Reissue client keys and update alt config with new private key. Also …

…update issuance CN to match what is expected in server code
obelisk · Jun 6, 2024 · 86cd11d · 86cd11d
1 parent 015aac6
commit 86cd11d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 14 deletions.
diff --git a/examples/rustica_agent_local.toml b/examples/rustica_agent_local.toml
@@ -27,22 +27,20 @@ DF1DluRk6qknMiXlDjpI
 """
 mtls_cert = """
 -----BEGIN CERTIFICATE-----
-MIIBozCCAUmgAwIBAgIUFfYNR8USdd5H7aedW/EhejTq9acwCgYIKoZIzj0EAwIw
-ITEfMB0GA1UEAwwWRW50ZXJwcmlzZUNsaWVudFJvb3RDQTAeFw0yNDA2MDYwNDEw
-MDlaFw0yNjA5MDkwNDEwMDlaMBIxEDAOBgNVBAMMB29iZWxpc2swWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQ0J0nZiZPzoXF0RuevlbxEMIO8mmppKF8vcoloU7en
-vcT/Cof1NOu1/bka6vP1gvz6dhcLCKxov+lNj5FlSodzo24wbDAfBgNVHSMEGDAW
-gBRMuJfTYkBiJshpOzKAqC13Ae0jTTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAS
-BgNVHREECzAJggdvYmVsaXNrMB0GA1UdDgQWBBQY/OwzJcXMf6CTFiZThdIpq6fs
-aTAKBggqhkjOPQQDAgNIADBFAiEA578eo2QJmnOEbkFUz/ADoWbgcfiYl2yWQ6iZ
-dGIrZgwCIENWYLP38Gco2hSTfhkdC//D1+/+3XHBIoL5/WKXImbD
+MIIBQjCB6aADAgECAhUArfRIp1jEPZCLmVbQRzsQrCRcPGAwCgYIKoZIzj0EAwIw
+GDEWMBQGA1UEAwwNUnVzdGljYUFjY2VzczAeFw0yNDA2MDYwNDM2NTRaFw0zMDAz
+MDcwNDM2NTRaMBIxEDAOBgNVBAMMB29iZWxpc2swWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQvKOaSK5vGPjbxk/kjAIxbyRFsKb1DSub5L1DFsfg2OlsrNt4/g3Ra
+NCSkcA99y25LD5txN1vnAHZOqbACKZIooxYwFDASBgNVHREECzAJggdvYmVsaXNr
+MAoGCCqGSM49BAMCA0gAMEUCIAN0yMvU4Keidu14KLV+q4BWG6LR6nIhuiHphA/K
+DGfLAiEAnm9/rz+QrR9jLsvf90sWUkXdf3/Yv5KYSIPtH5XUnYM=
 -----END CERTIFICATE-----
 """
 mtls_key = """
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdmdE/mTtZQt7bECc
-19jWc96c6go4kU4KE5OzxO/Fys+hRANCAAQ0J0nZiZPzoXF0RuevlbxEMIO8mmpp
-KF8vcoloU7envcT/Cof1NOu1/bka6vP1gvz6dhcLCKxov+lNj5FlSodz
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSFyNGs01I6JPXwpn
+Ac1arqHBIvwAAI7tvwFlVp3yO7yhRANCAAQvKOaSK5vGPjbxk/kjAIxbyRFsKb1D
+Sub5L1DFsfg2OlsrNt4/g3RaNCSkcA99y25LD5txN1vnAHZOqbACKZIo
 -----END PRIVATE KEY-----
 """
 

diff --git a/resources/create_certs.sh b/resources/create_certs.sh
@@ -88,7 +88,7 @@ openssl req -x509 -new -key ca.key -nodes -days 3650 -out ca.pem -subj '/CN=Ente
 openssl ecparam -genkey -name prime256v1 -noout -out client_ca.key
 # Convert EC key format to PKCS#8 key format to comply with ring's key format requirement
 openssl pkcs8 -topk8 -nocrypt -in client_ca.key -out client_ca_pkcs8.key
-openssl req -new -key client_ca.key -x509 -nodes -days 3650 -out client_ca.pem -subj '/CN=EnterpriseClientRootCA'
+openssl req -new -key client_ca.key -x509 -nodes -days 3650 -out client_ca.pem -subj '/CN=RusticaAccess'
 
 # ------------ Generate Private Keys For Test Infra ------------ #
 # Generate Rustica Certificates

diff --git a/tests/test_configs/rustica_local_file_alt.toml b/tests/test_configs/rustica_local_file_alt.toml
@@ -97,7 +97,7 @@ ECAwQ=
 x509_private_key = "MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDOLp3ZkQZasW1BKZ+fG3ODQgNThvI7pV38DOEFCz6c+gr8whSiV6EHWT04VrddShehZANiAARKbU0hcFy5+9qqHxGx/FBQb2dh6u+pAYh4ASh7skBkPv5DK/46FH6pvyPp6Gfkp8gagcFsr9nAKbwjkVTtBopuhh45KUM5k4VqIqaNox7g+XCrgG29oVqA5WZpW8DFH2c="
 x509_private_key_algorithm = "p384"
 
-client_certificate_authority_private_key = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgoU93S9rVNdO/xGCd6xrHGY+I3DlrOVUNpeCv1LGAw2ehRANCAASMdgwkgj8HTSjBYMaKDl43YsIvhbN8Ju5KEj9F9LVeki+L2jfcdTrferUwBFqQsaaoIBEMmGbb2pWiLP/lwl2I"
+client_certificate_authority_private_key = "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFEwFOjsK54VOGLVajOMpV6PXEbOHKS8EXIMxRwmLQ/qhRANCAAQ+F90NcFu0EucoggNcbOGI4KP70/Mdb9hMxbd2NYx0DAeEvFiIjP2CI8QV6JgNW32zBKibV2iMtcwEyjMG7bR8"
 client_certificate_authority_private_key_algorithm = "p256"
 client_certificate_authority_common_name = "RusticaAccess"