test: improve https_renew_cert.sh script

tniessen · tniessen · commit 090583b50647 · 2022-03-15T11:26:20.000Z
To avoid unnecessarily large diffs, only generate a new private key if necessary. Otherwise, reuse the existing private key and only issue a new certificate. Remove an unnecessary conversion step using openssl rsa. Extend the certificate validity from 1 year to 10 years. Show a text representation of the issued certificate upon completion such that the user can verify the validity. Refs: #42342 Refs: #37990
diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore b/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore
@@ -0,0 +1 @@
+csr.pem
diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem b/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem
@@ -1,18 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIC9jCCAd6gAwIBAgIJANHflGRpZM1IMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
-BAMMCWxvY2FsaG9zdDAeFw0yMTAzMTUwOTEzMjdaFw0yMjAzMTUwOTEzMjdaMBQx
-EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANMt6TLw9gIxucRgZBn8owavEIMAddxMTjkHiR7jGfaBrvvVTB8ymsIizw/Q
-KTANmu2r3EOqeR9Ht25KZFKxOKCDMd3aKHht38HInXIF6CQe8c5P0xsVKZAWkell
-8ohL05EsFpcrJODIdHfaovODrtX8w1WexqDsUoPQdEk7pISJ2HhmXzpf7QmV00Ux
-8J+64v2pTg8/C9VgpSgxE4oXlfJEqdSIAzGDT+VX96GWXTh7QqLjiQ9T96QHUJEn
-Bx0Sr4rO9mY2lOQG408QuCLR/ng2J+lYx+03SC8Lq7lrtt4M06Ffr8TQRgpDAjkU
-0YitbuysD5XgtCeFq0Fi3v1z700CAwEAAaNLMEkwCwYDVR0PBAQDAgWgMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCCTEyNy4wLjAuMYIJbG9jYWxob3N0
-hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQDAUCt/8Le2EO0ONOkQYUcPmSut6Siz
-UIQrJ8Lwfs0fb+Zk9ElNGLwYTzooKDgzK8cLQ8g8F2WkolBEPXDsy1Ab+e66WkJH
-NH/zAgEyG6cXXRNc+ObM5KbjY0YuDGiajKcndknuuCB+onlC1Pv5oFUSNa3/06+S
-sziFloGbg5S0AHT6lYnwZSM6G7Pre8mcRNRxL6Yw1FOOUpQZKPd7juy4GBRlCucn
-wmp/Fl0wIBDs91Vprig2TO+U6GvtqJ3n/RKXUz1ykUKETtRneSkqa6hFYjwRzawd
-ANpjy/orrVkqXriAbI/1xvBMInWdcMpXNeiOkxQeQdy8TLBk0ZViSJnf
+MIIDATCCAemgAwIBAgIUP43Bp80IGab48gk9ijW6oVGj0PMwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDMxNTExMTgxOVoXDTMyMDMx
+MjExMTgxOVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA0y3pMvD2AjG5xGBkGfyjBq8QgwB13ExOOQeJHuMZ9oGu
++9VMHzKawiLPD9ApMA2a7avcQ6p5H0e3bkpkUrE4oIMx3dooeG3fwcidcgXoJB7x
+zk/TGxUpkBaR6WXyiEvTkSwWlysk4Mh0d9qi84Ou1fzDVZ7GoOxSg9B0STukhInY
+eGZfOl/tCZXTRTHwn7ri/alODz8L1WClKDETiheV8kSp1IgDMYNP5Vf3oZZdOHtC
+ouOJD1P3pAdQkScHHRKvis72ZjaU5AbjTxC4ItH+eDYn6VjH7TdILwuruWu23gzT
+oV+vxNBGCkMCORTRiK1u7KwPleC0J4WrQWLe/XPvTQIDAQABo0swSTALBgNVHQ8E
+BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4wHIIJMTI3LjAuMC4x
+gglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAMMW1VNLj+1jZfIU
+DtZcR70RgAJ4SyOU4XqhmYOLloRZYFZAbkVN63RT0miiEiBsBDoh0OokT6ZkS7oz
+uK1vmM+zBW1GOd12YkbtEXK3ej/xG1sWu/iESqpAcX1k4A9lG+JqGJtyMot9F1an
+7ymSqH6QH0pi/jmdHdeo/ED9rjZsHvhJvWv19qN2gG36NIg3sm6U2MwqPHaXaTt9
+AdxtOgfKJLYhZqQtK9Uap8gn2vXoM6lp4/Ut6tXv74Z3ef2MOKE+9x7r2mBwLXin
+9Ldn4aYU7+9z3lSexFHzJlyPBf/6Cc3E7Kbg+FHwTTQkKuTnsSxC04+Rp/dP3B41
+30utgNk=
 -----END CERTIFICATE-----
diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh b/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
-openssl genrsa -out rsa.pem 2048
-openssl rsa -in rsa.pem -out key.pem
+if [ ! -f key.pem ]; then
+  openssl genrsa -out key.pem 2048
+fi
 openssl req -sha256 -new -key key.pem -out csr.pem -subj "/CN=localhost"
-openssl x509 -req -extfile cert.conf -extensions v3_req -days 365 -in csr.pem -signkey key.pem -out cert.pem
-
+openssl x509 -req -extfile cert.conf -extensions v3_req -days 3650 -in csr.pem -signkey key.pem -out cert.pem
+openssl x509 -in cert.pem -noout -text
