1This documents the X.509 CAs, certificates, and CRLS used for testing. 2 3Certification authorities 4------------------------- 5 6There are two main CAs for use as trusted roots: 7- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA" 8 uses a RSA-2048 key 9 test-ca-sha1.crt and test-ca-sha256.crt use the same key, signed with 10 different hashes. 11- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA" 12 uses an EC key with NIST P-384 (aka secp384r1) 13 variants used to test the keyUsage extension 14The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways. 15 16Two intermediate CAs are signed by them: 17- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA" 18 uses RSA-4096, signed by test-ca2 19 - test-int-ca-exp.crt is a copy that is expired 20- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA" 21 uses an EC key with NIST P-384, signed by test-ca 22 23A third intermediate CA is signed by test-int-ca2.crt: 24- test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3" 25 uses an EC key with NIST P-256, signed by test-int-ca2 26 27Finally, other CAs for specific purposes: 28- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert 29 enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string. 30- test-ca-v1.crt: v1 "CA", signs 31 server1-v1.crt: v1 "intermediate CA", signs 32 server2-v1*.crt: EE cert (without of with chain in same file) 33- keyUsage.decipherOnly.crt: has the decipherOnly keyUsage bit set 34 35End-entity certificates 36----------------------- 37 38Short information fields: 39 40- name or pattern 41- issuing CA: 1 -> test-ca.crt 42 2 -> test-ca2.crt 43 I1 -> test-int-ca.crt 44 I2 -> test-int-ca2.crt 45 I3 -> test-int-ca3.crt 46 O -> other 47- key type: R -> RSA, E -> EC 48- C -> there is a CRL revoking this cert (see below) 49- L -> CN=localhost (useful for local test servers) 50- P1, P2 if the file includes parent (resp. parent + grandparent) 51- free-form comments 52 53List of certificates: 54 55- cert_example_multi*.crt: 1/O R: subjectAltName 56- cert_example_wildcard.crt: 1 R: wildcard in subject's CN 57- cert_md*.crt, cert_sha*.crt: 1 R: signature hash 58- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal) 59- cli2.crt: 2 E: basic 60- cli-rsa.key, cli-rsa-*.crt: RSA key used for test clients, signed by 61 the RSA test CA. 62- enco-cert-utf8str.pem: see enco-ca-prstr.pem above 63- server1*.crt: 1* R C* P1*: misc *(server1-v1 see test-ca-v1.crt above) 64 *CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt 65 P1 only for _ca.crt 66- server2-v1*.crt: O R: see test-ca-v1.crt above 67- server2*.crt: 1 R L: misc 68- server3.crt: 1 E L: EC cert signed by RSA CA 69- server4.crt: 2 R L: RSA cert signed by EC CA 70- server5*.crt: 2* E L: misc *(except -selfsigned and -ss-*) 71 -sha*: hashes 72 .eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc) 73 .ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement) 74 .req*: CSR, not certificate 75 -der*: trailing bytes in der (?) 76 -badsign.crt: S5 with corrupted signature 77 -expired.crt: S5 with "not after" date in the past 78 -future.crt: S5 with "not before" date in the future 79 -selfsigned.crt: Self-signed cert with S5 key 80 -ss-expired.crt: Self-signed cert with S5 key, expired 81 -ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key 82- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned 83- server6.crt, server6.pem: 2 E L C: revoked 84- server7.crt: I1 E L P1(usually): EC signed by RSA signed by EC 85 -badsign.crt: S7 with corrupted signature + I1 86 -expired.crt: S7 with "not after" date in the past + I1 87 -future.crt: S7 with "not before" date in the future + I1 88 _int-ca-exp.crt: S7 + expired I1 89 _int-ca.crt: S7 + I1 90 _int-ca_ca2.crt: S7 + I1 + 2 91 _all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM) 92 _pem_space.crt: S7 with misplaced space (invalid PEM) + I1 93 _trailing_space.crt: S7 + I1 both with trailing space (valid PEM) 94 _spurious_int-ca.crt: S7 + I2(spurious) + I1 95- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2) 96- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS 97 *CRL for: 9.crt, -badsign, -with-ca (P1) 98- server10.crt: I3 E L 99 -badsign.crt: S10 with corrupted signature 100 -bs_int3.pem: S10-badsign + I3 101 _int3-bs.pem: S10 + I3-badsign 102 _int3_int-ca2.crt: S10 + I3 + I2 103 _int3_int-ca2_ca.crt: S10 + I3 + I2 + 1 104 _int3_spurious_int-ca2.crt: S10 + I3 + I1(spurious) + I2 105 106Certificate revocation lists 107---------------------------- 108 109Signing CA in parentheses (same meaning as certificates). 110 111- crl-ec-sha*.pem: (2) server6.crt 112- crl-future.pem: (2) server6.crt + unknown 113- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown 114- crl.pem, crl-futureRevocationDate.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown 115- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem 116- crt_cat_*.pem: (1+2) concatenations in various orders: 117 ec = crl-ec-sha256.pem, ecfut = crl-future.pem 118 rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem 119 120Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1 121 crl-rsa-pss* would revoke server6.crt if signed by CA 2 122 123Generation 124---------- 125 126Newer test files have been generated through commands in the Makefile. The 127resulting files are committed to the repository so that the tests can 128run without having to re-do the generation and so that the output is the 129same for everyone (the generation process is randomized). 130 131The origin of older certificates has not been recorded. 132