| /openbmc/openbmc/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/ |
| H A D | 0013-raddb-certs-Makefile-fix-the-occasional-verification.patch | 11 openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
12 chmod g+r server.pem
17 error server.pem: verification failed
20 It seems the ca.pem mismatchs server.pem which results in failing to
21 execute "openssl verify -CAfile ca.pem server.pem", so add to check
45 ca.key ca.pem: ca.cnf
48 - $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
49 + @[ -f ca.pem ] || $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
54 ca.der: ca.pem
55 - $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
[all …]
|
| H A D | 0012-raddb-certs-Makefile-fix-the-existed-certificate-err.patch | 9 openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -ext…
38 server.crt: ca.key ca.pem server.csr
39 - $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server…
40 + @[ -f server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PA…
47 client.crt: ca.key ca.pem client.csr
48 - $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client…
49 + @[ -f client.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PA…
|
| /openbmc/qemu/docs/system/ |
| H A D | tls.rst | 14 provided in PEM format. Aside from the core fields, the certificates
54 # certtool --generate-privkey > ca-key.pem
67 --load-privkey ca-key.pem \
69 --outfile ca-cert.pem
74 be used for signing other keys. The generated ``ca-cert.pem`` file
76 support in the VNC server. The ``ca-key.pem`` must not be
124 # certtool --generate-privkey > server-hostNNN-key.pem
126 --load-ca-certificate ca-cert.pem \
127 --load-ca-privkey ca-key.pem \
128 --load-privkey server-hostNNN-key.pem \
[all …]
|
| /openbmc/openbmc/meta-google/recipes-google/google-bios-key/ |
| H A D | google-bios-key.bb | 9 file://platforms_secure.pem \
10 file://platforms_bringup.pem \
14 FILES:${PN} += "${datadir}/google-bios-key/platforms_secure.pem"
15 FILES:${PN} += "${datadir}/google-bios-key/platforms_bringup.pem"
16 FILES:${PN} += "${datadir}/platforms_secure.pem"
17 FILES:${PN} += "${datadir}/platforms_bringup.pem"
21 install -m 0644 ${UNPACKDIR}/platforms_secure.pem ${D}${datadir}/google-bios-key
22 install -m 0644 ${UNPACKDIR}/platforms_bringup.pem ${D}${datadir}/google-bios-key
24 ln -s -r ${D}${datadir}/google-bios-key/platforms_secure.pem ${D}${datadir}/platforms_secure.pem
25 … ln -s -r ${D}${datadir}/google-bios-key/platforms_bringup.pem ${D}${datadir}/platforms_bringup.pem
|
| /openbmc/qemu/tests/qemu-iotests/ |
| H A D | common.tls | 25 rm -f "${tls_dir}"/*.pem
26 rm -f "${tls_dir}"/*/*.pem
65 cat > "${tls_dir}/key.pem" <<EOF
121 --load-privkey "${tls_dir}/key.pem" \
123 --outfile "${tls_dir}/$name-cert.pem"
150 --load-ca-privkey "${tls_dir}/key.pem" \
151 --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
152 --load-privkey "${tls_dir}/key.pem" \
154 --outfile "${tls_dir}/$name/server-cert.pem"
156 ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-oe/classes/ |
| H A D | signing.bbclass | 137 # signing_import_cert_chain_from_pem <role> <pem>
140 # Import a certificate *chain* from a PEM file to a role.
152 local pem="${2}"
155 cat "${pem}" | \
156 while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
162 echo "imported ${pem} under role: ${role}_${i}"
167 # signing_import_cert_from_pem <role> <pem>
169 # Import a certificate from PEM file to a role. To be used
173 local pem="${2}"
176 -in "${pem}" -inform pem -outform der |
[all …]
|
| /openbmc/docs/security/ |
| H A D | TLS-configuration.md | 123 openssl genrsa -out CA-key.pem 2048
131 openssl req -new -config openssl-client.cnf -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
142 openssl genrsa -out client-key.pem 2048
152 openssl req -new -config openssl-client.cnf -key client-key.pem -out signingReqClient.csr
155 Sign the certificate using your `CA-cert.pem` certificate with following
159 …-days 365 -in signingReqClient.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out client-c…
162 The file `client-cert.pem` now contains a signed client certificate.
174 openssl genrsa -out server-key.pem 2048
186 openssl req -new -config openssl-server.cnf -key server-key.pem -out signingReqServer.csr
189 Sign the certificate using your `CA-cert.pem` certificate with following
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-oe/recipes-support/xmlsec1/xmlsec1/ |
| H A D | run-ptest | 13 ./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml
14 ./verify1 sign1-res.xml rsapub.pem
19 ./sign2 sign2-doc.xml rsakey.pem > sign2-res.xml
20 ./verify1 sign2-res.xml rsapub.pem
25 ./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml
26 ./verify3 sign3-res.xml ca2cert.pem cacert.pem
31 ./verify1 sign1-res.xml rsapub.pem
32 ./verify1 sign2-res.xml rsapub.pem
37 ./verify2 sign1-res.xml rsakey.pem
38 ./verify2 sign2-res.xml rsakey.pem
[all …]
|
| /openbmc/openbmc/poky/meta/recipes-support/ca-certificates/ca-certificates/ |
| H A D | 0003-update-ca-certificates-use-relative-symlinks-from-ET.patch | 14 passed the pem file in /etc/ssl/certs/ that was added or
15 removed in this run and those pem files are absolute
60 PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
62 -e 's/,/_/g').pem"
63 - if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
65 + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
67 - ln -sf "${CERT##$SYSROOT}" "$PEM"
68 + ln -sf "${DST}" "$PEM"
69 echo "+$PEM" >> "$ADDED"
|
| H A D | 0002-update-ca-certificates-use-SYSROOT.patch | 36 PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
38 -e 's/,/_/g').pem"
39 - if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
40 + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
42 - ln -sf "$CERT" "$PEM"
43 + ln -sf "${CERT##$SYSROOT}" "$PEM"
44 echo "+$PEM" >> "$ADDED"
|
| /openbmc/docs/designs/management-console/ |
| H A D | Authorities_List_Management.md | 19 2. It only extracts the first certificate given a PEM encoded file with multiple
20 certs; however, Google's trust bundle file contains multiple PEM encoded
28 1. Bulk Installation: given a PEM file with multiple root certificates, it
31 2. Bulk Replacement: given a PEM file with multiple root certificates, it will
55 corresponding object in DBus, dump individual certificates into PEM files in the
57 boost's `ssl_context`) for each certificate, and finally copy the PEM file to
58 the installation path(the PEM file will have a fixed name)
68 PEM file.
71 invocation, it deletes all current authority objects, takes the input PEM, and
80 It only extracts the first certificate even if the PEM contains multiple root
|
| /openbmc/qemu/scripts/ |
| H A D | u2f-setup-gen.py | 31 key_pem: The private key PEM.
32 cert_pem: The certificate PEM.
40 with open(f'{dirpath}/private-key.pem', 'bw') as f:
44 with open(f'{dirpath}/certificate.pem', 'bw') as f:
61 The private and public key PEM.
67 # PEM serialization
68 privkey_pem = privkey.private_bytes(encoding=Encoding.PEM,
71 pubkey_pem = pubkey.public_bytes(encoding=Encoding.PEM,
81 privkey_pem: The private key PEM.
82 pubkey_pem: The public key PEM.
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow/ |
| H A D | 0001-generate-not-static-get_dh-functions.patch | 19 @@ -113,8 +113,9 @@ lib/dhparams.c: lib/dh1024.pem lib/dh2048.pem lib/dh4096.pem
21 openssl dhparam -C -in $(srcdir)/lib/dh1024.pem -noout && \
22 openssl dhparam -C -in $(srcdir)/lib/dh2048.pem -noout && \
23 - openssl dhparam -C -in $(srcdir)/lib/dh4096.pem -noout) \
25 + openssl dhparam -C -in $(srcdir)/lib/dh4096.pem -noout) | \
|
| /openbmc/linux/tools/certs/ |
| H A D | print-cert-tbs-hash.sh | 15 # ./print-cert-tbs-hash.sh certificate-to-invalidate.pem > hash0.txt
16 # openssl smime -sign -in hash0.txt -inkey builtin-private-key.pem \
17 # -signer builtin-certificate.pem -certfile certificate-chain.pem \
33 # Checks that it is indeed a certificate (PEM or DER encoded) and exclude the
34 # optional PEM text header.
35 if ! PEM="$(openssl x509 -inform DER -in "${CERT}" 2>/dev/null || openssl x509 -in "${CERT}")"; then
56 RANGE_AND_DIGEST=($(echo "${PEM}" | \
87 echo "${PEM}" | \
|
| /openbmc/qemu/ui/ |
| H A D | qemu-x509.h | 4 #define X509_CA_CERT_FILE "ca-cert.pem"
5 #define X509_CA_CRL_FILE "ca-crl.pem"
6 #define X509_SERVER_KEY_FILE "server-key.pem"
7 #define X509_SERVER_CERT_FILE "server-cert.pem"
|
| /openbmc/phosphor-certificate-manager/ |
| H A D | x509_utils.cpp | 9 #include <openssl/pem.h>
236 std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem) in parseCert() argument
238 if (pem.size() > INT_MAX) in parseCert()
240 lg2::error("Error occurred during parseCert: PEM is too long"); in parseCert()
241 elog<InvalidCertificate>(Reason("Invalid PEM: too long")); in parseCert()
251 BIOMemPtr bioCert(BIO_new_mem_buf(pem.data(), static_cast<int>(pem.size())), in parseCert()
256 lg2::error("Error occurred during PEM_read_bio_X509 call, PEM:{PEM}", in parseCert()
257 "PEM", pem); in parseCert()
|
| H A D | certificate.cpp | 16 #include <openssl/pem.h>
84 * @brief Dumps the PEM encoded certificate to installFilePath
86 * @param[in] pem - PEM encoded X509 certificate buffer.
92 void dumpCertificate(const std::string& pem, const std::string& certFilePath) in dumpCertificate() argument
102 outputCertFileStream << pem << "\n" << std::flush; in dumpCertificate()
109 "ERR", e, "SRC_PEM", pem, "DST", certFilePath); in dumpCertificate()
257 const std::string& pem, Watch* watchPtr, in Certificate() argument
269 install(x509Store, pem, restore); in Certificate()
383 void Certificate::install(X509_STORE& x509Store, const std::string& pem, in install() argument
388 lg2::debug("Certificate install, PEM_STR:{PEM_STR}", "PEM_STR", pem); in install()
[all …]
|
| /openbmc/qemu/include/crypto/ |
| H A D | tlscredsx509.h | 34 #define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
35 #define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
36 #define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
37 #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
38 #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
39 #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"
|
| /openbmc/openbmc/meta-security/meta-integrity/data/debug-keys/ |
| H A D | README.md | 6 - ima-local-ca.pem: The CA's self-signed certificate
7 - privkey_ima.pem: IMA & EVM private key used for signing files
8 - x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures
16 openssl verify -CAfile ima-local-ca.pem x509_ima.der
|
| /openbmc/linux/Documentation/hwmon/ |
| H A D | lineage-pem.rst | 1 Kernel driver lineage-pem
8 Prefix: 'lineage-pem'
38 Example: the following will load the driver for a Lineage PEM at address 0x40
41 $ modprobe lineage-pem
42 $ echo lineage-pem 0x40 > /sys/bus/i2c/devices/i2c-1/new_device
|
| /openbmc/openbmc/meta-openembedded/meta-python/recipes-devtools/python/python3-pyasn1-modules/ |
| H A D | 0001-Stop-using-pyasn1.compat.octets.patch | 32 from pyasn1_modules import pem
54 from pyasn1_modules import pem
75 from pyasn1_modules import pem
96 from pyasn1_modules import pem
117 from pyasn1_modules import pem
138 from pyasn1_modules import pem
148 substrate = pem.readBase64fromText(self.encrypted_key_pkg_pem_text)
170 from pyasn1_modules import pem
|
| /openbmc/linux/certs/ |
| H A D | Kconfig | 6 default "certs/signing_key.pem"
9 Provide the file name of a private key/certificate in PEM format,
14 If this option is unchanged from its default "certs/signing_key.pem",
37 Note: Remove all ECDSA signing keys, e.g. certs/signing_key.pem,
60 If set, this option should be the filename of a PEM-formatted file
127 If set, this option should be the filename of a PEM-formatted file
|
| /openbmc/openbmc/meta-security/meta-integrity/scripts/ |
| H A D | ima-gen-CA-signed.sh | 18 CA=${1:-ima-local-ca.pem}
45 -out csr_ima.pem -keyout privkey_ima.pem \
47 openssl x509 -req -in csr_ima.pem -days 36500 -extfile $GENKEY -extensions v3_usr \
|
| /openbmc/openbmc/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/ |
| H A D | wpa_supplicant.conf | 286 # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
298 # ca_path: Directory path for CA certificate files (PEM). This path may
304 # client_cert: File path to client certificate file (PEM/DER)
309 # private_key: File path to client private key file (PEM/DER/PFX)
326 # dh_file: File path to DH/DSA parameters file (in PEM format)
375 # ca_path2: Directory path for CA certificate files (PEM)
379 # dh_file2: File path to DH/DSA parameters file (in PEM format)
463 ca_cert="/etc/cert/ca.pem"
464 client_cert="/etc/cert/user.pem"
478 ca_cert="/etc/cert/ca.pem"
[all …]
|
| /openbmc/bmcweb/scripts/ |
| H A D | generate_auth_certificates.py | 194 cakeyFilename = os.path.join(certsDir, "CA-key.pem")
238 with open(os.path.join(certsDir, "client-key.pem"), "wb") as f:
244 with open(os.path.join(certsDir, "client-cert.pem"), "wb") as f:
289 with open(os.path.join(certsDir, "server-key.pem"), "wb") as f:
297 with open(os.path.join(certsDir, "server-cert.pem"), "wb") as f:
328 "CertificateType": "PEM",
364 "CertificateType": "PEM",
388 os.path.join(certsDir, "client-cert.pem"),
389 os.path.join(certsDir, "client-key.pem"),
|