rtrtr 0.3.3

A versatile tool for managing route filters
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

# CA for testing client certificates

This directory contains keys and certificates for testing client
certificate support.

## Directory Content

The files are as follows. They are all in PEM format.

* **ca.key**: CA private key.
* **ca.cer**: CA certificate for “RTRTR Client Test CA.”
* **subca.key**: Subordinate CA private key.
* **subca.csr**: Subordinate CA CSR.
* **subca.cer**: Subordinate CA certificate
* **client.key**: client private key.
* **client.csr**: client CSR.
* **client.cer**: client certificate for “RTRTR Test Client.”
* **client-combined.pem**: key and certificate for the client and
  subordinate CA certificate.

There are a few additional supporting files:

* **client-extension.txt**: defines the certificate extensions for the
  client certificate.


## Making Certificates

1. Generate a key:

```
openssl ecparam -name prime256v1 -genkey -noout -out $TARGET.key
```

2. Generate a certificate signing request for the key:

```
openssl req -new -sha256 -key $TARGET.key -out $TARGET.csr
```

3a. Generate a CA certificate:

```
openssl x509 -req  -CA ca.cer -CAkey ca.key -CAcreateserial -days 1000000 \
-sha256 -extfile subca-extension.txt -in $TARGET.csr -out $TARGET.cer
```

3b. Generate a client certificate:

```
openssl x509 -req  -CA subca.cer -CAkey subca.key -CAcreateserial \
-days 1000000 -sha256 -extfile client-extension.txt \
-in $TARGET.csr -out $TARGET.cer
```