Using cfssl to regenerate fresh certificates:
rm *
echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert
-initca - | cfssljson -bare ca -
echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key
encipherment","server auth","client auth"]}}}' > ca-config.json
export ADDRESS=127.0.0.1,::1,localhost
export NAME=server
echo
'{"CN":"'$NAME'","hosts":["127.0.0.1"],"key":{"algo":"rsa","size":2048}}'
| cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem
-hostname="$ADDRESS" - | cfssljson -bare $NAME
export ADDRESS=
export NAME=client
echo
'{"CN":"'$NAME'","hosts":["127.0.0.1"],"key":{"algo":"rsa","size":2048}}'
| cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem
-hostname="$ADDRESS" - | cfssljson -bare $NAME
cp ca.pem ca.crt ;
cp ca-key.pem ca.key;
cp client.pem certificate.crt ;
cp client-key.pem privatekey.key ;
Also the results from the related bug show that there is currently no
solution to make self-signed certificates work in conjunction with
raw IPv6 addresses consistently, so we skip the failing test.
Related-Bug: 1656329
Change-Id: I160108059e17122035d8d914c5157b7ce3ada3a5
94bc9ceef1