File tree 8 files changed +107
-0
lines changed
8 files changed +107
-0
lines changed Original file line number Diff line number Diff line change @@ -6,6 +6,7 @@ class EnvironmentVariablesGenerator < Generator
66
77 def generate ( site )
88 site . config [ 'domain' ] = ENV [ 'DOMAIN' ] || 'badssl.com'
9+ site . config [ 'prod' ] = ENV [ 'DOMAIN' ] == ENV [ 'PROD_DOMAIN' ]
910 site . config [ 'http-domain' ] = ENV [ 'HTTP_DOMAIN' ] || 'http.badssl.com'
1011 site . config [ 'serving-path' ] = ENV [ 'SERVING_PATH' ] || '/var/www/badssl/_site'
1112
Original file line number Diff line number Diff line change @@ -316,6 +316,15 @@ CHAINS_PROD += $(O)/gen/chain/subdomain-xn--n1aae7f7o.pem
316316$(O ) /gen/chain/subdomain-xn--n1aae7f7o.pem$(O ) /gen/crt/subdomain-xn--n1aae7f7o.crt $(O ) /gen/crt/ca-intermediate.crt
317317 ./tool chain $@ $(D ) $^
318318
319+ # ###############################
320+ $(O ) /gen/csr/subdomain-extended-validation.csr$(O ) /gen/key/leaf-main.key
321+ ./tool gen-csr $@ $(D ) $^
322+ $(O ) /gen/crt/subdomain-extended-validation.crt$(O ) /gen/csr/subdomain-extended-validation.csr $(O ) /gen/key/ca-intermediate.key $(O ) /gen/crt/ca-intermediate.crt
323+ ./tool sign $@ $(D ) $(SIGN_LEAF_DEFAULTS ) $^
324+ CHAINS_PROD += $(O ) /gen/chain/subdomain-extended-validation.pem
325+ $(O ) /gen/chain/subdomain-extended-validation.pem$(O ) /gen/crt/subdomain-extended-validation.crt $(O ) /gen/crt/ca-intermediate.crt
326+ ./tool chain $@ $(D ) $^
327+
319328# ###############################
320329# Note: this is just a regular cert in `test`.
321330# Getting a real-world cert without SCTs may be extra work in the future.
Original file line number Diff line number Diff line change 1+ [ req ]
2+ default_bits = 2048
3+ distinguished_name = req_distinguished_name
4+ encrypt_key = no
5+ prompt = no
6+ req_extensions = req_v3_usr
7+ certificatePolicies = @policy
8+
9+ [ req_distinguished_name ]
10+ countryName = US
11+ stateOrProvinceName = California
12+ localityName = San Francisco
13+ organizationName = BadSSL
14+ commonName = extended-validation.__DOMAIN__
15+
16+ [ req_v3_usr ]
17+ basicConstraints = CA:FALSE
18+ subjectAltName = @alt_names
19+ certificatePolicies = @policy
20+
21+ [ alt_names ]
22+ DNS.1 = extended-validation.__DOMAIN__
23+
24+ [ policy ]
25+ policyIdentifier=1.3.1.1.1.1
26+ CPS.1 = "https://no-csp-statement.__DOMAIN__/"
27+ userNotice.1 = @notice
28+
29+ [ notice ]
30+ explicitText = "This certificate is used solely for BadSSL."
Original file line number Diff line number Diff line change 1+ ---
2+ ---
3+ server {
4+ listen 80;
5+ server_name extended-validation.{{ site.domain }};
6+
7+ return 301 https://$server_name$request_uri;
8+ }
9+
10+ server {
11+ listen 443;
12+ server_name extended-validation.{{ site.domain }};
13+
14+ include {{ site.serving-path }}/nginx-includes/subdomain-extended-validation.conf;
15+ include {{ site.serving-path }}/nginx-includes/tls-defaults.conf;
16+ include {{ site.serving-path }}/common/common.conf;
17+
18+ root {{ site.serving-path }}/domains/cert/extended-validation;
19+ }
20+
21+ # Redirect from ev -> extended-validation
22+ server {
23+ listen 80;
24+ server_name ev.{{ site.domain }};
25+
26+ return 301 https://ev.{{ site.domain }}$request_uri;
27+ }
28+
29+ server {
30+ listen 443;
31+ server_name ev.{{ site.domain }};
32+
33+ include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
34+ include {{ site.serving-path }}/nginx-includes/tls-defaults.conf;
35+ include {{ site.serving-path }}/common/common.conf;
36+
37+ return 301 https://extended-validation.{{ site.domain }}$request_uri;
38+ }
Original file line number Diff line number Diff line change 1+ ---
2+ subdomain: extended-validation
3+ layout: page
4+ favicon: green
5+ background: green
6+ ---
7+
8+ < div id ="content ">
9+ < h1 style ="font-size: 12vw; ">
10+ {{ page.subdomain }}.< br > {{ site.domain }}
11+ </ h1 >
12+ </ div >
13+
14+ < div id ="footer ">
15+ {% if site.prod %}
16+ This site uses an EV (< a href ="https://en.wikipedia.org/wiki/Extended_Validation_Certificate "> Extended Validation</ a > ) digital certificate.
17+ {% else %}
18+ This site’s EV (< a href ="https://en.wikipedia.org/wiki/Extended_Validation_Certificate "> Extended Validation</ a > ) digital certificate is< br > treated like a DV cert because it is not issued by a trusted CA.
19+ {% endif %}
20+ </ div >
Original file line number Diff line number Diff line change @@ -56,6 +56,7 @@ var sets = [
5656 { subdomain : "rsa2048" } ,
5757 { subdomain : "ecc256" } ,
5858 { subdomain : "ecc384" } ,
59+ { subdomain : "extended-validation" } ,
5960 { subdomain : "mozilla-modern" }
6061 ]
6162 } ,
Original file line number Diff line number Diff line change @@ -56,6 +56,8 @@ <h2 id="certificate"><span class="emoji">🎫</span>Certificate</h2>
5656 < hr >
5757 < a href ="https://rsa2048.{{ site.domain }}/ " class ="good "> < span class ="icon "> </ span > rsa2048</ a >
5858 < a href ="https://rsa8192.{{ site.domain }}/ " class ="dubious "> < span class ="icon "> </ span > rsa8192</ a >
59+ < hr >
60+ < a href ="https://extended-validation.{{ site.domain }}/ " class ="good "> < span class ="icon "> </ span > extended-validation</ a >
5961 </ div >
6062 < div class ="group ">
6163 < h2 id ="client-certificate "> < span class ="emoji "> 🎟</ span > Client Certificate</ h2 >
Original file line number Diff line number Diff line change 1+ ---
2+ ---
3+
4+ ssl on;
5+ ssl_certificate {{ site.cert-path }}/subdomain-extended-validation.pem;
6+ ssl_certificate_key /etc/keys/leaf-main.key;
You can’t perform that action at this time.
0 commit comments