[rs-commit] r526 - in /rs-interop/trunk/src/site: resources/ resources/images/ xhtml5/csr/ xhtml5/scep/ xhtml5/spkac/
rs-commit at redwax.eu
rs-commit at redwax.eu
Sat Sep 13 11:56:12 CEST 2025
Author: minfrin at redwax.eu
Date: Sat Sep 13 11:56:05 2025
New Revision: 526
Log:
Use mod_ca_provider acrosss the interop site, rather than mod_ca_simple.
Modified:
rs-interop/trunk/src/site/resources/Redwax-Interop-Demo.mobileconfig
rs-interop/trunk/src/site/resources/images/redwax-macos-scep-certificate.png
rs-interop/trunk/src/site/resources/images/redwax-macos-scep-mobileconfig.png
rs-interop/trunk/src/site/xhtml5/csr/index.xhtml5
rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5
rs-interop/trunk/src/site/xhtml5/spkac/index.xhtml5
Modified: rs-interop/trunk/src/site/resources/Redwax-Interop-Demo.mobileconfig
==============================================================================
--- rs-interop/trunk/src/site/resources/Redwax-Interop-Demo.mobileconfig (original)
+++ rs-interop/trunk/src/site/resources/Redwax-Interop-Demo.mobileconfig Sat Sep 13 11:56:05 2025
@@ -36,7 +36,7 @@
<string>test at example.com</string>
</dict>
<key>URL</key>
- <string>https://interop.redwax.eu/test/simple/scep</string>
+ <string>https://interop.redwax.eu/test/provider/scep</string>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP settings</string>
Modified: rs-interop/trunk/src/site/resources/images/redwax-macos-scep-certificate.png
==============================================================================
Binary files - no diff available.
Modified: rs-interop/trunk/src/site/resources/images/redwax-macos-scep-mobileconfig.png
==============================================================================
Binary files - no diff available.
Modified: rs-interop/trunk/src/site/xhtml5/csr/index.xhtml5
==============================================================================
--- rs-interop/trunk/src/site/xhtml5/csr/index.xhtml5 (original)
+++ rs-interop/trunk/src/site/xhtml5/csr/index.xhtml5 Sat Sep 13 11:56:05 2025
@@ -102,14 +102,11 @@
<code><![CDATA[<IfModule !ca_module>
LoadModule ca_module /usr/lib64/httpd/modules/mod_ca.so
</IfModule>
-<IfModule !ca_simple_module>
- LoadModule ca_simple_module /usr/lib64/httpd/modules/mod_ca_simple.so
-</IfModule>
<IfModule !csr_module>
LoadModule csr_module /usr/lib64/httpd/modules/mod_csr.so
</IfModule>
-<Location /test/simple/csr>
+<Location /test/provider/csr>
Require all granted
SetHandler csr
CsrParamChallenge challenge
@@ -143,7 +140,7 @@
To request a certificate be generated, submit the form below.
</p>
- <form id="createform" method="POST" action="https://interop.redwax.eu/test/simple/csr">
+ <form id="createform" method="POST" action="https://interop.redwax.eu/test/provider/csr">
<input type="hidden" name="pkcs10" id="pkcs10" value="" />
<p>
<label>Enter a common name:</label>
Modified: rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5
==============================================================================
--- rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5 (original)
+++ rs-interop/trunk/src/site/xhtml5/scep/index.xhtml5 Sat Sep 13 11:56:05 2025
@@ -48,13 +48,13 @@
<tr>
<td>SCEP Server URL</td>
<td>
- <code>https://interop.redwax.eu<wbr />/test/simple/scep</code>
+ <code>https://interop.redwax.eu<wbr />/test/provider/scep</code>
</td>
</tr>
<tr>
<td>SCEP Alternative URL</td>
<td>
- <code>http://interop.redwax.eu<wbr />/test/simple/scep</code>
+ <code>http://interop.redwax.eu<wbr />/test/provider/scep</code>
</td>
</tr>
<tr>
@@ -108,6 +108,9 @@
<code><![CDATA[<IfModule !ca_module>
LoadModule ca_module /usr/lib64/httpd/modules/mod_ca.so
</IfModule>
+<IfModule !ca_provider_module>
+ LoadModule ca_provider_module /usr/lib64/httpd/modules/mod_ca_provider.so
+</IfModule>
<IfModule !ca_simple_module>
LoadModule ca_simple_module /usr/lib64/httpd/modules/mod_ca_simple.so
</IfModule>
@@ -115,24 +118,25 @@
LoadModule scep_module /usr/lib64/httpd/modules/mod_scep.so
</IfModule>
-<Location /test/simple>
-
- CASimpleCertificate /etc/pki/interop/ca-cert.pem
- CASimpleKey /etc/pki/interop/private/ca-key.pem
- CASimpleDays 1
+<Location /test/provider>
+
+ CAProviderCertificate file:/etc/pki/interop/ca-cert.pem
+ CAProviderKey file:/etc/pki/interop/private/ca-key.pem
+ CAProviderCA file:/etc/pki/interop/ca-cert.pem
+ CAProviderDays 1
CASimpleTime on
CASimpleAlgorithm RSA rsa_keygen_bits=4096
CASimpleSerialRandom on
- CASimpleExtension basicConstraints CA:FALSE
- CASimpleExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
- CASimpleExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
- CASimpleExtension subjectKeyIdentifier hash
- CASimpleExtension authorityKeyIdentifier keyid,issuer
+ CAProviderExtension basicConstraints CA:FALSE
+ CAProviderExtension keyUsage critical,nonRepudiation,digitalSignature,keyEncipherment
+ CAProviderExtension extendedKeyUsage OID:1.3.6.1.5.5.7.3.2
+ CAProviderExtension subjectKeyIdentifier hash
+ CAProviderExtension authorityKeyIdentifier keyid,issuer
</Location>
-<Location /test/simple/scep>
+<Location /test/provider/scep>
Require all granted
SetHandler scep
ScepRACertificate /etc/pki/interop/scep-ra.cert
@@ -213,7 +217,7 @@
<string>test at example.com</string>
</dict>
<key>URL</key>
- <string>https://interop.redwax.eu/test/simple/scep</string>
+ <string>https://interop.redwax.eu/test/provider/scep</string>
</dict>
<key>PayloadDescription</key>
<string>Configures SCEP settings</string>
@@ -302,7 +306,7 @@
<code><![CDATA[[admin at router] /> /certificate
[admin at router] /certificate> add common-name=test-cn name=test-name
[admin at router] /certificate> add-scep template=test-name
- scep-url=http://interop.redwax.eu/test/simple/scep
+ scep-url=http://interop.redwax.eu/test/provider/scep
]]></code>
</pre>
<p>
@@ -310,34 +314,31 @@
</p>
<pre>
<code><![CDATA[[admin at router] /certificate> print detail
-Flags: K - private-key, L - crl, C - smart-card-key, A - authority,
-I - issued, R - revoked, E - expired, T - trusted
- 0 K T name="test-name"
- issuer=CN=Redwax Interop Testing Root Certificate Authority 2040,O=Redwax
- Project
- digest-algorithm=sha256 key-type=rsa common-name="test-cn" key-size=2048
- subject-alt-name="" days-valid=2 trusted=yes
- key-usage=digital-signature,content-commitment,key-encipherment,tls-client
- scep-url="http://interop.redwax.eu/test/simple/scep"
- serial-number="80B89D2D99C09CB2"
- fingerprint="f83f497a11ccaf4e43e7df5838c9687c0b3bf0c0f46959403d4e8e0e8ac54fb5
- "
- ca-fingerprint="593685a2b4223e2634a74bc86125808e12c0680283ad6c67b44a6e3305c62
- 30d"
- invalid-before=feb/15/2020 00:32:05 invalid-after=feb/17/2020 00:32:05
- expires-after=23h47m2s challenge-password="" status="idle"
-
- 1 T name="test-name_CA"
- issuer=CN=Redwax Interop Testing Root Certificate Authority 2040,O=Redwax
- Project
- digest-algorithm=sha1 key-type=rsa organization="Redwax Project"
- common-name="Redwax Interop Testing Root Certificate Authority 2040"
- key-size=2048 subject-alt-name="" days-valid=6534 trusted=yes
- serial-number="6F11B7D855D27D9A14F3B6E9152B60CA8C4BE2AA"
- fingerprint="593685a2b4223e2634a74bc86125808e12c0680283ad6c67b44a6e3305c6230d
- "
- invalid-before=feb/11/2020 17:38:56 invalid-after=jan/01/2038 17:38:56
- expires-after=932w5d16h53m53s
+Flags: K - private-key; L - crl; C - smart-card-key; A - authority; I - issued, R - revoked; E - expired; T - trusted
+ 0 K T name="test-name" digest-algorithm=sha256 trusted=yes common-name="test-cn"
+ subject-alt-name=""
+ issuer=O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040
+ key-type=rsa key-size=2048
+ key-usage=digital-signature,content-commitment,key-encipherment,tls-client
+ days-valid=2 invalid-before=2025-09-11 21:50:53 invalid-after=2025-09-13 21:50:53
+ serial-number="a11be00e09c75666" akid=ed75de35143c4723f1b11ae413438cbbccc22b56
+ skid=6c326730c923afd2cf9820e584888e7311f39d8a
+ scep-url="http://interop.redwax.eu/test/provider/scep"
+ fingerprint="fd78e944cd7c57fd2d4ced4b887318c8f7914c8c5c5bd05cd486db5ef9c6d346"
+ ca-fingerprint="593685a2b4223e2634a74bc86125808e12c0680283ad6c67b44a6e3305c6230d"
+ expires-after=11h46m20s challenge-password="" status="idle"
+
+ 1 T name="test-name_CA" digest-algorithm=sha1 trusted=yes
+ common-name="Redwax Interop Testing Root Certificate Authority 2040"
+ organization="Redwax Project" subject-alt-name=""
+ issuer=O=Redwax Project,CN=Redwax Interop Testing Root Certificate Authority 2040
+ key-type=rsa key-size=2048 days-valid=7300 invalid-before=2020-02-11 17:38:56
+ invalid-after=2040-02-06 17:38:56
+ serial-number="6f11b7d855d27d9a14f3b6e9152b60ca8c4be2aa"
+ akid=ed75de35143c4723f1b11ae413438cbbccc22b56
+ skid=ed75de35143c4723f1b11ae413438cbbccc22b56
+ fingerprint="593685a2b4223e2634a74bc86125808e12c0680283ad6c67b44a6e3305c6230d"
+ expires-after=751w2d7h34m23s
]]></code>
</pre>
</div>
Modified: rs-interop/trunk/src/site/xhtml5/spkac/index.xhtml5
==============================================================================
--- rs-interop/trunk/src/site/xhtml5/spkac/index.xhtml5 (original)
+++ rs-interop/trunk/src/site/xhtml5/spkac/index.xhtml5 Sat Sep 13 11:56:05 2025
@@ -97,14 +97,11 @@
<code><![CDATA[<IfModule !ca_module>
LoadModule ca_module /usr/lib64/httpd/modules/mod_ca.so
</IfModule>
-<IfModule !ca_simple_module>
- LoadModule ca_simple_module /usr/lib64/httpd/modules/mod_ca_simple.so
-</IfModule>
<IfModule !spkac_module>
LoadModule spkac_module /usr/lib64/httpd/modules/mod_spkac.so
</IfModule>
-<Location /test/simple/spkac>
+<Location /test/provider/spkac>
Require all granted
SetHandler spkac
SpkacSubjectRequest CN
@@ -137,7 +134,7 @@
To request a certificate be generated, submit the form below.
</p>
- <form id="createform" method="POST" action="https://interop.redwax.eu/test/simple/spkac">
+ <form id="createform" method="POST" action="https://interop.redwax.eu/test/provider/spkac">
<p>
<label>Enter a common name:</label>
<input type="text" name="subject-CN" id="name" placeholder="Common Name" value="" />
More information about the rs-commit
mailing list