| /external/cronet/net/data/ssl/scripts/ |
| D | generate-test-certs.sh | 4 # Use of this source code is governed by a BSD-style license that can be
7 # This script generates a set of test (end-entity, intermediate, root)
8 # certificates that can be used to test fetching of an intermediate via AIA.
9 set -e -x
11 # The maximum lifetime for any certificates that may go through a "real"
13 # min(OS verifier max lifetime for local certs, built-in verifier max lifetime
16 # The current built-in verifier max lifetime is 39 months
18 # iOS 13/macOS 10.15 - https://support.apple.com/en-us/HT210176
19 # 730 is used here as just a short-hand for 2 years
22 rm -rf out
[all …]
|
| D | generate-client-certificates.sh | 4 # Use of this source code is governed by a BSD-style license that can be
7 # This script generates certificates that can be used to test SSL client
9 # net/data/ssl/certificates, but may be re-generated for manual testing.
11 # This script generates several chains of test client certificates:
13 # 1. A (end-entity) -> B -> C (self-signed root)
14 # 2. D (end-entity) -> E -> C (self-signed root)
15 # 3. F (end-entity) -> E -> C (self-signed root)
16 # 4. G (end-entity, P-256) -> E -> C (self-signed root)
17 # 5. H (end-entity, P-384) -> E -> C (self-signed root)
18 # 6. I (end-entity, P-521) -> E -> C (self-signed root)
[all …]
|
| D | generate-multi-root-test-chains.sh | 4 # Use of this source code is governed by a BSD-style license that can be
9 # while the indication that a CA Foo signed a certificate for CA Bar is denoted
12 # +---+ +-----+
14 # +---+ +-----+
16 # +--v v--+ |
17 # +---+ +---+
19 # +---+ +---+
21 # v v---+
22 # +-----+
24 # +-----+
[all …]
|
| D | generate-duplicate-cn-certs.sh | 4 # Use of this source code is governed by a BSD-style license that can be
7 # This script generates two chains of test certificates:
8 # 1. A1 (end-entity) -> B (self-signed root)
9 # 2. A2 (end-entity) -> B (self-signed root)
15 # nicknames for both certificates.
22 try rm -rf out
26 try /bin/sh -c "echo 01 > out/B-serial"
27 try touch out/B-index.txt
30 try openssl genrsa -out out/A.key 2048
31 try openssl genrsa -out out/B.key 2048
[all …]
|
| D | generate-quic-chain.sh | 4 # Use of this source code is governed by a BSD-style license that can be
7 # This script generates a test chain of (end-entity, intermediate, root)
8 # certificates used to run a test QUIC server.
14 try rm -rf out
18 try /bin/sh -c "echo 01 > out/quic-test-root-serial"
19 try /bin/sh -c "echo 01 > out/quic-test-intermediate-serial"
22 touch out/quic-test-root-index.txt
23 touch out/quic-test-intermediate-index.txt
26 try openssl genrsa -out out/quic-test-root.key 2048
27 try openssl genrsa -out out/quic-test-intermediate.key 2048
[all …]
|
| D | generate-redundant-test-chains.sh | 4 # Use of this source code is governed by a BSD-style license that can be
7 # This script generates two chains of test certificates:
9 # 1. A (end-entity) -> B -> C -> D (self-signed root)
10 # 2. A (end-entity) -> B -> C2 (self-signed root)
12 # in which A, B, C, and D have distinct keypairs. C2 is a self-signed root
27 try rm -rf out
34 try /bin/sh -c "echo $serial > out/$i-serial"
39 try openssl genrsa -out out/A.key 2048
40 try openssl genrsa -out out/B.key 2048
41 try openssl genrsa -out out/C.key 2048
[all …]
|
| D | ca.cnf | 7 CA_COMMON_NAME = Test Root CA
9 [ca]
13 # The default test root, used to generate certificates and CRLs.
19 type = $key_size-$algo-$cert_type
20 database = $dir/$type-index.txt
22 serial = $dir/$type-serial
35 basicConstraints = critical, CA:false
41 # Extensions to add when signing a request for an intermediate/CA cert
42 basicConstraints = critical, CA:true
62 # The request section used to generate the root CA certificate. This should
[all …]
|
| /external/cronet/net/docs/ |
| D | certificate-transparency.md | 10 append-only data structure that can log certificates that are issued by
12 By logging certificates, it becomes possible for the public to see what
13 certificates have been issued by a given CA. This allows site operators to
16 the broader community, to examine the certificates a CA has issued and ensure
17 that the CA is complying with their expected or disclosed practices.
20 * https://www.certificate-transparency.org
21 …nsparency and Nimbus](https://blog.cloudflare.com/introducing-certificate-transparency-and-nimbus/)
30 [Certificate Transparency in Chrome](https://github.com/chromium/ct-policy/blob/master/ct_policy.md)
37 a stapled OCSP response, or directly by the TLS server. Nearly every CA
44 way to enable CT support. If you obtain a certificate from your CA and it does
[all …]
|
| D | certificate_lifetimes.md | 4 reducing the maximum allowed lifetimes of TLS certificates.
8 Beginning with Chrome 85, TLS server certificates issued on or after
9 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days
10 or less. This will only apply to TLS server certificates from CAs that are
12 "publicly trusted CAs", and will not apply to locally-operated CAs that have
15 Certificates that do not comply with this requirement will not work, and may
18 If a certificate that does not comply with this requirement is issued by a CA
20 failure to comply with the security policies necessary to being a trusted CA,
21 and may result in the removal of trust of that CA’s certificates.
26 of the certificate is on or after 2020-09-01 00:00:00 UTC, or if the first
[all …]
|
| /external/curl/docs/ |
| D | SSLCERTS.md | 1 <!--
4 SPDX-License-Identifier: curl
5 -->
11 ----------
16 ----------
20 you. Scroll down for details on how the OS-native engines handle SSL
21 certificates. If you are not sure, then run "curl -V" and read the results. If
26 -----------------
28 This system is about trust. In your local CA certificate store you have certs
30 the server certificates you see are valid. They are signed by one of the
[all …]
|
| D | mk-ca-bundle.md | 1 ---
3 SPDX-License-Identifier: curl
4 Title: mk-ca-bundle
6 Source: mk-ca-bundle
7 See-also:
8 - curl (1)
9 ---
13 mk-ca-bundle - convert Mozilla's certificate bundle to PEM format
17 mk-ca-bundle [options] [output]
22 HTTPS, then parses it and extracts the included certificates into PEM format.
[all …]
|
| /external/cronet/net/data/ssl/chrome_root_store/ |
| D | faq.md | 10 [digital certificates](https://en.wikipedia.org/wiki/Public_key_certificate)
11 (often referred to as “certificates,” “HTTPS certificates,” or “server
12 authentication certificates”) to ensure the connections it makes on behalf
13 of its users are secure and private. Certificates bind a domain name to a
18 that a recognized system known as a “Certification Authority” (CA) issued
19 its certificate. Certificates issued by a CA not recognized by Chrome or a
23 applications what certificates to trust. The
24 [Chrome Root Store](https://g.co/chrome/root-store) contains the set of
25 certificates Chrome trusts by default.
51 See the troubleshooting steps [here](#can-you-help_i_m-experiencing-problems).
[all …]
|
| /external/openscreen/cast/common/certificate/ |
| D | cast_cert_validator_unittest.cc | 2 // Use of this source code is governed by a BSD-style license that can be
22 // Uses the built-in trust store for Cast. This is how certificates are
26 // Instead of using the built-in trust store, use root certificate in the
30 // TrustAnchors in the built-in store are setup.
40 // * |expected_policy| - The policy that should have been identified for the
42 // * |time| - The timestamp to use when verifying the certificate.
43 // * |trust_store_dependency| - Which trust store to use when verifying (see
45 // * |optional_signed_data_file_name| - optional path to a PEM file containing
74 // built-in Cast roots). in RunTest()
76 fake_trust_store->certs.emplace_back(fake_root); in RunTest()
[all …]
|
| /external/rust/crates/x509-cert/src/ext/pkix/constraints/ |
| D | basic.rs | 8 /// cA BOOLEAN DEFAULT FALSE,
13 /// [RFC 5280 Section 4.2.1.9]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9
18 pub ca: bool, field
31 ) -> bool { in critical()
32 // https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.9 in critical()
33 // Conforming CAs MUST include this extension in all CA certificates in critical()
35 // certificates and MUST mark the extension as critical in such in critical()
36 // certificates. This extension MAY appear as a critical or non- in critical()
37 // critical extension in CA certificates that contain public keys used in critical()
39 // certificates. Such CA certificates include ones that contain public in critical()
[all …]
|
| /external/cronet/third_party/boringssl/src/pki/testdata/ssl/certificates/ |
| D | README | 1 This directory contains various certificates for use with SSL-related
4 ===== Real-world certificates that need manual updating
5 - google.binary.p7b
6 - google.chain.pem
7 - google.pem_cert.p7b
8 - google.pem_pkcs7.p7b
9 - google.pkcs7.p7b
10 - google.single.der
11 - google.single.pem : Certificates for testing parsing of different formats.
13 - mit.davidben.der : An expired MIT client certificate.
[all …]
|
| /external/cronet/net/data/ssl/certificates/ |
| D | README | 1 This directory contains various certificates for use with SSL-related
4 ===== Real-world certificates that need manual updating
5 - google.binary.p7b
6 - google.chain.pem
7 - google.pem_cert.p7b
8 - google.pem_pkcs7.p7b
9 - google.pkcs7.p7b
10 - google.single.der
11 - google.single.pem : Certificates for testing parsing of different formats.
13 - mit.davidben.der : An expired MIT client certificate.
[all …]
|
| /external/python/cpython2/Doc/library/ |
| D | ssl.rst | 1 :mod:`ssl` --- TLS/SSL wrapper for socket objects
19 --------------
23 sockets, both client-side and server-side. This module uses the OpenSSL
38 Don't use this module without reading the :ref:`ssl-security`. Doing so
44 general information about TLS, SSL, and certificates, the reader is referred to
48 :class:`socket.socket` type, and provides a socket-like wrapper that also
55 helps manage settings and certificates, which can then be inherited
60 ------------------------------------
66 higher-level encryption and authentication layer that's superimposed on the
98 A subclass of :exc:`SSLError` raised by a :ref:`non-blocking SSL socket
[all …]
|
| /external/googleapis/google/cloud/security/privateca/v1beta1/ |
| D | resources.proto | 7 // http://www.apache.org/licenses/LICENSE-2.0
35 …curity.privateca.v1beta1.CertificateAuthority] can be used to create [Certificates][google.cloud.s…
42 …// Options that affect all certificates issued by a [CertificateAuthority][google.cloud.security.p…
44 // Required. When true, includes a URL to the issuing CA certificate in the
48 // Required. When true, includes a URL to the CRL corresponding to certificates
56 …// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] will not be successfully is…
60 …// Required. All [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the…
69 // [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
71 // Optional. Contains valid, fully-qualified host names. Glob patterns are also
85 // Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also
[all …]
|
| /external/google-cloud-java/java-security-private-ca/proto-google-cloud-security-private-ca-v1beta1/src/main/proto/google/cloud/security/privateca/v1beta1/ |
| D | resources.proto | 7 // http://www.apache.org/licenses/LICENSE-2.0
35 …curity.privateca.v1beta1.CertificateAuthority] can be used to create [Certificates][google.cloud.s…
42 …// Options that affect all certificates issued by a [CertificateAuthority][google.cloud.security.p…
44 // Required. When true, includes a URL to the issuing CA certificate in the
48 // Required. When true, includes a URL to the CRL corresponding to certificates
56 …// [Certificates][google.cloud.security.privateca.v1beta1.Certificate] will not be successfully is…
60 …// Required. All [Certificates][google.cloud.security.privateca.v1beta1.Certificate] issued by the…
69 // [Certificates][google.cloud.security.privateca.v1beta1.Certificate].
71 // Optional. Contains valid, fully-qualified host names. Glob patterns are also
85 // Optional. Contains valid RFC 2822 E-mail addresses. Glob patterns are also
[all …]
|
| /external/googleapis/google/cloud/security/privateca/v1/ |
| D | resources.proto | 7 // http://www.apache.org/licenses/LICENSE-2.0
39 // [Certificates][google.cloud.security.privateca.v1.Certificate].
53 // Self-signed CA.
56 // Subordinate CA. Could be issued by a Private CA
58 // or an unmanaged CA.
69 // Certificates can be issued from this CA. CRLs will be generated for this
70 // CA. The CA will be part of the
72 // will be used to issue certificates from the
76 // Certificates cannot be issued from this CA. CRLs will still be generated.
77 // The CA will be part of the
[all …]
|
| /external/cronet/net/cert/internal/ |
| D | revocation_checker.h | 2 // Use of this source code is governed by a BSD-style license that can be
21 // For the status of Subscriber Certificates: If the CA publishes a CRL,
22 // then the CA SHALL update and reissue CRLs at least once every seven
27 // For the status of Subscriber Certificates: The CA SHALL update
37 // For the status of Subordinate CA Certificates: The CA SHALL update and
39 // hours after revoking a Subordinate CA Certificate, and the value of the
44 // For the status of Subordinate CA Certificates: The CA SHALL update
47 // Subordinate CA Certificate.
55 // Callers should not rely on the default-initialized value, but should fully
79 // If set to true, considers certificates lacking URLs for OCSP/CRL to be
[all …]
|
| /external/openthread/third_party/mbedtls/repo/tests/data_files/ |
| D | Readme-x509.txt | 1 This documents the X.509 CAs, certificates, and CRLS used for testing.
4 -------------------------
7 - test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
8 uses a RSA-2048 key
9 test-ca-sha1.crt and test-ca-sha256.crt use the same key, signed with
11 - test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
12 uses an EC key with NIST P-384 (aka secp384r1)
14 The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.
17 - test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
18 uses RSA-4096, signed by test-ca2
[all …]
|
| /external/mbedtls/tests/data_files/ |
| D | Readme-x509.txt | 1 This documents the X.509 CAs, certificates, and CRLS used for testing.
4 -------------------------
7 - test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
8 uses a RSA-2048 key
9 test-ca-sha1.crt and test-ca-sha256.crt use the same key, signed with
11 - test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
12 uses an EC key with NIST P-384 (aka secp384r1)
14 The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.
17 - test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
18 uses RSA-4096, signed by test-ca2
[all …]
|
| /external/google-cloud-java/java-security-private-ca/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ |
| D | FetchCaCertsResponse.java | 8 * https://www.apache.org/licenses/LICENSE-2.0
80 * The certificates that form the CA chain, from leaf to root order.
83 * <code>repeated string certificates = 1;</code>
85 * @return A list containing the certificates.
92 * The certificates that form the CA chain, from leaf to root order.
95 * <code>repeated string certificates = 1;</code>
97 * @return The count of certificates.
104 * The certificates that form the CA chain, from leaf to root order.
107 * <code>repeated string certificates = 1;</code>
110 * @return The certificates at the given index.
[all …]
|
| /external/aws-sdk-java-v2/services/acmpca/src/main/resources/codegen-resources/ |
| D | docs-2.json | 3 …CA). You must first call the <a>CreateCertificateAuthority</a> operation. If successful, the opera…
5 …CA). You must specify the CA configuration, the revocation configuration, the CA type, and an opti…
6 …ditReport":"<p>Creates an audit report that lists every time that the your CA private key is used.…
7 …CA). You must provide the ARN (Amazon Resource Name) of the private CA that you want to delete. Yo…
8 …CA). You specify the private CA on input by its ARN (Amazon Resource Name). The output contains th…
9 …ration. Audit information is created every time the certificate authority (CA) private key is used…
10 …CA. The ARN of the certificate is returned when you call the <a>IssueCertificate</a> operation. Yo…
11 …vate certificate authority (CA). Both the certificate and the chain are base64 PEM-encoded. The ch…
12 …CA). The CSR is created when you call the <a>CreateCertificateAuthority</a> operation. Take the CS…
13 …CA certificate into ACM PCA. Before you can call this operation, you must create the private certi…
[all …]
|