Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 1 | This directory contains various certificates for use with SSL-related |
| 2 | unit tests. |
| 3 | |
| 4 | ===== Real-world certificates that need manual updating |
| 5 | - google.binary.p7b |
| 6 | - google.chain.pem |
| 7 | - google.pem_cert.p7b |
| 8 | - google.pem_pkcs7.p7b |
| 9 | - google.pkcs7.p7b |
| 10 | - google.single.der |
| 11 | - google.single.pem : Certificates for testing parsing of different formats. |
| 12 | |
| 13 | - mit.davidben.der : An expired MIT client certificate. |
| 14 | |
| 15 | - foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity |
| 16 | created for testing. |
| 17 | |
| 18 | - google_diginotar.pem |
| 19 | - diginotar_public_ca_2025.pem : A certificate chain for the regression test |
| 20 | of http://crbug.com/94673 |
| 21 | |
| 22 | - salesforce_com_test.pem |
| 23 | - verisign_intermediate_ca_2011.pem |
| 24 | - verisign_intermediate_ca_2016.pem : Certificates for testing two |
| 25 | X509Certificate objects that contain the same server certificate but |
| 26 | different intermediate CA certificates. The two intermediate CA |
| 27 | certificates actually represent the same intermediate CA but have |
| 28 | different validity periods. |
| 29 | |
| 30 | - ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. |
| 31 | This is an X.509 v1 certificate that omits the version field. Used to |
| 32 | test that the certificate version gets the default value v1. |
| 33 | |
| 34 | - ct-test-embedded-cert.pem |
| 35 | - ct-test-embedded-with-intermediate-chain.pem |
| 36 | - ct-test-embedded-with-intermediate-preca-chain.pem |
| 37 | - ct-test-embedded-with-preca-chain.pem |
| 38 | Test certificate chains for Certificate Transparency: Each of these |
| 39 | files contains a leaf certificate as the first certificate, which has |
| 40 | embedded SCTs, followed by the issuer certificates chain. |
| 41 | All files are from the src/test/testdada directory in |
| 42 | https://code.google.com/p/certificate-transparency/ |
| 43 | |
| 44 | - leaf_from_known_root.pem : A certificate issued by a public trust anchor, |
| 45 | used for CertVerifyProcInternalTest.TestKnownRoot. Using for other |
| 46 | purposes is not recommended. This needs to be updated periodically so the |
| 47 | server name the cert is valid for may change. |
| 48 | |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 49 | - lets-encrypt-dst-x3-root.pem: A chain that ends in the Lets encrypt DST X3 |
| 50 | root (https://crt.sh/?id=8395). Has the same leaf as |
| 51 | lets-encrypt-isrg-x1-root.pem. |
| 52 | - lets-encrypt-isrg-x1-root.pem: A chain that ends in the Lets encrypt ISRG X1 |
| 53 | root (https://crt.sh/?id=9314791). Has the same leaf as |
| 54 | lets-encrypt-dst-x3-root.pem. |
| 55 | |
| 56 | ===== Manually generated certificates |
| 57 | - client.p12 : A PKCS #12 file containing a client certificate and a private |
| 58 | key created for testing. The password is "12345". |
| 59 | |
| 60 | - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same |
| 61 | as the one in client.p12) but no private key. The password is "12345". |
| 62 | |
| 63 | - client-empty-password.p12 : A PKCS #12 file containing an unencrypted client |
| 64 | certificate and a encrypted private key. The password is the empty string, |
| 65 | encoded as two zero bytes. (PKCS#12 passwords are encoded as |
| 66 | NUL-terminated UTF-16.) |
| 67 | |
| 68 | - client-null-password.p12 : A PKCS #12 file containing an unencrypted client |
| 69 | certificate and a encrypted private key. The password is the empty string, |
| 70 | encoded as the empty byte string. |
| 71 | |
| 72 | - unittest.selfsigned.der : A self-signed certificate generated using private |
| 73 | key in unittest.key.bin. The common name is "unittest". |
| 74 | |
| 75 | - unittest.key.bin : private key stored unencrypted. |
| 76 | |
| 77 | - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A |
| 78 | certificate with all of the AttributeTypeAndValues stored within a single |
| 79 | RelativeDistinguishedName, rather than one AVA per RDN as normally seen. |
| 80 | |
| 81 | - unescaped.pem : Regression test for http://crbug.com/102839. Contains |
| 82 | characters such as '=' and '"' that would normally be escaped when |
| 83 | converting a subject/issuer name to their stringized form. |
| 84 | |
| 85 | - websocket_cacert.pem : The testing root CA for testing WebSocket client |
| 86 | certificate authentication. |
| 87 | This file is used in SSLUITest.TestWSSClientCert. |
| 88 | |
| 89 | - websocket_client_cert.p12 : A PKCS #12 file containing a client certificate |
| 90 | and a private key created for WebSocket testing. The password is "". |
| 91 | This file is used in SSLUITest.TestWSSClientCert. |
| 92 | |
| 93 | - no_subject_common_name_cert.pem: Used to test the function that generates a |
| 94 | NSS certificate nickname for a user certificate. This certificate's Subject |
| 95 | field doesn't have a common name. |
| 96 | |
| 97 | - ct-test-embedded-with-uids.pem: A certificate with embedded SCT and |
| 98 | issuer/subject unique IDs. This certificate should only be used in parsing |
| 99 | tests and otherwise kept fixed. The signature, etc., are intentionally |
| 100 | invalid. |
| 101 | |
| 102 | - name_constrained_key.pem |
| 103 | The private key matching the public_key_hash of the kDomainsTest constraint |
| 104 | in CertVerifyProc::HasNameConstraintsViolation. |
| 105 | |
| 106 | ===== From net/data/ssl/scripts/generate-quic-chain.sh |
| 107 | - quic-chain.pem |
| 108 | - quic-leaf-cert.key |
| 109 | - quic-leaf-cert.key.pkcs8.pem |
| 110 | - quic-root.pem |
| 111 | These certificates are used by integration tests that use QUIC. |
| 112 | |
| 113 | - quic-leaf-cert.key.sct |
| 114 | This isn't generated and just contains a simple text file (the contents |
| 115 | don't actually matter, just the presence of the file). |
| 116 | |
| 117 | ===== From net/data/ssl/scripts/generate-test-certs.sh |
| 118 | - expired_cert.pem |
| 119 | - ok_cert.pem |
| 120 | - root_ca_cert.pem |
| 121 | These certificates are the common certificates used by the Python test |
| 122 | server for simulating HTTPS connections. |
| 123 | |
| 124 | - intermediate_ca_cert.pem |
| 125 | - ok_cert_by_intermediate.pem |
| 126 | These certificates simulate a more common chain of root (root_ca_cert.pem) |
| 127 | to intermediate (intermediate_ca_cert.pem) to leaf |
| 128 | (ok_cert_by_intermediate.pem). |
| 129 | |
| 130 | - wildcard_.pem |
| 131 | A certificate and private key valid for *.example.org, used in various |
| 132 | net unit tests. |
| 133 | |
| 134 | - test_names.pem |
| 135 | A certificate and private key valid for a number of test names. See |
| 136 | [test_names] in ee.cnf. Other names may be added as needed. |
| 137 | |
| 138 | - bad_validity.pem |
| 139 | A certificate and private key only valid on 0001-01-01. Windows refuses to |
| 140 | parse this certificate. |
| 141 | |
| 142 | - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling |
| 143 | |
| 144 | - subjectAltName_sanity_check.pem : Used to test the handling of various types |
| 145 | within the subjectAltName extension of a certificate. |
| 146 | |
| 147 | - policies_sanity_check.pem : Used to test the parsing of various types of |
| 148 | certificatePolicies extension policyQualifiers. |
| 149 | |
| 150 | - punycodetest.pem : A test self-signed server certificate with punycode name. |
| 151 | The common name is "xn--wgv71a119e.com" (日本語.com) |
| 152 | |
| 153 | - sha1_2016.pem |
| 154 | Used to test the handling of SHA1 certificates expiring in 2016. |
| 155 | |
| 156 | - 10_year_validity.pem |
| 157 | - 11_year_validity.pem |
| 158 | - 39_months_after_2015_04.pem |
| 159 | - 40_months_after_2015_04.pem |
| 160 | - 60_months_after_2012_07.pem |
| 161 | - 61_months_after_2012_07.pem |
| 162 | - pre_br_validity_bad_121.pem |
| 163 | - pre_br_validity_bad_2020.pem |
| 164 | - pre_br_validity_ok.pem |
| 165 | - start_after_expiry.pem |
| 166 | Certs to test that the maximum validity durations set by the CA/Browser |
| 167 | Forum Baseline Requirements are enforced. |
| 168 | |
| 169 | - pre_june_2016.pem |
| 170 | - post_june_2016.pem |
| 171 | - dec_2017.pem |
| 172 | Certs to test that policies related to enforcing CT on Symantec are |
| 173 | properly gated on the issuance date. See |
| 174 | https://g.co/chrome/symantecpkicerts. (Note, however, that the leaf and |
| 175 | root do not actually form a chain.) |
| 176 | |
| 177 | - may_2018.pem |
| 178 | An 825-day certificate issued on May 1, 2018, the official start of |
| 179 | enforcement requiring Certificate Transparency for new certificates. This |
| 180 | certificate does not have any embedded SCTs. |
| 181 | |
| 182 | - x509_verify_results.chain.pem : A simple certificate chain used to test that |
| 183 | the correctly ordered, filtered certificate chain is returned during |
| 184 | verification, regardless of the order in which the intermediate/root CA |
| 185 | certificates are provided. |
| 186 | |
| 187 | - ev_test.pem |
| 188 | - ev_test_state_only.pem |
| 189 | Certificates for testing EV display (including regression test for |
| 190 | https://crbug.com/1069113). |
| 191 | |
Bob Beck | 2e11917 | 2023-08-14 11:06:38 -0600 | [diff] [blame] | 192 | ===== From net/data/ssl/scripts/generate-test-keys.sh |
| 193 | - rsa-{768,1024,2048}-{1..3}.key |
| 194 | - ec-prime256v1-{1..3}.key |
| 195 | Pre-generated keys of various types/sizes. |
| 196 | Useful for tests that generate RSA certificates with CertBuilder without |
| 197 | having to pay the cost of generating RSA keys at runtime. Multiple keys |
| 198 | of each size are provided. (EC keys are cheap to generate at runtime, but |
| 199 | having some as files simplifies test logic in cases where the test is |
| 200 | reading both RSA and EC keys from files.) |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 201 | |
| 202 | ===== From net/data/ssl/scripts/generate-redundant-test-chains.sh |
| 203 | - redundant-validated-chain.pem |
| 204 | - redundant-server-chain.pem |
| 205 | - redundant-validated-chain-root.pem |
| 206 | |
| 207 | Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same |
| 208 | public key) to test that SSLInfo gets the reconstructed, re-ordered |
| 209 | chain instead of the chain as served. See |
| 210 | SSLClientSocketTest.VerifyReturnChainProperlyOrdered in |
| 211 | net/socket/ssl_client_socket_unittest.cc. These chains are valid until |
| 212 | 26 Feb 2022 and are generated by |
| 213 | net/data/ssl/scripts/generate-redundant-test-chains.sh. |
| 214 | |
| 215 | ===== From net/data/ssl/scripts/generate-client-certificates.sh |
| 216 | - client_1.pem |
| 217 | - client_1.key |
| 218 | - client_1.pk8 |
| 219 | - client_1_ca.pem |
| 220 | - client_2.pem |
| 221 | - client_2.key |
| 222 | - client_2.pk8 |
| 223 | - client_2_ca.pem |
| 224 | - client_3.pem |
| 225 | - client_3.key |
| 226 | - client_3.pk8 |
| 227 | - client_3_ca.pem |
| 228 | - client_4.pem |
| 229 | - client_4.key |
| 230 | - client_4.pk8 |
| 231 | - client_4_ca.pem |
| 232 | - client_5.pem |
| 233 | - client_5.key |
| 234 | - client_5.pk8 |
| 235 | - client_5_ca.pem |
| 236 | - client_6.pem |
| 237 | - client_6.key |
| 238 | - client_6.pk8 |
| 239 | - client_6_ca.pem |
| 240 | - client_root_ca.pem |
| 241 | This is a set of files used to unit test SSL client certificate |
| 242 | authentication. |
| 243 | - client_1_ca.pem and client_2_ca.pem are the certificates of |
| 244 | two distinct signing CAs. |
| 245 | - client_1.pem and client_1.key correspond to the certificate and |
| 246 | private key for a first certificate signed by client_1_ca.pem. |
| 247 | - client_2.pem and client_2.key correspond to the certificate and |
| 248 | private key for a second certificate signed by client_2_ca.pem. |
| 249 | - each .pk8 file contains the same key as the corresponding .key file |
| 250 | as PKCS#8 PrivateKeyInfo in DER encoding. |
| 251 | - client_3.pem is nearly identical to client_2.pem, except it is used |
| 252 | to test wifi EAP-TLS authentication so it uses a different set |
| 253 | of X509v3 extensions. Specifically it includes two Subject |
| 254 | Alternative Name fields recognized by Chrome OS. |
| 255 | - client_4.pem is similar to client_2.pem but is a P-256 ECDSA key rather |
| 256 | than RSA. |
| 257 | - client_5.pem is similar to client_2.pem but is a P-384 ECDSA key rather |
| 258 | than RSA. |
| 259 | - client_6.pem is similar to client_2.pem but is a P-521 ECDSA key rather |
| 260 | than RSA. |
| 261 | - client_root_ca.pem is the CA certificate which signed client_*_ca.pem. |
| 262 | |
| 263 | ===== From net/data/ssl/scripts/generate-bad-eku-certs.sh |
| 264 | - eku-test-root.pem |
| 265 | - non-crit-codeSigning-chain.pem |
| 266 | - crit-codeSigning-chain.pem |
| 267 | Two code-signing certificates (eKU: codeSigning; eKU: critical, |
| 268 | codeSigning) which we use to test that clients are making sure that web |
| 269 | server certs are checked for correct eKU fields (when an eKU field is |
| 270 | present). Since codeSigning is not valid for web server auth, the checks |
| 271 | should fail. |
| 272 | |
| 273 | ===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh |
| 274 | - multi-root-chain1.pem |
| 275 | - multi-root-chain2.pem |
| 276 | Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the |
| 277 | same public key) to test that certificate validation caching does not |
| 278 | interfere with the chain_verify_callback used by CertVerifyProcChromeOS. |
| 279 | See CertVerifyProcChromeOSTest. |
| 280 | |
| 281 | ===== From net/data/ssl/scripts/generate-multi-root-keychain.sh |
| 282 | - multi-root.keychain: An OSX Keychain containing the generated |
| 283 | certificates multi-root-*-by-*.pem |
| 284 | |
| 285 | ===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh |
| 286 | - duplicate_cn_1.p12 |
| 287 | - duplicate_cn_1.pem |
| 288 | - duplicate_cn_2.p12 |
| 289 | - duplicate_cn_2.pem |
| 290 | Two certificates from the same issuer that share the same common name, |
| 291 | but have distinct subject names (namely, their O fields differ). NSS |
| 292 | requires that certificates have unique nicknames if they do not share the |
| 293 | same subject, and these certificates are used to test that the nickname |
| 294 | generation algorithm generates unique nicknames. |
| 295 | The .pem versions contain just the certs, while the .p12 versions contain |
| 296 | both the cert and a private key, since there are multiple ways to import |
| 297 | certificates into NSS. |
| 298 | |
| 299 | ===== From net/data/ssl/scripts/generate-self-signed-certs.sh |
| 300 | - self-signed-invalid-name.pem |
| 301 | - self-signed-invalid-sig.pem |
| 302 | Two "self-signed" certificates with mismatched names or an invalid |
| 303 | signature, respectively. |
| 304 | |
| 305 | ===== From net/data/ssl/scripts/generate-key-usage-certs.sh |
| 306 | - key_usage_rsa_no_extension.pem |
| 307 | - key_usage_rsa_keyencipherment.pem |
| 308 | - key_usage_rsa_digitalsignature.pem |
| 309 | - key_usage_rsa_both.pem |
| 310 | Self-signed RSA certificates with various combinations of keyUsage |
| 311 | flags. Their private key is key_usage_rsa.key. |
| 312 | |
| 313 | - key_usage_p256_no_extension.pem |
| 314 | - key_usage_p256_keyagreement.pem |
| 315 | - key_usage_p256_digitalsignature.pem |
| 316 | - key_usage_p256_both.pem |
| 317 | Self-signed P-256 certificates with various combinations of keyUsage |
| 318 | flags. Their private key is key_usage_p256.key. |