Skip to content

Commit c2eebe0

Browse files
andrewleechdpgeorge
andrewleech
authored and
dpgeorge
committed
tests/README: Update instructions for key/cert pair usage on device.
Signed-off-by: Andrew Leech <[email protected]>
1 parent 338df1a commit c2eebe0

File tree

1 file changed

+18
-7
lines changed

1 file changed

+18
-7
lines changed

tests/README.md

+18-7
Original file line numberDiff line numberDiff line change
@@ -177,11 +177,21 @@ internal_bench/bytebuf:
177177

178178
## Test key/certificates
179179

180-
SSL/TLS tests in `multi_net` and `net_inet` use a
181-
self-signed key/cert pair that is randomly generated and to be used for
182-
testing/demonstration only. You should always generate your own key/cert.
180+
SSL/TLS tests in `multi_net` and `net_inet` use self-signed key/cert pairs
181+
that are randomly generated to be used for testing/demonstration only.
183182

184-
To generate a new self-signed RSA key/cert pair with openssl do:
183+
To run tests on-device the `.der` files should be copied and the current time
184+
set to ensure certs validity. This can be done with:
185+
```
186+
$ mpremote rtc --set cp multi_net/*.der net_inet/*.der :
187+
```
188+
189+
### Generating new test key/certificates
190+
191+
The keys used for the unit tests are included in the tests folders so don't generally
192+
need to be re-created by end users. This section is included here for reference only.
193+
194+
A new self-signed RSA key/cert pair can be created with openssl:
185195
```
186196
$ openssl req -x509 -newkey rsa:2048 -keyout rsa_key.pem -out rsa_cert.pem -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
187197
```
@@ -193,8 +203,9 @@ $ openssl pkey -in rsa_key.pem -out rsa_key.der -outform DER
193203
$ openssl x509 -in rsa_cert.pem -out rsa_cert.der -outform DER
194204
```
195205

196-
To test elliptic curve key/cert pairs, create a key then a certificate using:
206+
For elliptic curve tests using key/cert pairs, create a key then a certificate using:
197207
```
198-
$ openssl ecparam -name prime256v1 -genkey -noout -out ec_key.der -outform DER
199-
$ openssl req -new -x509 -key ec_key.der -out ec_cert.der -outform DER -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
208+
$ openssl ecparam -name prime256v1 -genkey -noout -out ec_key.pem
209+
$ openssl x509 -in ec_key.pem -out ec_key.der -outform DER
210+
$ openssl req -new -x509 -key ec_key.pem -out ec_cert.der -outform DER -days 365 -nodes -subj '/CN=micropython.local/O=MicroPython/C=AU'
200211
```

0 commit comments

Comments
 (0)