From c11c7e3bbdd9db5c21c347c5a861e556ab742675 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 30 Sep 2022 23:56:59 -0600
Subject: [PATCH] rename user cert and add renew script

---
 keys/ca-cert-ecc.der                | Bin 664 -> 810 bytes
 keys/ca-cert-ecc.pem                |  52 +++++++++++++------------
 keys/fred-cert.der                  | Bin 0 -> 805 bytes
 keys/fred-cert.pem                  |  55 +++++++++++++++++++++++++++
 keys/{john-key.der => fred-key.der} | Bin
 keys/{john-key.pem => fred-key.pem} |   0
 keys/john-cert.der                  | Bin 591 -> 0 bytes
 keys/john-cert.pem                  |  15 --------
 keys/renewcerts.cnf                 |  57 ++++++++++++++++++++++++++++
 keys/renewcerts.sh                  |  19 ++++++++++
 keys/server-cert.der                | Bin 676 -> 798 bytes
 keys/server-cert.pem                |  56 +++++++++++++--------------
 12 files changed, 186 insertions(+), 68 deletions(-)
 create mode 100644 keys/fred-cert.der
 create mode 100644 keys/fred-cert.pem
 rename keys/{john-key.der => fred-key.der} (100%)
 rename keys/{john-key.pem => fred-key.pem} (100%)
 delete mode 100644 keys/john-cert.der
 delete mode 100644 keys/john-cert.pem
 create mode 100644 keys/renewcerts.cnf
 create mode 100755 keys/renewcerts.sh

diff --git a/keys/ca-cert-ecc.der b/keys/ca-cert-ecc.der
index e3c0c8e79e2a48cc6c465aec3de9ac102a7b62c8..e79d644cfe01fdfb2a37a54077ab0285a6bc57b6 100644
GIT binary patch
delta 338
zcmbQix{6KSpov+{po!_s0%j&gCMHHU11>fWtu~Kywk*s{28~lEzA1N<HIQcG1d6qN
z=Vjz%6yr-ybV#j8%q_@C)l1ILHINhMH8L_ZFfcSQH8n9Yi4x~EHZrg@vVd|ShDhNy
zWO6-YLU0o!r$G}VtAQ*VbEqsIix`VYSl_I}ADr$<>~syy`#JgitHYm{DjGB%0?8}0
zH10BJ+}?my&BDgnOB!cDY*oZ<E6C|hjBJyYnDjh77z|vQ6eRYP{Jp96>Fc4-U(e38
znA=+0oqpnLpjTAKHv2@2?D>LBiVPp8a+qkl8%^#J@b><jr}W9gI<~9CO{Lc0b*d=a
H6N?7`4!w1O

delta 280
zcmZ3*HiOm3powV;5L+)`W@2Pw64BhReRh9nh-d5OOuvV%=9O}dKMxsjv2kd%d7QIl
zVP-ODoIX*$+*#g0mW>lA*7lv3k&{tOATuv5-=RD|C#|?RM=v=)*Fa93*T~4g$k5c#
z$kf2dBnrqiF$4h!7h;SIK4T_lFeWf38zfFX&#0gv&&C`otIQ%{Al4uf);H_$2d8@y
zJ6%Kbeoj9B>hR~Kijy}p>3O&_7`QMgRJ`?(S+2X;lv~zqvAH347pvt74Z{f2k2Ah|
t7aj0_R?nos^odj3>Y>@B{SjHrLb{dD_OiJq?&Pz4IOoF(J#M+4O#lZ4Tx<XU

diff --git a/keys/ca-cert-ecc.pem b/keys/ca-cert-ecc.pem
index 1d0148d..bcea86d 100644
--- a/keys/ca-cert-ecc.pem
+++ b/keys/ca-cert-ecc.pem
@@ -1,14 +1,13 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            29:bf:2b:cd:bf:55:54:49:85:b3:69:4e:e1:85:37:79:1e:81:f9:c2
+        Serial Number: 6 (0x6)
         Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = ca@example.com
         Validity
-            Not Before: Feb 15 12:50:24 2022 GMT
-            Not After : Nov 11 12:50:24 2024 GMT
-        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Oct  1 05:54:44 2022 GMT
+            Not After : Sep 28 05:54:44 2032 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = ca@example.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
@@ -25,29 +24,34 @@ Certificate:
                 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
             X509v3 Authority Key Identifier: 
                 keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+                DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=ca@example.com
+                serial:06
 
             X509v3 Basic Constraints: critical
                 CA:TRUE
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:78:ed:4c:1c:a7:2d:b3:35:0b:1d:46:a3:37:31:
-         0b:8a:05:39:c8:28:31:58:35:f1:98:f7:4b:72:c0:4f:e6:7f:
-         02:20:02:f2:09:2b:3a:e1:36:92:bf:58:6a:03:12:2d:79:e6:
-         bd:06:45:61:b9:0e:39:e1:9c:f0:a8:2e:0b:1e:8c:b2
+         30:45:02:20:18:bc:74:fd:d9:26:f2:f5:c2:f3:f5:cd:99:38:
+         9d:85:7d:8b:67:c8:f5:51:4a:5a:88:b6:3f:61:38:6b:9f:11:
+         02:21:00:f1:95:08:34:2b:47:32:93:8c:10:4b:4b:fd:6e:22:
+         f2:48:3b:5d:8a:74:46:24:7d:30:eb:65:15:06:e4:38:e0
 -----BEGIN CERTIFICATE-----
-MIIClDCCAjugAwIBAgIUKb8rzb9VVEmFs2lO4YU3eR6B+cIwCgYIKoZIzj0EAwIw
-gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
-ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
-MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZcxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
-MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
-AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
-Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
-KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
-MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
-msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMAoGCCqGSM49BAMCA0cAMEQCIHjtTBynLbM1Cx1GozcxC4oFOcgoMVg18Zj3
-S3LAT+Z/AiAC8gkrOuE2kr9YagMSLXnmvQZFYbkOOeGc8KguCx6Msg==
+MIIDJjCCAsygAwIBAgIBBjAKBggqhkjOPQQDAjCBlTELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
+bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIyMTAwMTA1
+NTQ0NFoXDTMyMDkyODA1NTQ0NFowgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApX
+YXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQw
+EgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5jYUBleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABALT2W7WAY5FyLmQMeXATOOerSk4mLoQ1ukJKoCpLhcquYq/M4NG45UL
+5HdAtTtDRTMPYVN8N0TBy/yAyuhD6qejggEJMIIBBTAdBgNVHQ4EFgQUVo6aw/BC
+3hi5RVVu+ZPP6sPzpSEwgcIGA1UdIwSBujCBt4AUVo6aw/BC3hi5RVVu+ZPP6sPz
+pSGhgZukgZgwgZUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAw
+DgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZl
+bG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR0wGwYJKoZIhvcNAQkB
+Fg5jYUBleGFtcGxlLmNvbYIBBjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBhjAKBggqhkjOPQQDAgNIADBFAiAYvHT92Sby9cLz9c2ZOJ2FfYtnyPVRSlqI
+tj9hOGufEQIhAPGVCDQrRzKTjBBLS/1uIvJIO12KdEYkfTDrZRUG5Djg
 -----END CERTIFICATE-----
diff --git a/keys/fred-cert.der b/keys/fred-cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..b354f05db34e2e42e1f95a9064cfe13970a147bb
GIT binary patch
literal 805
zcmXqLVpcS0VmiKnnTe5!iILrai;Y98&EuRc3p0~J<5WX#15P&PP!={}rqEzRVFN)B
zhl7VJJh3<<GcUa)KhIFWfDa_d&chy@npjejlL`~z;$bh(&q)go_AwMO5CW;;=HYfp
zElbVGFUU>JD>0NX5Ce%a^YE9Km+OJl78mE}CFkcF${I+saRQyu_MMlJlTnN>Ing1t
zA~ClhClw@ZAScdiWMpVyU}#`!YGPs%CC+PXWMFAz0p%JrcA&Z&>In`Wrf^4?>yX?F
zbsZNEH`Kifo_WbQ+{|mh4RJGzTTyC?p}c`CvO@*ZfPyGajWiHuV+RK)6C*TanHkxc
zofuez?ucC!Z(PRofnRXKZll&TzA}cSHLD))RFlzqr19hKjY|6iOmP=49{p#N{8fIP
zuy^LE7jM6q?MiyE@Pvebcj&{#O^kvDO^m!i7chs)^0A1qh|F2foc8qt%O9owJ_R)g
zcgAzqs(K9?4}s*BSsHg4G;VJY3G176_=D3uiJh*Yc|Rwge|7ltQpJUhvzIi^7_8CV
z#K>l#4)TK_i-LjN0vR?gZ8k<0#wK$SCgufvJUqx@j+}g%Js1pJnG_lBP2Fu3a=0<?
zQ|B%HndZ+Og!ehbOm5*f(`&fa_4RQU50gS@w$+KZ=PqiBZZ%T0S<1Jkh2!?(_Xm$2
Nu9Rm#d0_X3uK=>^=Y{|P

literal 0
HcmV?d00001

diff --git a/keys/fred-cert.pem b/keys/fred-cert.pem
new file mode 100644
index 0000000..21998f9
--- /dev/null
+++ b/keys/fred-cert.pem
@@ -0,0 +1,55 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = ca@example.com
+        Validity
+            Not Before: Oct  1 05:54:44 2022 GMT
+            Not After : Sep 28 05:54:44 2032 GMT
+        Subject: C = US, ST = WA, L = Seattle, O = wolfSSL Inc, OU = Development, CN = Fred, emailAddress = fred@example.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:12:dc:16:d1:17:81:a6:02:f0:0f:11:90:bb:32:
+                    85:66:0e:76:00:62:ac:aa:e3:b9:26:1c:2a:e2:28:
+                    f8:dd:d8:79:3f:c0:02:5e:d1:d1:c5:fe:3c:63:f5:
+                    1f:ae:13:4b:69:ca:e8:ed:f4:36:ba:62:e0:a1:c8:
+                    18:10:4b:55:e1
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                9C:AF:03:66:F5:F0:04:FC:22:8F:8E:20:26:40:47:01:CE:D6:7A:8D
+            X509v3 Authority Key Identifier: 
+                keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+                DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=ca@example.com
+                serial:06
+
+            X509v3 Subject Alternative Name: 
+                othername:<unsupported>
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:21:00:de:95:bb:3a:54:c3:81:6e:f2:89:da:2f:99:
+         37:e7:40:13:be:40:5c:93:84:0f:36:2e:80:d6:8a:f5:e3:6a:
+         0c:02:20:55:6b:3a:c8:ed:ce:d1:29:15:b5:32:21:3c:a5:0e:
+         bc:84:08:db:a3:ef:c1:c5:c3:79:1f:07:c9:c0:bb:b0:f5
+-----BEGIN CERTIFICATE-----
+MIIDITCCAsegAwIBAgIBBzAKBggqhkjOPQQDAjCBlTELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
+bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIyMTAwMTA1
+NTQ0NFoXDTMyMDkyODA1NTQ0NFowgYgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJX
+QTEQMA4GA1UEBwwHU2VhdHRsZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDASBgNV
+BAsMC0RldmVsb3BtZW50MQ0wCwYDVQQDDARGcmVkMR8wHQYJKoZIhvcNAQkBFhBm
+cmVkQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEtwW0ReB
+pgLwDxGQuzKFZg52AGKsquO5Jhwq4ij43dh5P8ACXtHRxf48Y/UfrhNLacro7fQ2
+umLgocgYEEtV4aOCAREwggENMB0GA1UdDgQWBBScrwNm9fAE/CKPjiAmQEcBztZ6
+jTCBwgYDVR0jBIG6MIG3gBRWjprD8ELeGLlFVW75k8/qw/OlIaGBm6SBmDCBlTEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0
+bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYD
+VQQDDA93d3cud29sZnNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUu
+Y29tggEGMCcGA1UdEQQgMB6gHAYKKwYBBAGCNxQCA6AODAxmcmVkQGV4YW1wbGUw
+CgYIKoZIzj0EAwIDSAAwRQIhAN6VuzpUw4Fu8onaL5k350ATvkBck4QPNi6A1or1
+42oMAiBVazrI7c7RKRW1MiE8pQ68hAjbo+/BxcN5HwfJwLuw9Q==
+-----END CERTIFICATE-----
diff --git a/keys/john-key.der b/keys/fred-key.der
similarity index 100%
rename from keys/john-key.der
rename to keys/fred-key.der
diff --git a/keys/john-key.pem b/keys/fred-key.pem
similarity index 100%
rename from keys/john-key.pem
rename to keys/fred-key.pem
diff --git a/keys/john-cert.der b/keys/john-cert.der
deleted file mode 100644
index a5fc4944ba8988de64d8fd960edf427b84509fb1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 591
zcmXqLV)8a<V*I#(nTe5!Ng#;tFNgQ!>`w>d&#P>j_DtM>i;Y98&EuRc3p0~J<8(uA
z15P&PP!={}rqEzRVFN)Bhl7VJJh3<<GcUa)KhIFWfDa_d&chy@npjejlL`~z;$bh(
z&q)go_AwMO5CW;;=HYfpElbVGFUU>JD>0NX5Ce%a^YE9Km+OJl78mE}CFkcF${WbC
zaRQyu_MMlJlTl0{GcPUQ0ZD;@k_5kzfe{Fq85tQG85>7|1&j^M4UM1z28|O@T@UpN
z2M<%YBg~CRu7<jii-#NPY6Z`{WE?IRGZ2BeoYyNqBTpeXF|8;uFEty(-C00c6n94&
z2(z(+!<UH>8qmy)?95IKEJAn0E{ZoUWBR}^IAOO@YZ_k}L(-a6k9VrcXg$*SarZ{0
z{Q;)9ix-dnvq}CczfRaY^VEyCU(9wTJy>``Lclxp;bLHz8At<NB`e4R^h%=uhTTXp
z%k05m;L4=Pu<h8SW|;=YoRhywmh66-9&T@TE$QdB8ng8xSF}oJG{-V2_}d4>^=YJY
d8cY{iYJBHG-ciN&`+<#h{s9i{iUxjX3IPE!tM&i@

diff --git a/keys/john-cert.pem b/keys/john-cert.pem
deleted file mode 100644
index 31a286c..0000000
--- a/keys/john-cert.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICSzCCAfGgAwIBAgIQUg79CEuTa/LBX88kspbmFzAKBggqhkjOPQQDAjCBlzEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0
-bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYD
-VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz
-bC5jb20wIhgPMjAyMjAyMjYyMjEyMzNaGA8yMDIzMDcxMjIyMTIzM1owgZExCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEUMBIGA1UE
-CgwLd29sZlNTTCBJbmMxFDASBgNVBAsMC0RldmVsb3BtZW50MRYwFAYDVQQDDA1K
-b2huIFNhZnJhbmVrMR8wHQYJKoZIhvcNAQkBFhBqb2huQHdvbGZzc2wuY29tMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEtwW0ReBpgLwDxGQuzKFZg52AGKsquO5
-Jhwq4ij43dh5P8ACXtHRxf48Y/UfrhNLacro7fQ2umLgocgYEEtV4aMfMB0wGwYD
-VR0RBBQwEoEQam9obkB3b2xmc3NsLmNvbTAKBggqhkjOPQQDAgNIADBFAiEAtsaS
-gxyAAWzJ+nSku+VnVz821mL5tnw2rxTUKnWYg10CIE8/UF6OKGcJMJcUpTPc4G7F
-IYffUYF+T1BAhyEwTsxx
------END CERTIFICATE-----
diff --git a/keys/renewcerts.cnf b/keys/renewcerts.cnf
new file mode 100644
index 0000000..e674688
--- /dev/null
+++ b/keys/renewcerts.cnf
@@ -0,0 +1,57 @@
+HOME        = .
+RANDFILE    = $ENV::HOME/.rnd
+
+[ ca ]
+default_ca  = CA_default        # The default ca section
+
+[ CA_default ]
+dir      = $HOME
+database = $dir/index.txt # database index file.
+certs    = $dir/
+new_certs_dir = $dir/
+certificate   = $dir/ca-cert-ecc.pem
+serial        = $dir/serial
+default_md    = default
+policy        = policy_match
+email_in_dn   = no
+RANDFILE      = $dir/.rand
+
+# For the CA policy
+[ policy_match ]
+countryName             = match
+stateOrProvinceName     = supplied
+organizationName        = supplied
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ req ]
+x509_extensions = v3_ca  # The extensions to add to the self signed cert
+distinguished_name = req_distinguished_name
+prompt = no
+
+# Extensions for a typical CA
+[ v3_ca ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = critical,CA:true
+keyUsage = critical, digitalSignature, keyCertSign, cRLSign
+
+# Extensions for fred cert
+[ v3_fred ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+subjectAltName = @fred_altnames
+
+[ fred_altnames ]
+otherName = msUPN;UTF8:fred@example
+
+# Extensions for server cert
+[ v3_server ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+subjectAltName = DNS:example, IP:127.0.0.1
+
+
+[ req_distinguished_name ]
+
diff --git a/keys/renewcerts.sh b/keys/renewcerts.sh
new file mode 100755
index 0000000..2aadb71
--- /dev/null
+++ b/keys/renewcerts.sh
@@ -0,0 +1,19 @@
+touch index.txt
+
+# renew CA
+openssl req -subj '/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=ca@example.com' -key ca-key-ecc.pem -text -out ca-cert-ecc.pem -config renewcerts.cnf -new -nodes -x509 -extensions v3_ca -days 3650 -set_serial 6
+openssl x509 -in ca-cert-ecc.pem -outform DER -out ca-cert-ecc.der
+
+# renew fred-cert
+openssl req -subj '/C=US/ST=WA/L=Seattle/O=wolfSSL Inc/OU=Development/CN=Fred/emailAddress=fred@example.com' -key fred-key.pem -out fred-cert.csr -config renewcerts.cnf -new -nodes
+
+openssl x509 -req -in fred-cert.csr -days 3650 -extfile renewcerts.cnf -extensions v3_fred -CA ca-cert-ecc.pem -CAkey ca-key-ecc.pem -text -out fred-cert.pem -set_serial 7
+openssl x509 -in fred-cert.pem -outform DER -out fred-cert.der
+
+# renew server-cert
+openssl req -subj '/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=server@example.com' -key server-key.pem -out server-cert.csr -config renewcerts.cnf -new -nodes
+
+openssl x509 -req -in server-cert.csr -days 3650 -extfile renewcerts.cnf -extensions v3_server -CA ca-cert-ecc.pem -CAkey ca-key-ecc.pem -text -out server-cert.pem -set_serial 8
+openssl x509 -in server-cert.pem -outform DER -out server-cert.der
+
+rm index.*
diff --git a/keys/server-cert.der b/keys/server-cert.der
index fcecf41af7e84d7aab360f626df2d1370cf75eb5..16fee2e94a0f5a551a5fb3870f220477b2032d4d 100644
GIT binary patch
delta 353
zcmZ3&I*(1>pov+^po!_g0%j&gCMHG>11>fWtu~Kywk*s{28~lE%9lIJ8c4Ho0>#?C
z^D=TWit!~UI;2)4<`(3n>Lusr8pw(B8W|ZH7#JFunwprHM2Yhn8yQ#{SwOi4jT0xz
z+fSBYG>}s?kViI1s5rH#EVT$`*yI$(1hytdMuWzGlTR`#=rkT;V-A&7W@+4I(73%p
zB&=`N;SWytBzC%n=KY*}{?*~nOBEM3&R)_u1LDkj{LXA*WHXQe87RmiXu#jZ4)sAh
zOFaVvBeJKNJs1pJnG~FEESUOym0$ATfV}LVGbZe_bqUUpPP?nLSg5>UO4#itCPjvG
m5}O1z>1yq)yi%5OUqfi3a_?lNm)@`HJ^fy%o;%UD>o)-UmvjIC

delta 346
zcmbQowuDvQpowV#5W6p6W@2PwVq`YpV&l+i^EhYA!pvmQIDMjgxwE{1EE^|KtnE85
zBPXMnKxSTAzC(F_PFitsj$U$pu7R95uaTjlk&%Isv4OdfX%vuaVqj@#3gsF!_D__z
zpDe~`AcN1S$tjEptc{%pjct=pF)Gx{voVLtDziu!h&70W_02l`!RemFPS?=9pOeqO
zI{bO5q5%&`fiNTEe-<VK1_M42j~~PXI-GfhfiQ@#%EANkk2V`4D=RxQqk$kBXF{6?
zW7`iWMn;f2HV0(yGP^SvxG*V1rSE*lWMZQ(edUO0_1nn4<Re|%UrsvMRkoq~tcqvF
quJ=p|nme||H-8Vy`sjOeevsDB{$LT$?)bR&_4TLp9^80d$^!t~D`uYn

diff --git a/keys/server-cert.pem b/keys/server-cert.pem
index 444644b..531d903 100644
--- a/keys/server-cert.pem
+++ b/keys/server-cert.pem
@@ -1,13 +1,13 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 3 (0x3)
+        Serial Number: 8 (0x8)
         Signature Algorithm: ecdsa-with-SHA256
-        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = ca@example.com
         Validity
-            Not Before: Dec 20 23:07:25 2021 GMT
-            Not After : Sep 15 23:07:25 2024 GMT
-        Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+            Not Before: Oct  1 05:54:44 2022 GMT
+            Not After : Sep 28 05:54:44 2032 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = Eliptic, OU = ECC, CN = www.wolfssl.com, emailAddress = server@example.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
@@ -24,34 +24,32 @@ Certificate:
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
                 keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+                DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=ca@example.com
+                serial:06
 
-            X509v3 Basic Constraints: critical
-                CA:FALSE
-            X509v3 Key Usage: critical
-                Digital Signature, Key Encipherment, Key Agreement
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-            Netscape Cert Type: 
-                SSL Server
+            X509v3 Subject Alternative Name: 
+                DNS:example, IP Address:127.0.0.1
     Signature Algorithm: ecdsa-with-SHA256
-         30:44:02:20:5a:67:b9:ee:02:34:27:1b:d4:c4:35:7b:ed:59:
-         8e:63:c4:8a:b7:e9:92:c1:8a:76:b0:8b:cd:24:49:78:ba:ef:
-         02:20:29:b8:b6:5f:83:f7:56:6a:f1:4d:d9:9f:52:2a:f9:8f:
-         53:14:49:8b:5f:5e:87:af:7f:ca:2e:e0:d8:e7:75:0c
+         30:45:02:20:42:d8:a0:95:e7:aa:4e:63:fd:50:6e:6b:f9:98:
+         90:be:3d:44:53:68:1b:66:dd:22:a3:12:77:70:94:56:db:82:
+         02:21:00:ce:18:b2:10:b2:2d:2a:b9:79:d4:76:64:df:28:91:
+         23:8d:93:22:e9:4b:ea:7f:49:4e:eb:65:ce:c8:86:ba:fb
 -----BEGIN CERTIFICATE-----
-MIICoDCCAkegAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
+MIIDGjCCAsCgAwIBAgIBCDAKBggqhkjOPQQDAjCBlTELMAkGA1UEBhMCVVMxEzAR
 BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
 bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjExMjIw
-MjMwNzI1WhcNMjQwOTE1MjMwNzI1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
-Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
-DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
-hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+bC5jb20xHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tMB4XDTIyMTAwMTA1
+NTQ0NFoXDTMyMDkyODA1NTQ0NFowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApX
+YXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQww
+CgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEhMB8GCSqGSIb3
+DQEJARYSc2VydmVyQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
 QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
-f/DPGNqREQI0huggWDMLgDSJ2KOBiTCBhjAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
-SiUCI++yiTAwHwYDVR0jBBgwFoAUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwDAYDVR0T
-AQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwEQYJ
-YIZIAYb4QgEBBAQDAgZAMAoGCCqGSM49BAMCA0cAMEQCIFpnue4CNCcb1MQ1e+1Z
-jmPEirfpksGKdrCLzSRJeLrvAiApuLZfg/dWavFN2Z9SKvmPUxRJi19eh69/yi7g
-2Od1DA==
+f/DPGNqREQI0huggWDMLgDSJ2KOCAQEwgf4wHQYDVR0OBBYEFF1dJu+sfjb5m3YV
+K0olAiPvsokwMIHCBgNVHSMEgbowgbeAFFaOmsPwQt4YuUVVbvmTz+rD86UhoYGb
+pIGYMIGVMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UE
+BwwHU2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1l
+bnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOY2FA
+ZXhhbXBsZS5jb22CAQYwGAYDVR0RBBEwD4IHZXhhbXBsZYcEfwAAATAKBggqhkjO
+PQQDAgNIADBFAiBC2KCV56pOY/1Qbmv5mJC+PURTaBtm3SKjEndwlFbbggIhAM4Y
+shCyLSq5edR2ZN8okSONkyLpS+p/SU7rZc7Ihrr7
 -----END CERTIFICATE-----