Closed mickae1 closed 1 year ago
I found the option : -use_mock_srv
Do you have an example of this?
I dont see the support of the psk with the mock server
Hi, yes, you can use the CMP mock server that comes with OpenSSL. Yet note that it is very primitive and for instance returns always the same (preconfigured) certificate.
As can be seen on the man page,
it supports MAC-based message protection with a pre-shared secrect using the -srv_secret
option.
You can run the CMP client in internal connection with the mock server for instance like this:
openssl cmp -config "" -use_mock_srv \
-srv_secret pass:1234 -srv_ref xyz -rsp_cert test/certs/ee-cert.pem \
-secret pass:1234 -ref xyz -cmd ir -newkey test/certs/ee-key.pem \
-subject "/CN=any" -certout test.cert.pem
Usage examples could also be taken from the HTTP-based CMP tests within OpenSSL and its mock server configuration file. Here is a simple example for connecting the mock server via HTTP on your local machine:
openssl cmp -port 8080 -srv_secret pass:1234 -srv_ref xyz -rsp_cert test/certs/ee-cert.pem
openssl cmp -server localhost:8080 -secret pass:1234 -ref xyz -cmd ir -newkey test/certs/ee-key.pem -subject "/CN=any" -certout test.cert.pem
As written on the man page, you can also use the Insta demo CA, e.g.:
openssl cmp -config apps/openssl.cnf -section insta
-trusted apps/insta.ca.crt -out_trusted apps/insta.ca.crt \
-cmd cr -newkey test/certs/ee-key.pem \
-certout test.cert.pem -extracertsout test.extracerts.pem
or without using the pre-defined configration file:
openssl cmp -server pki.certificate.fi:8700/pkix/ -recipient "/C=FI/O=Insta Demo/CN=Insta Demo CA" \
-secret pass:insta -ref 3078 \
-cmd cr -newkey test/certs/ee-key.pem -subject "/CN=test" -certout test.cert.pem
If you have follow-up questions or problems using the test/demo servers, you can state them here, otherwise please close this issue when you consider it resolved.
Looks like this can be closed as answered.
Hi, I would like to know if you have a server that is easy to configure to test the protocol cmpv2.
Thanks you.