• Home
Name Date Size #Lines LOC

..--

2029_globalsign_com_cert.pemD04-Jul-20251.9 KiB3231

2_client_certs_1_key.p12D04-Jul-20253.3 KiB

READMED04-Jul-202512.7 KiB309258

bad_validity.pemD04-Jul-20256.1 KiB113112

can_sign_http_exchanges_draft_extension.pemD04-Jul-20251.3 KiB2322

can_sign_http_exchanges_draft_extension_invalid.pemD04-Jul-20251.3 KiB2322

client-empty-password.p12D04-Jul-20252.3 KiB

client-nokey.p12D04-Jul-2025895

client-null-password.p12D04-Jul-20252.3 KiB

client.p12D04-Jul-20251.7 KiB

client_1.keyD04-Jul-20251.7 KiB2928

client_1.pemD04-Jul-20254.1 KiB7978

client_1.pk8D04-Jul-20251.2 KiB

client_1_ca.pemD04-Jul-20254 KiB7978

client_1_u16_password.p12D04-Jul-20252.5 KiB

client_2.keyD04-Jul-20251.7 KiB2928

client_2.pemD04-Jul-20254.1 KiB7978

client_2.pk8D04-Jul-20251.2 KiB

client_2_ca.pemD04-Jul-20254 KiB7978

client_3.keyD04-Jul-20251.7 KiB2928

client_3.pemD04-Jul-20254.1 KiB7877

client_3.pk8D04-Jul-20251.2 KiB

client_3_ca.pemD04-Jul-20254 KiB7978

client_4.keyD04-Jul-2025227 65

client_4.pemD04-Jul-20253 KiB6362

client_4.pk8D04-Jul-2025138

client_4_ca.pemD04-Jul-20254 KiB7978

client_5.keyD04-Jul-2025288 76

client_5.pemD04-Jul-20253.2 KiB6564

client_5.pk8D04-Jul-2025185

client_5_ca.pemD04-Jul-20254 KiB7978

client_6.keyD04-Jul-2025365 87

client_6.pemD04-Jul-20253.4 KiB6867

client_6.pk8D04-Jul-2025241

client_6_ca.pemD04-Jul-20254 KiB7978

client_7.keyD04-Jul-2025916 1716

client_7.pemD04-Jul-20253.4 KiB6766

client_7.pk8D04-Jul-2025636

client_7_ca.pemD04-Jul-20254 KiB7978

client_root_ca.pemD04-Jul-20251.1 KiB1918

client_with_ec_key.p12D04-Jul-20251.2 KiB

common_name_only.pemD04-Jul-20256.1 KiB111110

crit-codeSigning-chain.pemD04-Jul-20256 KiB111110

crlset_blocked_interception_by_intermediate.rawD04-Jul-2025224

crlset_blocked_interception_by_root.rawD04-Jul-2025224

crlset_by_intermediate_serial.rawD04-Jul-2025231

crlset_by_leaf_spki.rawD04-Jul-2025224

crlset_by_leaf_subject_no_spki.rawD04-Jul-2025228

crlset_by_root_serial.rawD04-Jul-2025231

crlset_by_root_spki.rawD04-Jul-2025224

crlset_by_root_subject.rawD04-Jul-2025274

crlset_by_root_subject_no_spki.rawD04-Jul-2025228

crlset_known_interception_by_root.rawD04-Jul-2025224

cronet-quic-chain.pemD04-Jul-20258.3 KiB160159

cronet-quic-leaf-cert.keyD04-Jul-20251.2 KiB

cronet-quic-leaf-cert.key.pkcs8.pemD04-Jul-20251.7 KiB2928

cronet-quic-root.pemD04-Jul-20251.1 KiB2019

ct-test-embedded-cert.pemD04-Jul-20256.5 KiB127124

ct-test-embedded-with-intermediate-chain.pemD04-Jul-20259.6 KiB189185

ct-test-embedded-with-intermediate-preca-chain.pemD04-Jul-20259.6 KiB189185

ct-test-embedded-with-preca-chain.pemD04-Jul-20256.5 KiB128125

ct-test-embedded-with-uids.pemD04-Jul-20254.2 KiB8280

diginotar_cyber_ca.pemD04-Jul-20251.9 KiB3331

diginotar_pkioverheid.pemD04-Jul-20251.6 KiB2927

diginotar_pkioverheid_g2.pemD04-Jul-20252.3 KiB3938

diginotar_public_ca_2025.pemD04-Jul-20252.1 KiB3635

diginotar_root_ca.pemD04-Jul-20251.9 KiB3332

diginotar_services_1024_ca.pemD04-Jul-20251.3 KiB2423

duplicate_cn_1.p12D04-Jul-20252.3 KiB

duplicate_cn_1.pemD04-Jul-20254.1 KiB7977

duplicate_cn_2.p12D04-Jul-20252.3 KiB

duplicate_cn_2.pemD04-Jul-20254.1 KiB7977

ec-prime256v1-1.keyD04-Jul-2025241 65

ec-prime256v1-2.keyD04-Jul-2025241 65

ec-prime256v1-3.keyD04-Jul-2025241 65

eku-test-root.pemD04-Jul-20254 KiB7877

ev_test.pemD04-Jul-20254 KiB7574

ev_test_state_only.pemD04-Jul-20253.9 KiB7473

expired_cert.pemD04-Jul-20256.2 KiB114113

foaf.me.chromium-test-cert.derD04-Jul-2025990

google.binary.p7bD04-Jul-20251.6 KiB

google.chain.pemD04-Jul-20252.2 KiB3838

google.pem_cert.p7bD04-Jul-20252.3 KiB3837

google.pem_pkcs7.p7bD04-Jul-20252.2 KiB3837

google.single.derD04-Jul-2025805

google.single.pemD04-Jul-20251.1 KiB1919

google_diginotar.pemD04-Jul-20251.8 KiB3130

intermediate_ca_cert.pemD04-Jul-20256.1 KiB111110

invalid_key_usage_cert.derD04-Jul-2025940

key_usage_p256.keyD04-Jul-2025241 65

key_usage_p256_both.pemD04-Jul-20252.1 KiB4645

key_usage_p256_digitalsignature.pemD04-Jul-20252 KiB4645

key_usage_p256_keyagreement.pemD04-Jul-20252 KiB4645

key_usage_p256_no_extension.pemD04-Jul-20251.9 KiB4241

key_usage_rsa.keyD04-Jul-20251.7 KiB2928

key_usage_rsa_both.pemD04-Jul-20255.6 KiB101100

key_usage_rsa_digitalsignature.pemD04-Jul-20255.5 KiB10099

key_usage_rsa_keyencipherment.pemD04-Jul-20255.4 KiB10099

key_usage_rsa_no_extension.pemD04-Jul-20255.4 KiB9796

leaf_from_known_root.pemD04-Jul-202514 KiB253249

lets-encrypt-dst-x3-root.pemD04-Jul-202524.5 KiB465443

lets-encrypt-isrg-x1-root.pemD04-Jul-202520.6 KiB381366

localhost_cert.pemD04-Jul-20256.2 KiB114113

may_2018.pemD04-Jul-20254.6 KiB8685

mit.davidben.derD04-Jul-2025965

multi-root-A-by-B.pemD04-Jul-20256 KiB110108

multi-root-B-by-C.pemD04-Jul-20253.9 KiB7574

multi-root-B-by-F.pemD04-Jul-20253.9 KiB7574

multi-root-C-by-D.pemD04-Jul-20253.9 KiB7574

multi-root-C-by-E.pemD04-Jul-20253.9 KiB7574

multi-root-D-by-D.pemD04-Jul-20253.9 KiB7675

multi-root-E-by-E.pemD04-Jul-20253.9 KiB7675

multi-root-F-by-E.pemD04-Jul-20253.9 KiB7574

multi-root-chain1.pemD04-Jul-202516.2 KiB306304

multi-root-chain2.pemD04-Jul-202516.2 KiB306304

multi-root-crlset-C.rawD04-Jul-2025155

multi-root-crlset-CD-and-FE.rawD04-Jul-2025187

multi-root-crlset-D-and-E.rawD04-Jul-2025203

multi-root-crlset-E.rawD04-Jul-2025155

multi-root-crlset-unrelated.rawD04-Jul-2025148

multi-root.keychainD04-Jul-202532.3 KiB

multivalue_rdn.pemD04-Jul-20253 KiB6058

name_constrained_key.pemD04-Jul-20251.7 KiB2928

ndn.ca.crtD04-Jul-20252.1 KiB3635

nist.derD04-Jul-20251.3 KiB

no_subject_common_name_cert.pemD04-Jul-20255.7 KiB110104

non-crit-codeSigning-chain.pemD04-Jul-20256 KiB111110

ok_cert.pemD04-Jul-20256.2 KiB114113

ok_cert_by_intermediate.pemD04-Jul-202510.7 KiB196195

policies_sanity_check.pemD04-Jul-20254.9 KiB9493

punycodetest.pemD04-Jul-20254.1 KiB7978

quic-chain.pemD04-Jul-20257.7 KiB148147

quic-ecdsa-leaf.keyD04-Jul-2025138

quic-leaf-cert.keyD04-Jul-20251.2 KiB

quic-leaf-cert.key.pkcs8.pemD04-Jul-20251.7 KiB2928

quic-leaf-cert.key.sctD04-Jul-202533

quic-root.pemD04-Jul-20251 KiB1918

quic-short-lived.pemD04-Jul-20251.9 KiB4342

redundant-server-chain.pemD04-Jul-202517.7 KiB334332

redundant-validated-chain-root.pemD04-Jul-20254 KiB7675

redundant-validated-chain.pemD04-Jul-202513.8 KiB260258

root_ca_cert.pemD04-Jul-20255.9 KiB109108

rsa-1024-1.keyD04-Jul-2025920 1716

rsa-1024-2.keyD04-Jul-2025916 1716

rsa-1024-3.keyD04-Jul-2025916 1716

rsa-2048-1.keyD04-Jul-20251.7 KiB2928

rsa-2048-2.keyD04-Jul-20251.7 KiB2928

rsa-2048-3.keyD04-Jul-20251.7 KiB2928

rsa-768-1.keyD04-Jul-2025721 1413

rsa-768-2.keyD04-Jul-2025721 1413

rsa-768-3.keyD04-Jul-2025717 1413

rsa-8200-1.keyD04-Jul-20256.2 KiB101100

salesforce_com_test.pemD04-Jul-20254.3 KiB8278

self-signed-invalid-name.pemD04-Jul-20253.8 KiB7069

self-signed-invalid-sig.pemD04-Jul-20253.8 KiB7069

sha1_2016.pemD04-Jul-20254.6 KiB8685

sha1_leaf.pemD04-Jul-20256.2 KiB114113

spdy_pooling.pemD04-Jul-20254.3 KiB8079

subjectAltName_sanity_check.pemD04-Jul-20254.5 KiB8382

subjectAltName_www_example_com.pemD04-Jul-20254.3 KiB8180

test_names.pemD04-Jul-20256.4 KiB115114

unescaped.pemD04-Jul-20253.4 KiB6361

unittest.key.binD04-Jul-2025635

unittest.selfsigned.derD04-Jul-2025414

verisign_intermediate_ca_2011.pemD04-Jul-20253.7 KiB7269

verisign_intermediate_ca_2016.pemD04-Jul-20253.7 KiB7269

weak_digest_md2_ee.pemD04-Jul-20253.1 KiB6260

weak_digest_md2_intermediate.pemD04-Jul-20252.8 KiB5856

weak_digest_md2_root.pemD04-Jul-2025778 1514

weak_digest_md4_ee.pemD04-Jul-20253.1 KiB6260

weak_digest_md4_intermediate.pemD04-Jul-20252.8 KiB5856

weak_digest_md4_root.pemD04-Jul-2025778 1514

weak_digest_md5_ee.pemD04-Jul-20253.1 KiB6260

weak_digest_md5_intermediate.pemD04-Jul-20252.8 KiB5856

weak_digest_md5_root.pemD04-Jul-2025778 1514

weak_digest_sha1_ee.pemD04-Jul-20253.1 KiB6260

weak_digest_sha1_intermediate.pemD04-Jul-20252.8 KiB5856

weak_digest_sha1_root.pemD04-Jul-2025778 1514

websocket_cacert.pemD04-Jul-20253.1 KiB6260

websocket_client_cert.p12D04-Jul-20252.5 KiB

wildcard.pemD04-Jul-20256.3 KiB114113

x509_verify_results.chain.pemD04-Jul-202513.3 KiB248247

README

1This directory contains various certificates for use with SSL-related
2unit tests.
3
4===== Real-world certificates that need manual updating
5- google.binary.p7b
6- google.chain.pem
7- google.pem_cert.p7b
8- google.pem_pkcs7.p7b
9- google.pkcs7.p7b
10- google.single.der
11- google.single.pem : Certificates for testing parsing of different formats.
12
13- mit.davidben.der : An expired MIT client certificate.
14
15- foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity
16     created for testing.
17
18- google_diginotar.pem
19- diginotar_public_ca_2025.pem : A certificate chain for the regression test
20      of http://crbug.com/94673
21
22- salesforce_com_test.pem
23- verisign_intermediate_ca_2011.pem
24- verisign_intermediate_ca_2016.pem : Certificates for testing two
25     X509Certificate objects that contain the same server certificate but
26     different intermediate CA certificates.  The two intermediate CA
27     certificates actually represent the same intermediate CA but have
28     different validity periods.
29
30- ndn.ca.crt: "New Dream Network Certificate Authority" root certificate.
31     This is an X.509 v1 certificate that omits the version field. Used to
32     test that the certificate version gets the default value v1.
33
34- ct-test-embedded-cert.pem
35- ct-test-embedded-with-intermediate-chain.pem
36- ct-test-embedded-with-intermediate-preca-chain.pem
37- ct-test-embedded-with-preca-chain.pem
38     Test certificate chains for Certificate Transparency: Each of these
39     files contains a leaf certificate as the first certificate, which has
40     embedded SCTs, followed by the issuer certificates chain.
41     All files are from the src/test/testdada directory in
42     https://code.google.com/p/certificate-transparency/
43
44- leaf_from_known_root.pem : A certificate issued by a public trust anchor,
45     used for CertVerifyProcInternalTest.TestKnownRoot. Using for other
46     purposes is not recommended. This needs to be updated periodically so the
47     server name the cert is valid for may change.
48
49- lets-encrypt-dst-x3-root.pem: A chain that ends in the Lets encrypt DST X3
50  root (https://crt.sh/?id=8395). Has the same leaf as
51  lets-encrypt-isrg-x1-root.pem.
52- lets-encrypt-isrg-x1-root.pem: A chain that ends in the Lets encrypt ISRG X1
53  root (https://crt.sh/?id=9314791). Has the same leaf as
54  lets-encrypt-dst-x3-root.pem.
55
56===== Manually generated certificates
57- client.p12 : A PKCS #12 file containing a client certificate and a private
58     RSA key created for testing.  The password is "12345".
59
60- client-nokey.p12 : A PKCS #12 file containing a client certificate (the same
61     as the one in client.p12) but no private key. The password is "12345".
62
63- client-empty-password.p12 : A PKCS #12 file containing an unencrypted client
64     certificate and a encrypted private key.  The password is the empty string,
65     encoded as two zero bytes.  (PKCS#12 passwords are encoded as
66     NUL-terminated UTF-16.)
67
68- client-null-password.p12 : A PKCS #12 file containing an unencrypted client
69     certificate and a encrypted private key.  The password is the empty string,
70     encoded as the empty byte string.
71
72- client_with_ec_key.p12 : A PKCS #12 file containing a client certificate and
73     a private EC key created for testing.  The password is "123456".
74
75- unittest.selfsigned.der : A self-signed certificate generated using private
76     key in unittest.key.bin. The common name is "unittest".
77
78- unittest.key.bin : private key stored unencrypted.
79
80- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
81     certificate with all of the AttributeTypeAndValues stored within a single
82     RelativeDistinguishedName, rather than one AVA per RDN as normally seen.
83
84- unescaped.pem : Regression test for http://crbug.com/102839. Contains
85     characters such as '=' and '"' that would normally be escaped when
86     converting a subject/issuer name to their stringized form.
87
88- websocket_cacert.pem : The testing root CA for testing WebSocket client
89     certificate authentication.
90     This file is used in SSLUITest.TestWSSClientCert.
91
92- websocket_client_cert.p12 : A PKCS #12 file containing a client certificate
93     and a private key created for WebSocket testing. The password is "".
94     This file is used in SSLUITest.TestWSSClientCert.
95
96- no_subject_common_name_cert.pem: Used to test the function that generates a
97  NSS certificate nickname for a user certificate. This certificate's Subject
98  field doesn't have a common name.
99
100- ct-test-embedded-with-uids.pem: A certificate with embedded SCT and
101  issuer/subject unique IDs. This certificate should only be used in parsing
102  tests and otherwise kept fixed. The signature, etc., are intentionally
103  invalid.
104
105- name_constrained_key.pem
106  The private key matching the public_key_hash of the kDomainsTest constraint
107  in CertVerifyProc::HasNameConstraintsViolation.
108
109===== From net/data/ssl/scripts/generate-quic-chain.sh
110- quic-chain.pem
111- quic-leaf-cert.key
112- quic-leaf-cert.key.pkcs8.pem
113- quic-root.pem
114     These certificates are used by integration tests that use QUIC.
115
116- quic-leaf-cert.key.sct
117     This isn't generated and just contains a simple text file (the contents
118     don't actually matter, just the presence of the file).
119
120===== From net/data/ssl/scripts/generate-test-certs.sh
121- expired_cert.pem
122- ok_cert.pem
123- root_ca_cert.pem
124    These certificates are the common certificates used by the Python test
125    server for simulating HTTPS connections.
126
127- intermediate_ca_cert.pem
128- ok_cert_by_intermediate.pem
129    These certificates simulate a more common chain of root (root_ca_cert.pem)
130    to intermediate (intermediate_ca_cert.pem) to leaf
131    (ok_cert_by_intermediate.pem).
132
133- wildcard_.pem
134    A certificate and private key valid for *.example.org, used in various
135    net unit tests.
136
137- test_names.pem
138    A certificate and private key valid for a number of test names. See
139    [test_names] in ee.cnf. Other names may be added as needed.
140
141- bad_validity.pem
142    A certificate and private key only valid on 0001-01-01. Windows refuses to
143    parse this certificate.
144
145- spdy_pooling.pem : Used to test the handling of spdy IP connection pooling
146
147- subjectAltName_sanity_check.pem : Used to test the handling of various types
148     within the subjectAltName extension of a certificate.
149
150- policies_sanity_check.pem : Used to test the parsing of various types of
151     certificatePolicies extension policyQualifiers.
152
153- punycodetest.pem : A test self-signed server certificate with punycode name.
154     The common name is "xn--wgv71a119e.com" (日本語.com)
155
156- sha1_2016.pem
157    Used to test the handling of SHA1 certificates expiring in 2016.
158
159- may_2018.pem
160   An 825-day certificate issued on May 1, 2018, the official start of
161   enforcement requiring Certificate Transparency for new certificates. This
162   certificate does not have any embedded SCTs.
163
164- x509_verify_results.chain.pem : A simple certificate chain used to test that
165    the correctly ordered, filtered certificate chain is returned during
166    verification, regardless of the order in which the intermediate/root CA
167    certificates are provided.
168
169- ev_test.pem
170- ev_test_state_only.pem
171     Certificates for testing EV display (including regression test for
172     https://crbug.com/1069113).
173
174===== From net/data/ssl/scripts/generate-test-keys.sh
175- rsa-{768,1024,2048}-{1..3}.key
176- ec-prime256v1-{1..3}.key
177     Pre-generated keys of various types/sizes.
178     Useful for tests that generate RSA certificates with CertBuilder without
179     having to pay the cost of generating RSA keys at runtime. Multiple keys
180     of each size are provided. (EC keys are cheap to generate at runtime, but
181     having some as files simplifies test logic in cases where the test is
182     reading both RSA and EC keys from files.)
183
184===== From net/data/ssl/scripts/generate-redundant-test-chains.sh
185- redundant-validated-chain.pem
186- redundant-server-chain.pem
187- redundant-validated-chain-root.pem
188
189     Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same
190     public key) to test that SSLInfo gets the reconstructed, re-ordered
191     chain instead of the chain as served. See
192     SSLClientSocketTest.VerifyReturnChainProperlyOrdered in
193     net/socket/ssl_client_socket_unittest.cc. These chains are valid until
194     26 Feb 2022 and are generated by
195     net/data/ssl/scripts/generate-redundant-test-chains.sh.
196
197===== From net/data/ssl/scripts/generate-client-certificates.sh
198- client_1.pem
199- client_1.key
200- client_1.pk8
201- client_1_ca.pem
202- client_2.pem
203- client_2.key
204- client_2.pk8
205- client_2_ca.pem
206- client_3.pem
207- client_3.key
208- client_3.pk8
209- client_3_ca.pem
210- client_4.pem
211- client_4.key
212- client_4.pk8
213- client_4_ca.pem
214- client_5.pem
215- client_5.key
216- client_5.pk8
217- client_5_ca.pem
218- client_6.pem
219- client_6.key
220- client_6.pk8
221- client_6_ca.pem
222- client_1_u16_password.p12
223- client_root_ca.pem
224     This is a set of files used to unit test SSL client certificate
225     authentication.
226     - client_1_ca.pem and client_2_ca.pem are the certificates of
227       two distinct signing CAs.
228     - client_1.pem and client_1.key correspond to the certificate and
229       private key for a first certificate signed by client_1_ca.pem.
230     - client_2.pem and client_2.key correspond to the certificate and
231       private key for a second certificate signed by client_2_ca.pem.
232     - each .pk8 file contains the same key as the corresponding .key file
233       as PKCS#8 PrivateKeyInfo in DER encoding.
234     - client_3.pem is nearly identical to client_2.pem, except it is used
235       to test wifi EAP-TLS authentication so it uses a different set
236       of X509v3 extensions.  Specifically it includes two Subject
237       Alternative Name fields recognized by Chrome OS.
238     - client_4.pem is similar to client_2.pem but is a P-256 ECDSA key rather
239       than RSA.
240     - client_5.pem is similar to client_2.pem but is a P-384 ECDSA key rather
241       than RSA.
242     - client_6.pem is similar to client_2.pem but is a P-521 ECDSA key rather
243       than RSA.
244     - client_root_ca.pem is the CA certificate which signed client_*_ca.pem.
245     - client_1_u16_password.p12 contains the client_1.key and client_1.pem key
246       and certificate, but is encoded as a PKCS#12 file and has a password with
247       UTF-16 symbols ("Hello, 世界").
248
249===== From net/data/ssl/scripts/generate-bad-eku-certs.sh
250- eku-test-root.pem
251- non-crit-codeSigning-chain.pem
252- crit-codeSigning-chain.pem
253     Two code-signing certificates (eKU: codeSigning; eKU: critical,
254     codeSigning) which we use to test that clients are making sure that web
255     server certs are checked for correct eKU fields (when an eKU field is
256     present). Since codeSigning is not valid for web server auth, the checks
257     should fail.
258
259===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh
260- multi-root-chain1.pem
261- multi-root-chain2.pem
262     Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the
263     same public key) to test that certificate validation caching does not
264     interfere with the chain_verify_callback used by CertVerifyProcChromeOS.
265     See CertVerifyProcChromeOSTest.
266
267===== From net/data/ssl/scripts/generate-multi-root-keychain.sh
268- multi-root.keychain: An OSX Keychain containing the generated
269  certificates multi-root-*-by-*.pem
270
271===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh
272- duplicate_cn_1.p12
273- duplicate_cn_1.pem
274- duplicate_cn_2.p12
275- duplicate_cn_2.pem
276     Two certificates from the same issuer that share the same common name,
277     but have distinct subject names (namely, their O fields differ). NSS
278     requires that certificates have unique nicknames if they do not share the
279     same subject, and these certificates are used to test that the nickname
280     generation algorithm generates unique nicknames.
281     The .pem versions contain just the certs, while the .p12 versions contain
282     both the cert and a private key, since there are multiple ways to import
283     certificates into NSS.
284
285===== From net/data/ssl/scripts/generate-self-signed-certs.sh
286- self-signed-invalid-name.pem
287- self-signed-invalid-sig.pem
288     Two "self-signed" certificates with mismatched names or an invalid
289     signature, respectively.
290
291===== From net/data/ssl/scripts/generate-key-usage-certs.sh
292- key_usage_rsa_no_extension.pem
293- key_usage_rsa_keyencipherment.pem
294- key_usage_rsa_digitalsignature.pem
295- key_usage_rsa_both.pem
296     Self-signed RSA certificates with various combinations of keyUsage
297     flags. Their private key is key_usage_rsa.key.
298
299- key_usage_p256_no_extension.pem
300- key_usage_p256_keyagreement.pem
301- key_usage_p256_digitalsignature.pem
302- key_usage_p256_both.pem
303     Self-signed P-256 certificates with various combinations of keyUsage
304     flags. Their private key is key_usage_p256.key.
305
306===== From net/data/ssl/scripts/generate_2_client_certs_1_key.sh
307- 2_client_certs_1_key.p12
308     Key pair and two client certificates for it in a single .p12 file.
309