDVR0RBA0wC4IJbG9jYWxo
b3N0MAoGCCqGSM49BAMCA0gAMEUCIBhl8N4Uel9CXm/sNF2V2ri6aaIkL+9MdjPH
dy5Mlwa9AiEA8AU8jtZjXbeOWBPyXcKWAhCpJmSe8e70GYSPkB1tYhs=
-----END CERTIFICATE REQUEST-----
6 changes: 3 additions & 3 deletions docker/certs/mocks.key
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIGk98lAzWIZ/VaCrJlFiIvy6TvXr04rEWIC9+NT3pDSvoAoGCCqGSM49
AwEHoUQDQgAE+StUQWD7tn3JQT+O9ecc7YhyXw3oYoVNXzx9V8mf0sCo0kxFRtap
eE8Dzy+dPOTRGjJ4x/4DUmpjriW5nomEUQ==
MHcCAQEEINqOQLajH5o1J+xGI70mosg7K2ymDBKTII2KesTlbtbwoAoGCCqGSM49
AwEHoUQDQgAEKZDy5MjJrZ3wQDWObVjf5Qptj+jBY468c7X5KVpQHanHgG3UuTxW
SEF53vm2sC+n+WpbIQC3kTHNK6q2fHhFQg==
-----END EC PRIVATE KEY-----
22 changes: 22 additions & 0 deletions docker/certs/openforms.cnf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_ca

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = NL
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Noord-Holland
localityName = Locality Name (eg, city)
localityName_default = Amsterdam
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName = Common Name (eg, fully qualified host name)
commonName_default = OpenForms CA
emailAddress = Email Address
emailAddress_default =

[ v3_ca ]
basicConstraints = critical, CA:TRUE
keyUsage = critical, digitalSignature, keyCertSign, cRLSign
21 changes: 11 additions & 10 deletions docker/certs/openforms.crt
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIBxDCCAWsCFE5dCyT5NzsAB/bdsF4St0QcO+/EMAoGCCqGSM49BAMCMGUxCzAJ
BgNVBAYTAk5MMRYwFAYDVQQIDA1Ob29yZC1Ib2xsYW5kMRIwEAYDVQQHDAlBbXN0
ZXJkYW0xFTATBgNVBAoMDE1heWtpbiBNZWRpYTETMBEGA1UEAwwKT3BlbiBGb3Jt
czAeFw0yMTA2MjMwODUwMjJaFw0yNDA2MjIwODUwMjJaMGUxCzAJBgNVBAYTAk5M
MRYwFAYDVQQIDA1Ob29yZC1Ib2xsYW5kMRIwEAYDVQQHDAlBbXN0ZXJkYW0xFTAT
BgNVBAoMDE1heWtpbiBNZWRpYTETMBEGA1UEAwwKT3BlbiBGb3JtczBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABLexnPEU81SuTbIUTia953j5bn38qxIgLIsFKdkH
8b7xM4t7jtu579FKQ7wufNXJGPWOYHy7BEL09XZhirqIkD8wCgYIKoZIzj0EAwID
RwAwRAIgNvVfetmvTzJxtVcgM8IoZP/OjIBe6JG0U6TVKdCeyWsCIFUBqimXgPMN
4w+fuhRCimOr4Y1O/lhdsX42zroSsdbj
MIIB4zCCAYqgAwIBAgIUPx02ag3wRmfihl86Nrzbxz4cvAAwCgYIKoZIzj0EAwIw
UDELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcM
CUFtc3RlcmRhbTEVMBMGA1UEAwwMT3BlbkZvcm1zIENBMB4XDTI0MDYyNDEzMjUw
NloXDTI3MDYyNDEzMjUwNlowUDELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3Jk
LUhvbGxhbmQxEjAQBgNVBAcMCUFtc3RlcmRhbTEVMBMGA1UEAwwMT3BlbkZvcm1z
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEt7Gc8RTzVK5NshROJr3nePlu
ffyrEiAsiwUp2QfxvvEzi3uO27nv0UpDvC581ckY9Y5gfLsEQvT1dmGKuoiQP6NC
MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFM1K
GkAPWpKUElJjMDXyBruorhgNMAoGCCqGSM49BAMCA0cAMEQCIC2BtxUATanaKbga
QlMGxkCVwoY8Rdu2z6MY1eB31UI9AiBsxihNzx6USUiuA0bIWOjCfn1kRvUqthhx
wJys6f6efg==
-----END CERTIFICATE-----
13 changes: 6 additions & 7 deletions docker/certs/openforms.csr
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBITCBxwIBADBlMQswCQYDVQQGEwJOTDEWMBQGA1UECAwNTm9vcmQtSG9sbGFu
ZDESMBAGA1UEBwwJQW1zdGVyZGFtMRUwEwYDVQQKDAxNYXlraW4gTWVkaWExEzAR
BgNVBAMMCk9wZW4gRm9ybXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3sZzx
FPNUrk2yFE4mved4+W59/KsSICyLBSnZB/G+8TOLe47bue/RSkO8LnzVyRj1jmB8
uwRC9PV2YYq6iJA/oAAwCgYIKoZIzj0EAwIDSQAwRgIhAIGcOkauirObYSJeSnGb
mZpliiSEgHdANAMVQIezxmdqAiEA3Dq8+yUiGWpFsq3fZYFKXhOFX0zzo4l7bBEZ
dH5Id/A=
MIIBDDCBsgIBADBQMQswCQYDVQQGEwJOTDEWMBQGA1UECAwNTm9vcmQtSG9sbGFu
ZDESMBAGA1UEBwwJQW1zdGVyZGFtMRUwEwYDVQQDDAxPcGVuRm9ybXMgQ0EwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAAS3sZzxFPNUrk2yFE4mved4+W59/KsSICyL
BSnZB/G+8TOLe47bue/RSkO8LnzVyRj1jmB8uwRC9PV2YYq6iJA/oAAwCgYIKoZI
zj0EAwIDSQAwRgIhAJg5jhu+koq45p6+/j1Vj3MF9SOPgyWVbCpm5sAIKeVRAiEA
3OwmFijWg4hvBMS3CasyPWWhRTDwt9ZwGlmOpNlHOvM=
-----END CERTIFICATE REQUEST-----
2 changes: 1 addition & 1 deletion docker/certs/openforms.srl
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0DD26A223F13D1B6FF5DB83354AEE367CE79EA70
0DD26A223F13D1B6FF5DB83354AEE367CE79EA73

0 comments on commit 7d7e9fe

Please sign in to comment.