github.com/nats-io/nats-server/v2@v2.11.0-preview.2/test/configs/certs/tlsauth/certstore/pkcs12.md

github.com/nats-io/nats-server/v2@v2.11.0-preview.2/test/configs/certs/tlsauth/certstore/pkcs12.md (about)

     1  # PKCS12 Files
     2  
     3  Refresh PKCS12 files when test certificates and keys (PEM files) are refreshed (e.g. expiry workflow)
     4  
     5  - `client.p12` is a p12/pfx packaging of `client.pem` and `client-key.pem`
     6  
     7  `openssl pkcs12 -export -inkey ./client-key.pem -in ./client.pem -out client.p12`
     8  
     9  To add the CA, use the following:
    10  
    11  `openssl pkcs12 -export -nokeys -in ..\ca.pem -out ca.p12`
    12  
    13  > Note: set the PKCS12 bundle password to `s3cr3t` as required by provisioning scripts
    14  
    15  ## Cert Store Provisioning Scripts
    16  
    17  Windows cert store supports p12/pfx bundle for certificate-with-key import.  Windows cert store tests will execute 
    18  a Powershell script to import relevant PKCS12 bundle into the Windows store before the test. Equivalent to:
    19  
    20  `powershell.exe -command "& '..\test\configs\certs\tlsauth\certstore\import-<client,server>-p12.ps1'"`
    21  
    22  The `delete-cert-from-store.ps1` script deletes imported certificates from the Windows store (if present) that can
    23  cause side-effects and impact the validity of different use tests.
    24  
    25  > Note: Tests are configured for "current user" store context. Execute tests with appropriate Windows permissions
    26  > (e.g. as Admin) if adding tests with "local machine" store context specified.