Skip to content

Commit

Permalink
Add rsa4096 subdomain. Closes #337.
Browse files Browse the repository at this point in the history
  • Loading branch information
lgarron committed Apr 21, 2018
1 parent 0b1b3a2 commit 9ca20c0
Show file tree
Hide file tree
Showing 6 changed files with 123 additions and 0 deletions.
11 changes: 11 additions & 0 deletions certs/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,17 @@ CHAINS_PROD += $(O)/gen/chain/wildcard-rsa8192.pem
$(O)/gen/chain/wildcard-rsa8192.pem: $(O)/gen/crt/wildcard-rsa8192.crt $(O)/gen/crt/ca-intermediate.crt
./tool chain $@ $(D) $^

################################
$(O)/gen/key/leaf-rsa4096.key:
./tool gen-key $@ $(D) 4096
$(O)/gen/csr/wildcard-rsa4096.csr: src/conf/wildcard.conf $(O)/gen/key/leaf-rsa4096.key
./tool gen-csr $@ $(D) $^
$(O)/gen/crt/wildcard-rsa4096.crt: src/conf/wildcard.conf $(O)/gen/csr/wildcard-rsa4096.csr $(O)/gen/key/ca-intermediate.key $(O)/gen/crt/ca-intermediate.crt
./tool sign $@ $(D) $(SIGN_LEAF_DEFAULTS) $^
CHAINS_PROD += $(O)/gen/chain/wildcard-rsa4096.pem
$(O)/gen/chain/wildcard-rsa4096.pem: $(O)/gen/crt/wildcard-rsa4096.crt $(O)/gen/crt/ca-intermediate.crt
./tool chain $@ $(D) $^

################################
$(O)/gen/key/leaf-ecc256.key:
./tool gen-ecckey $@ $(D) prime256v1
Expand Down
70 changes: 70 additions & 0 deletions certs/sets/prod/pregen/chain/wildcard-rsa4096.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
-----BEGIN CERTIFICATE-----
MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg
U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83
nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd
KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f
/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX
kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0
/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C
AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6
Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1
oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD
QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh
xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl
5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA
8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC
2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit
c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0
j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIHoTCCBomgAwIBAgIQAQ0UXdUddO/h3TOZxAN3RTANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgwNDIwMDAwMDAwWhcN
MjAwNDI0MTIwMDAwWjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
YTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRUwEwYDVQQKEwxMdWNhcyBHYXJyb24x
FTATBgNVBAMMDCouYmFkc3NsLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBALT8CTWQ0QjO7l2uXVbpA3IuiKLvoOikadGypzzalLPhK0oLUufqSVU8
UwoqJA2YaS+Dl5RcJfIpZKW2ews1Q0d6TAjlMnhYAJfF4uGf1rYCP6XvEm5V4gPL
fnXh6IoCTK2g2H3pz5QjUjVZm0Uhl2/hkpelHb9976zhZhzOOJBqvgyYJ4zhiQ/0
HIL4/4C/fCYdtRROl5Vbf+cM4wU4J+pqkoWUwGGiAgjBEWCaDcG+y8x2ps5/Ttod
FZDPfkQzPvl/14u5cTAPayGHdPKQD7IfexHZntqi3frobumhc37m/Xx9UW9HMlIR
z2bU24iwXvmoLTrgGQdigP497A31OtmgYRMzRLkQgQd/5b5n/zIiJfxHFDbPLTwP
iJBuinElHgfG15pyEmj3Bt0sLgNxKwBgHcVE87fYHxQ+WgQc30uQORAYpGmoWBJH
VAMco/AzJTl2aWbTMMka2aaFPzonhquJ2FPHDrKRuOz1INLymVyobASfImUUrPzK
BhRiyWuydF+Bdavk3w1NiIfTI7rICpfD8AzP8tBh8qRodUeoC/GcbsfoIQTtgW34
i0DJ6Nn+IWNCQQkqrfFPCPh9anpIGj+2nShlpIlhPQHbo4KvOe/4NlNh/eZdiLkT
THIF4ghC0T7reqo2hzJmt9GbZ5Aj3IKvyLR1Zt8NIQ9jP/6EmHC3AgMBAAGjggNh
MIIDXTAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQU
YCPJw569dyZ7woLqVx+j2ya1ksswIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpi
YWRzc2wuY29tMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQu
Y29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0
LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCow
KAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQIDMHwGCCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln
aWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j
b20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAw
ggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AKS5CZC0GFgUh7sTosxncAo8NZgE
+RvfuON3zQ7IDdwQAAABYuVr0/YAAAQDAEcwRQIgbAIBYdIx0SbSvF5eyRKmzFg3
0TbAA7ahziTFSnFjGwcCIQDnGQkFwvurnb/U05g5u035ndpfg+uTF3plS0W4aoxl
ewB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABYuVr1TsAAAQD
AEcwRQIgKuhDIfsyclCe+ywbalql5ZP+tKGD94QWxK7qiRnBsCsCIQCbWm6kZhSr
B/56bORtB32sPVrGbQO6Xg/864noQ3LWBgB2ALvZ37wfinG1k5Qjl6qSe0c4V5UK
q1LoGpCWZDaOHtGFAAABYuVr1BEAAAQDAEcwRQIgeO7CYN+fqTbCeafifWQu5Rrd
meUU5oqj371NC8KUD84CIQCU09EPYMODcylGKSNlwMVRvCgCQVto2s1WxywoqzZ6
njANBgkqhkiG9w0BAQsFAAOCAQEAnMD35hF6k/tVxf2cMcfnuVMh6kbGAUDd7RF2
DcwKaoGxQehkXGFkDvq6siGh4Yv4Xt+aV/eTn9ORigNJ0RQkFxGbyhUkiyilYl/G
Kd/4ZWLBS66+s7ve3eBgwuufZ0Y29Yu4R9eUoplZyQRLRKOrdDhBPbQj00s3qbg2
2q/JnP8TKzlfsb1EoWd4sXnbwUMi84qTbpwwV271bYWL62EtFicFDOj/zI4z/Gtl
nIHlSc8awxUabPPNN05f0xmd1KALDxJ3jaqqvBaTUrjZQwP2vkUBs2H97GhTGnby
tXWRXPnr/JlvyEcnyKVwaAGxUksTf5wIgFWXFUsNTa++34uB1g==
-----END CERTIFICATE-----
19 changes: 19 additions & 0 deletions domains/cert/rsa4096.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
---
server {
listen 80;
server_name rsa4096.{{ site.domain }};

return 301 https://$server_name$request_uri;
}

server {
listen 443;
server_name rsa4096.{{ site.domain }};

include {{ site.serving-path }}/nginx-includes/wildcard-rsa4096.conf;
include {{ site.serving-path }}/nginx-includes/tls-defaults.conf;
include {{ site.serving-path }}/common/common.conf;

root {{ site.serving-path }}/domains/cert/rsa4096;
}
16 changes: 16 additions & 0 deletions domains/cert/rsa4096/index.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
subdomain: rsa4096
layout: page
favicon: green
background: green
---

<div id="content">
<h1 style="font-size: 8vw;">
{{ page.subdomain }}.{{ site.domain }}
</h1>
</div>

<div id="footer" style="font-size: 2.75vw;">
This site uses a 4096-bit RSA key for key exchange.
</div>
1 change: 1 addition & 0 deletions domains/misc/badssl.com/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ <h2 id="certificate"><span class="emoji">🎫</span>Certificate</h2>
<a href="https://ecc384.{{ site.domain }}/" class="good"><span class="icon"></span>ecc384</a>
<hr>
<a href="https://rsa2048.{{ site.domain }}/" class="good"><span class="icon"></span>rsa2048</a>
<a href="https://rsa4096.{{ site.domain }}/" class="good"><span class="icon"></span>rsa4096</a>
<a href="https://rsa8192.{{ site.domain }}/" class="dubious"><span class="icon"></span>rsa8192</a>
<hr>
<a href="https://extended-validation.{{ site.domain }}/" class="good"><span class="icon"></span>extended-validation</a>
Expand Down
6 changes: 6 additions & 0 deletions nginx-includes/wildcard-rsa4096.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
---

ssl on;
ssl_certificate {{ site.cert-path }}/wildcard-rsa4096.pem;
ssl_certificate_key /etc/keys/leaf-rsa4096.key;

0 comments on commit 9ca20c0

Please sign in to comment.