Development¶
Setup demo¶
You can set up a demo using fab init_demo
. First create a minimal
localsettings.py
file (in ca/ca/localsettings.py
):
DEBUG = True
SECRET_KEY = "whatever"
And then simply run fab init_demo
from the root directory of your project.
Run test-suite¶
To run the test-suite, simply execute:
python setup.py test
... or just run some of the tests:
python setup.py test --suite=tests_command_dump_crl
To generate a coverate report:
python setup.py coverage
Useful OpenSSL commands¶
CRLs¶
Convert a CRL to text on stdout:
openssl crl -inform der -in sfsca.crl -noout -text
Convert a CRL to PEM to a file:
openssl crl -inform der -in sfsca.crl -outform pem -out test.pem
Verify a certificate using a CRL:
openssl verify -CAfile files/ca_crl.pem -crl_check cert.pem
OCSP¶
Run a OCSP responder:
openssl ocsp -index files/ocsp_index.txt -port 8888 \
-rsigner files/localhost.pem -rkey files/localhost.key \
-CA ca.pem -text
Verify a certificate using OCSP:
openssl ocsp -CAfile ca.pem -issuer ca.pem -cert cert.pem \
-url http://localhost:8888 -resp_text
Development webserver via SSL¶
To test a certificate in your webserver, first install the root certificate
authority in your browser, then run stunnel4
and manage.py runserver
in
two separate shells:
stunnel4
HTTPS=1 python manage.py runserver 8001
Then visit https://localhost:8443.