Home
last modified time | relevance | path

Searched full:pem (Results 1 – 25 of 158) sorted by relevance

1234567

/openbmc/openbmc/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/
H A D0013-raddb-certs-Makefile-fix-the-occasional-verification.patch11 openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
12 chmod g+r server.pem
17 error server.pem: verification failed
20 It seems the ca.pem mismatchs server.pem which results in failing to
21 execute "openssl verify -CAfile ca.pem server.pem", so add to check
45 ca.key ca.pem: ca.cnf
48 - $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
49 + @[ -f ca.pem ] || $(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
54 ca.der: ca.pem
55 - $(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
[all …]
H A D0012-raddb-certs-Makefile-fix-the-existed-certificate-err.patch9 openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -ext…
38 server.crt: ca.key ca.pem server.csr
39 - $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server…
40 + @[ -f server.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PA…
47 client.crt: ca.key ca.pem client.csr
48 - $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client…
49 + @[ -f client.crt ] || $(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PA…
/openbmc/openbmc/meta-google/recipes-google/google-bios-key/
H A Dgoogle-bios-key.bb9 file://platforms_secure.pem \
10 file://platforms_bringup.pem \
14 FILES:${PN} += "${datadir}/google-bios-key/platforms_secure.pem"
15 FILES:${PN} += "${datadir}/google-bios-key/platforms_bringup.pem"
16 FILES:${PN} += "${datadir}/platforms_secure.pem"
17 FILES:${PN} += "${datadir}/platforms_bringup.pem"
21 install -m 0644 ${UNPACKDIR}/platforms_secure.pem ${D}${datadir}/google-bios-key
22 install -m 0644 ${UNPACKDIR}/platforms_bringup.pem ${D}${datadir}/google-bios-key
24 ln -s -r ${D}${datadir}/google-bios-key/platforms_secure.pem ${D}${datadir}/platforms_secure.pem
25 … ln -s -r ${D}${datadir}/google-bios-key/platforms_bringup.pem ${D}${datadir}/platforms_bringup.pem
/openbmc/qemu/docs/system/
H A Dtls.rst14 provided in PEM format. Aside from the core fields, the certificates
54 # certtool --generate-privkey > ca-key.pem
67 --load-privkey ca-key.pem \
69 --outfile ca-cert.pem
74 be used for signing other keys. The generated ``ca-cert.pem`` file
76 support in the VNC server. The ``ca-key.pem`` must not be
124 # certtool --generate-privkey > server-hostNNN-key.pem
126 --load-ca-certificate ca-cert.pem \
127 --load-ca-privkey ca-key.pem \
128 --load-privkey server-hostNNN-key.pem \
[all …]
/openbmc/qemu/tests/qemu-iotests/
H A Dcommon.tls25 rm -f "${tls_dir}"/*.pem
26 rm -f "${tls_dir}"/*/*.pem
65 cat > "${tls_dir}/key.pem" <<EOF
121 --load-privkey "${tls_dir}/key.pem" \
123 --outfile "${tls_dir}/$name-cert.pem"
150 --load-ca-privkey "${tls_dir}/key.pem" \
151 --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
152 --load-privkey "${tls_dir}/key.pem" \
154 --outfile "${tls_dir}/$name/server-cert.pem"
156 ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
[all …]
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-support/xmlsec1/xmlsec1/
H A Drun-ptest13 ./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml
14 ./verify1 sign1-res.xml rsapub.pem
19 ./sign2 sign2-doc.xml rsakey.pem > sign2-res.xml
20 ./verify1 sign2-res.xml rsapub.pem
25 ./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml
26 ./verify3 sign3-res.xml ca2cert.pem cacert.pem
31 ./verify1 sign1-res.xml rsapub.pem
32 ./verify1 sign2-res.xml rsapub.pem
37 ./verify2 sign1-res.xml rsakey.pem
38 ./verify2 sign2-res.xml rsakey.pem
[all …]
/openbmc/openbmc/meta-openembedded/meta-oe/classes/
H A Dsigning.bbclass137 # signing_import_cert_chain_from_pem <role> <pem>
140 # Import a certificate *chain* from a PEM file to a role.
152 local pem="${2}"
155 cat "${pem}" | \
156 while openssl x509 -inform pem -outform der -out ${B}/temp_${i}.der; do
162 echo "imported ${pem} under role: ${role}_${i}"
167 # signing_import_cert_from_pem <role> <pem>
169 # Import a certificate from PEM file to a role. To be used
173 local pem="${2}"
176 -in "${pem}" -inform pem -outform der |
[all …]
/openbmc/docs/security/
H A DTLS-configuration.md123 openssl genrsa -out CA-key.pem 2048
131 openssl req -new -config openssl-client.cnf -key CA-key.pem -x509 -days 1000 -out CA-cert.pem
142 openssl genrsa -out client-key.pem 2048
152 openssl req -new -config openssl-client.cnf -key client-key.pem -out signingReqClient.csr
155 Sign the certificate using your `CA-cert.pem` certificate with following
159 …-days 365 -in signingReqClient.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out client-c…
162 The file `client-cert.pem` now contains a signed client certificate.
174 openssl genrsa -out server-key.pem 2048
186 openssl req -new -config openssl-server.cnf -key server-key.pem -out signingReqServer.csr
189 Sign the certificate using your `CA-cert.pem` certificate with following
[all …]
/openbmc/docs/designs/management-console/
H A DAuthorities_List_Management.md19 2. It only extracts the first certificate given a PEM encoded file with multiple
20 certs; however, Google's trust bundle file contains multiple PEM encoded
28 1. Bulk Installation: given a PEM file with multiple root certificates, it
31 2. Bulk Replacement: given a PEM file with multiple root certificates, it will
55 corresponding object in DBus, dump individual certificates into PEM files in the
57 boost's `ssl_context`) for each certificate, and finally copy the PEM file to
58 the installation path(the PEM file will have a fixed name)
68 PEM file.
71 invocation, it deletes all current authority objects, takes the input PEM, and
80 It only extracts the first certificate even if the PEM contains multiple root
/openbmc/openbmc/poky/meta/recipes-support/ca-certificates/ca-certificates/
H A D0003-update-ca-certificates-use-relative-symlinks-from-ET.patch14 passed the pem file in /etc/ssl/certs/ that was added or
15 removed in this run and those pem files are absolute
60 PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
62 -e 's/,/_/g').pem"
63 - if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
65 + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
67 - ln -sf "$CERT" "$PEM"
68 + ln -sf "${DST}" "$PEM"
69 echo "+$PEM" >> "$ADDED"
/openbmc/openbmc/meta-openembedded/meta-networking/recipes-protocols/openflow/openflow/
H A D0001-generate-not-static-get_dh-functions.patch19 @@ -113,8 +113,9 @@ lib/dhparams.c: lib/dh1024.pem lib/dh2048.pem lib/dh4096.pem
21 openssl dhparam -C -in $(srcdir)/lib/dh1024.pem -noout && \
22 openssl dhparam -C -in $(srcdir)/lib/dh2048.pem -noout && \
23 - openssl dhparam -C -in $(srcdir)/lib/dh4096.pem -noout) \
25 + openssl dhparam -C -in $(srcdir)/lib/dh4096.pem -noout) | \
/openbmc/qemu/scripts/
H A Du2f-setup-gen.py31 key_pem: The private key PEM.
32 cert_pem: The certificate PEM.
40 with open(f'{dirpath}/private-key.pem', 'bw') as f:
44 with open(f'{dirpath}/certificate.pem', 'bw') as f:
61 The private and public key PEM.
67 # PEM serialization
68 privkey_pem = privkey.private_bytes(encoding=Encoding.PEM,
71 pubkey_pem = pubkey.public_bytes(encoding=Encoding.PEM,
81 privkey_pem: The private key PEM.
82 pubkey_pem: The public key PEM.
[all …]
/openbmc/qemu/ui/
H A Dqemu-x509.h4 #define X509_CA_CERT_FILE "ca-cert.pem"
5 #define X509_CA_CRL_FILE "ca-crl.pem"
6 #define X509_SERVER_KEY_FILE "server-key.pem"
7 #define X509_SERVER_CERT_FILE "server-cert.pem"
/openbmc/openbmc/meta-security/meta-integrity/data/debug-keys/
H A DREADME.md6 - ima-local-ca.pem: The CA's self-signed certificate
7 - privkey_ima.pem: IMA & EVM private key used for signing files
8 - x509_ima.der: Certificate containing public key (of privkey_ima.pem) to verify signatures
16 openssl verify -CAfile ima-local-ca.pem x509_ima.der
/openbmc/qemu/include/crypto/
H A Dtlscredsx509.h34 #define QCRYPTO_TLS_CREDS_X509_CA_CERT "ca-cert.pem"
35 #define QCRYPTO_TLS_CREDS_X509_CA_CRL "ca-crl.pem"
36 #define QCRYPTO_TLS_CREDS_X509_SERVER_KEY "server-key.pem"
37 #define QCRYPTO_TLS_CREDS_X509_SERVER_CERT "server-cert.pem"
38 #define QCRYPTO_TLS_CREDS_X509_CLIENT_KEY "client-key.pem"
39 #define QCRYPTO_TLS_CREDS_X509_CLIENT_CERT "client-cert.pem"
/openbmc/bmcweb/scripts/
H A Dgenerate_auth_certificates.py315 "CertificateType": "PEM",
351 "CertificateType": "PEM",
390 os.path.join(certs_dir, "client-cert.pem"),
391 os.path.join(certs_dir, "client-key.pem"),
419 os.path.join(certs_dir, "upn-client-cert.pem"),
420 os.path.join(certs_dir, "upn-client-key.pem"),
478 encoding=serialization.Encoding.PEM
486 with open(os.path.join(certs_dir, "server-cert-only.pem"), "wb") as f:
490 encoding=serialization.Encoding.PEM
494 with open(os.path.join(certs_dir, "server-cert.pem"), "wb") as f:
[all …]
/openbmc/phosphor-certificate-manager/
H A Dx509_utils.cpp9 #include <openssl/pem.h>
236 std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem) in parseCert() argument
238 if (pem.size() > INT_MAX) in parseCert()
240 lg2::error("Error occurred during parseCert: PEM is too long"); in parseCert()
241 elog<InvalidCertificate>(Reason("Invalid PEM: too long")); in parseCert()
251 BIOMemPtr bioCert(BIO_new_mem_buf(pem.data(), static_cast<int>(pem.size())), in parseCert()
256 lg2::error("Error occurred during PEM_read_bio_X509 call, PEM:{PEM}", in parseCert()
257 "PEM", pem); in parseCert()
H A Dx509_utils.hpp61 /** @brief Parses PEM string into the X509 structure.
62 * @param[in] pem - PEM encoded X509 certificate buffer.
65 std::unique_ptr<X509, decltype(&::X509_free)> parseCert(const std::string& pem);
H A Dcertificate.cpp16 #include <openssl/pem.h>
84 * @brief Dumps the PEM encoded certificate to installFilePath
86 * @param[in] pem - PEM encoded X509 certificate buffer.
92 void dumpCertificate(const std::string& pem, const std::string& certFilePath) in dumpCertificate() argument
102 outputCertFileStream << pem << "\n" << std::flush; in dumpCertificate()
109 "ERR", e, "SRC_PEM", pem, "DST", certFilePath); in dumpCertificate()
257 const std::string& pem, Watch* watchPtr, in Certificate() argument
269 install(x509Store, pem, restore); in Certificate()
383 void Certificate::install(X509_STORE& x509Store, const std::string& pem, in install() argument
388 lg2::debug("Certificate install, PEM_STR:{PEM_STR}", "PEM_STR", pem); in install()
[all …]
/openbmc/openbmc/meta-security/meta-integrity/scripts/
H A Dima-gen-CA-signed.sh18 CA=${1:-ima-local-ca.pem}
45 -out csr_ima.pem -keyout privkey_ima.pem \
47 openssl x509 -req -in csr_ima.pem -days 36500 -extfile $GENKEY -extensions v3_usr \
/openbmc/openbmc/meta-security/meta-integrity/classes/
H A Dkernel-modsign.bbclass9 MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
23 > "${B}/modsign_key.pem"
30 cp modsign_key.pem $kerneldir/
/openbmc/openbmc/meta-aspeed/recipes-bsp/u-boot/
H A Du-boot-aspeed-sdk_2019.04.bb12 …file://rsa_oem_dss_key.pem;sha256sum=64a379979200d39949d3e5b0038e3fdd5548600b2f7077a17e35422336075…
13 …file://rsa_pub_oem_dss_key.pem;sha256sum=40132a694a10af2d1b094b1cb5adab4d6b4db2a35e02d848b2b6a85e6…
17 SOCSEC_SIGN_KEY ?= "${UNPACKDIR}/rsa_oem_dss_key.pem"
/openbmc/openbmc/poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/
H A Dwpa_supplicant.conf286 # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
298 # ca_path: Directory path for CA certificate files (PEM). This path may
304 # client_cert: File path to client certificate file (PEM/DER)
309 # private_key: File path to client private key file (PEM/DER/PFX)
326 # dh_file: File path to DH/DSA parameters file (in PEM format)
375 # ca_path2: Directory path for CA certificate files (PEM)
379 # dh_file2: File path to DH/DSA parameters file (in PEM format)
463 ca_cert="/etc/cert/ca.pem"
464 client_cert="/etc/cert/user.pem"
478 ca_cert="/etc/cert/ca.pem"
[all …]
/openbmc/bmcweb/redfish-core/include/generated/enums/
H A Dcertificate.hpp12 PEM, enumerator
54 {CertificateType::PEM, "PEM"},
/openbmc/openbmc/meta-hpe/meta-gxp/classes/
H A Dgxp2-bootblock-n.bbclass17 …all -m 644 ${HPE_GXP_KEY_FILES_DIR}/customer_private_key.pem ${DEPLOYDIR}/hpe-uboot-signing-key.pem

1234567