RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Add test for certificate created but not installed

pull/578/head
Tim Kimber 5 years ago
parent
68f04db61f
commit
0b4a8e505a
No known key found for this signature in database GPG Key ID: 3E1804964E76BD18
2 changed files with 56 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +24
    -0
      test/6-dual-rsa-ecdsa-copy-2-locations.bats
  2. +32
    -0
      test/test-config/getssl-http01-dual-rsa-ecdsa-2-locations-wrong-nginx.cfg

+ 24
- 0
test/6-dual-rsa-ecdsa-copy-2-locations.bats View File

@ -40,6 +40,8 @@ teardown() {
create_certificate
assert_success
check_output_for_errors
assert_line --partial "rsa certificate installed OK on server"
assert_line --partial "prime256v1 certificate installed OK on server"
# Check that the RSA chain and key have been copied to both locations
assert [ -e "/etc/nginx/pki/domain-chain.crt" ]
@ -53,3 +55,25 @@ teardown() {
assert [ -e "/etc/nginx/pki/private/server.ec.key" ]
assert [ -e "/root/a.${GETSSL_HOST}/server.ec.key" ]
}
@test "Create dual certificates and copy to two locations but not returned by server" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
fi
check_nginx
if [ "$OLD_NGINX" = "false" ]; then
CONFIG_FILE="getssl-http01-dual-rsa-ecdsa-2-locations-wrong-nginx.cfg"
else
skip "Skipping as old nginx servers cannot return both certificates"
fi
setup_environment
mkdir -p /root/a.${GETSSL_HOST}
init_getssl
create_certificate
assert_failure
assert_line --partial "prime256v1 certificate obtained but not installed on server"
}

+ 32
- 0
test/test-config/getssl-http01-dual-rsa-ecdsa-2-locations-wrong-nginx.cfg View File

@ -0,0 +1,32 @@
# Test that more than one location can be specified for CERT and KEY locations and that the
# files are copied to both locations when both RSA and ECDSA certificates are created
#
CA="https://pebble:14000/dir"
DUAL_RSA_ECDSA="true"
ACCOUNT_KEY_TYPE="prime256v1"
PRIVATE_KEY_ALG="prime256v1"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS="a.${GETSSL_HOST}"
# Acme Challenge Location.
ACL=('/var/www/html/.well-known/acme-challenge')
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key;/root/a.${GETSSL_HOST}/server.key"
CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
DOMAIN_CHAIN_LOCATION="/etc/nginx/pki/domain-chain.crt;/root/a.${GETSSL_HOST}/domain-chain.crt" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx"
# Define the server type and confirm correct certificate is installed
SERVER_TYPE="https"
CHECK_REMOTE="true"

Write Preview
Loading…
Cancel
Save