X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=test%2Fcerts%2Fsetup.sh;h=bd0b66394486457694e8b7df7be87ddedfdf72a2;hb=4d9e8c95544d7a86765e6a46951dbe17b801875a;hp=53d4a807a7fb791f5ba297c867ee004c4e5be8c9;hpb=83c81eebed52aa84b6b34d26e984c859158ca1c0;p=oweals%2Fopenssl.git

diff --git a/test/certs/setup.sh b/test/certs/setup.sh
index 53d4a807a7..bd0b663944 100755
--- a/test/certs/setup.sh
+++ b/test/certs/setup.sh
@@ -369,3 +369,12 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \
 OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \
     "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \
     server-ecdsa-brainpoolP256r1-cert rootkey rootcert
+
+openssl req -new -nodes -subj "/CN=localhost" \
+    -newkey rsa-pss -keyout server-pss-restrict-key.pem \
+    -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \
+    ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \
+    server-pss-restrict-cert rootkey rootcert
+
+# CT entry
+./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key