github.com/Venafi/vcert/v5@v5.10.2/aruba/features/renew/renew-with-csr-local.feature

github.com/Venafi/vcert/v5@v5.10.2/aruba/features/renew/renew-with-csr-local.feature (about)

     1  Feature: renew action with -csr local (default) option
     2  
     3    As a user
     4    I want to renew certificates that were enrolled by the app
     5    Using `-csr local` option (which is default) meaning that new private key and CSR are generated locally
     6    and then sent for signing to substitute old certificate
     7  
     8    New certificate will have different modulus in this case and the command outputs newly generated private key
     9  
    10    for TPP & Condor:
    11      - 1st it downloads current certificate using -id or -thumbprint
    12      - it constructs similar certificate request based on certificate downloaded
    13      - it overrides certificate request based on allowed command line options (like -key-size, -san-dns etc.)
    14      - then it acts like enroll: generate new key & CSR locally, pushes CSR to service side, gets new cert back, outputs key, cert, chain, pickupId
    15  
    16    Background:
    17      And the default aruba exit timeout is 180 seconds
    18  
    19    Scenario Outline: renew certificate using -id without specifying -csr option
    20      Given I enroll random certificate using <endpoint> with -no-prompt -key-file k.pem -cert-file c.pem
    21      And it should write private key to the file "k.pem"
    22      And it should write certificate to the file "c.pem"
    23      And it should output Pickup ID
    24      And I decode certificate from file "c.pem"
    25      Then I renew the certificate in <endpoint> using the same Pickup ID with flags -no-prompt -cert-file c1.pem -key-file k1.pem
    26      And it should retrieve certificate
    27      And it should write private key to the file "k1.pem"
    28      And it should write certificate to the file "c1.pem"
    29      Then private key in "k1.pem" and certificate in "c1.pem" should have the same modulus
    30      And certificate in "c.pem" and certificate in "c1.pem" should not have the same modulus
    31      And certificate in "c.pem" and certificate in "c1.pem" should not have the same serial
    32  
    33      @TPP
    34      Examples:
    35        | endpoint  |
    36        | TPP       |
    37  
    38      @VAAS
    39      Examples:
    40        | endpoint  |
    41        | Cloud     |
    42  
    43    Scenario Outline: renew certificate using -id using `-csr local`
    44      Given I enroll random certificate using <endpoint> with -no-prompt -key-file k.pem -cert-file c.pem -csr local
    45        And it should write private key to the file "k.pem"
    46        And it should write certificate to the file "c.pem"
    47        And it should output Pickup ID
    48      And I decode certificate from file "c.pem"
    49      Then I renew the certificate in <endpoint> using the same Pickup ID with flags -no-prompt -cert-file c1.pem -key-file k1.pem
    50        And it should retrieve certificate
    51        And it should write private key to the file "k1.pem"
    52        And it should write certificate to the file "c1.pem"
    53      Then private key in "k1.pem" and certificate in "c1.pem" should have the same modulus
    54      And certificate in "c.pem" and certificate in "c1.pem" should not have the same modulus
    55      And certificate in "c.pem" and certificate in "c1.pem" should not have the same serial
    56  
    57      @TPP
    58      Examples:
    59        | endpoint  |
    60        | TPP       |
    61  
    62      @VAAS
    63      Examples:
    64        | endpoint  |
    65        | Cloud     |
    66  
    67    Scenario Outline: renew certificate using -id using `-csr local` with PKCS12 flag
    68      Given I enroll random certificate with dummy password using <endpoint> with -key-file k.pem -cert-file c.pem -csr local
    69        And it should write private key to the file "k.pem"
    70        And it should write certificate to the file "c.pem"
    71        And it should output Pickup ID
    72      And I decode certificate from file "c.pem"
    73      Then I renew the certificate using a dummy password in <endpoint> using the same Pickup ID with flags -file all.p12 -format pkcs12
    74        And it should retrieve certificate
    75        And "all.p12" should be PKCS#12 archive with dummy password
    76  
    77      @TPP
    78      Examples:
    79        | endpoint  |
    80        | TPP       |
    81  
    82      @VAAS
    83      Examples:
    84        | endpoint  |
    85        | Cloud     |
    86  
    87    Scenario Outline: renew certificate using -id using `-csr local` with PKCS12 legacy flag
    88      Given I enroll random certificate with dummy password using <endpoint> with -key-file k.pem -cert-file c.pem -csr local
    89        And it should write private key to the file "k.pem"
    90        And it should write certificate to the file "c.pem"
    91        And it should output Pickup ID
    92      And I decode certificate from file "c.pem"
    93      Then I renew the certificate using a dummy password in <endpoint> using the same Pickup ID with flags -file all.p12 -format legacy-pkcs12
    94        And it should retrieve certificate
    95        And "all.p12" should be PKCS#12 archive in legacy mode with dummy password
    96  
    97      @TPP
    98      Examples:
    99        | endpoint  |
   100        | TPP       |
   101  
   102      @VAAS
   103      Examples:
   104        | endpoint  |
   105        | Cloud     |
   106  
   107      Scenario: where renewed certificate may have new  -key-size, -san-dns
   108        Given I implement that later