• Home
Name Date Size #Lines LOC

..--

1024-rsa-ee-by-1024-rsa-intermediate.pemD03-May-20242.5 KiB5150

1024-rsa-ee-by-2048-rsa-intermediate.pemD03-May-20243.1 KiB6059

1024-rsa-ee-by-768-rsa-intermediate.pemD03-May-20242.3 KiB4847

1024-rsa-ee-by-prime256v1-ecdsa-intermediate.pemD03-May-20242.2 KiB4544

1024-rsa-ee-by-secp256k1-ecdsa-intermediate.pemD03-May-20242.2 KiB4544

1024-rsa-intermediate.pemD03-May-20243.2 KiB6463

2029_globalsign_com_cert.pemD03-May-20241.9 KiB3231

2048-rsa-ee-by-1024-rsa-intermediate.pemD03-May-20243.2 KiB6261

2048-rsa-ee-by-2048-rsa-intermediate.pemD03-May-20243.8 KiB7271

2048-rsa-ee-by-768-rsa-intermediate.pemD03-May-20243 KiB6059

2048-rsa-ee-by-prime256v1-ecdsa-intermediate.pemD03-May-20242.9 KiB5756

2048-rsa-ee-by-secp256k1-ecdsa-intermediate.pemD03-May-20242.9 KiB5756

2048-rsa-intermediate.pemD03-May-20244 KiB7675

2048-rsa-root.pemD03-May-20241,009 1817

768-rsa-ee-by-1024-rsa-intermediate.pemD03-May-20242.3 KiB4847

768-rsa-ee-by-2048-rsa-intermediate.pemD03-May-20242.9 KiB5756

768-rsa-ee-by-768-rsa-intermediate.pemD03-May-20242.1 KiB4544

768-rsa-ee-by-prime256v1-ecdsa-intermediate.pemD03-May-20242 KiB4342

768-rsa-ee-by-secp256k1-ecdsa-intermediate.pemD03-May-20242 KiB4342

768-rsa-intermediate.pemD03-May-20243 KiB6160

READMED03-May-202410.2 KiB238197

aia-cert.pemD03-May-20244 KiB7775

aia-intermediate.derD03-May-2024737

aia-root.pemD03-May-20243.8 KiB7372

android-test-key-dsa-public.pemD03-May-20241.2 KiB2120

android-test-key-dsa.pemD03-May-20241.2 KiB2120

android-test-key-ecdsa-public.pemD03-May-2024178 54

android-test-key-ecdsa.pemD03-May-2024302 98

android-test-key-rsa.pemD03-May-20241.6 KiB2827

client-nokey.p12D03-May-2024895

client.p12D03-May-20241.7 KiB

client_1.keyD03-May-20241.6 KiB2827

client_1.pemD03-May-20243.8 KiB7372

client_1_ca.pemD03-May-20243.7 KiB7271

client_2.keyD03-May-20241.6 KiB2827

client_2.pemD03-May-20243.8 KiB7372

client_2_ca.pemD03-May-20243.7 KiB7271

comodo.chain.pemD03-May-202417.1 KiB318302

crit-codeSigning-chain.pemD03-May-20245.8 KiB106105

cross-signed-leaf.pemD03-May-20244.4 KiB8381

cross-signed-root-md5.pemD03-May-20244 KiB7675

cross-signed-root-sha1.pemD03-May-20244 KiB7675

ct-test-embedded-cert.pemD03-May-20246.5 KiB127124

ct-test-embedded-with-intermediate-chain.pemD03-May-20249.6 KiB189185

ct-test-embedded-with-intermediate-preca-chain.pemD03-May-20249.6 KiB189185

ct-test-embedded-with-preca-chain.pemD03-May-20246.5 KiB128125

cybertrust_baltimore_cross_certified_1.pemD03-May-20244.3 KiB8379

cybertrust_baltimore_cross_certified_2.pemD03-May-20244.5 KiB8682

cybertrust_baltimore_root.pemD03-May-20244.2 KiB7877

cybertrust_gte_root.pemD03-May-20242.5 KiB4948

cybertrust_omniroot_chain.pemD03-May-20242.9 KiB4948

diginotar_cyber_ca.pemD03-May-20241.9 KiB3331

diginotar_pkioverheid.pemD03-May-20241.6 KiB2927

diginotar_pkioverheid_g2.pemD03-May-20242.3 KiB3938

diginotar_public_ca_2025.pemD03-May-20242.1 KiB3635

diginotar_root_ca.pemD03-May-20241.9 KiB3332

diginotar_services_1024_ca.pemD03-May-20241.3 KiB2423

dod_ca_13_cert.derD03-May-20241.1 KiB

dod_ca_17_cert.derD03-May-20241 KiB

dod_root_ca_2_cert.derD03-May-2024884

duplicate_cn_1.p12D03-May-20240

duplicate_cn_1.pemD03-May-20244.1 KiB7977

duplicate_cn_2.p12D03-May-20240

duplicate_cn_2.pemD03-May-20244.1 KiB7977

eku-test-root.pemD03-May-20243.6 KiB6766

empty_subject_cert.derD03-May-2024418

expired_cert.pemD03-May-20246 KiB111109

explicit-policy-chain.pemD03-May-202411.8 KiB229226

foaf.me.chromium-test-cert.derD03-May-2024990

globalsign_ev_sha256_ca_cert.pemD03-May-20241.5 KiB2625

google.binary.p7bD03-May-20241.6 KiB

google.chain.pemD03-May-20242.2 KiB3838

google.pem_cert.p7bD03-May-20242.3 KiB3837

google.pem_pkcs7.p7bD03-May-20242.2 KiB3837

google.single.derD03-May-2024805

google.single.pemD03-May-20241.1 KiB1919

google_diginotar.pemD03-May-20241.8 KiB3130

googlenew.chain.pemD03-May-20242.2 KiB3938

invalid_key_usage_cert.derD03-May-2024940

mit.davidben.derD03-May-2024965

multivalue_rdn.pemD03-May-20243 KiB6058

name_constraint_bad.crtD03-May-20245.9 KiB110107

name_constraint_ok.crtD03-May-20245.9 KiB110107

ndn.ca.crtD03-May-20242.1 KiB3635

nist.derD03-May-20241.3 KiB

no_subject_common_name_cert.pemD03-May-20245.7 KiB110104

non-crit-codeSigning-chain.pemD03-May-20245.8 KiB106105

ocsp-test-root.pemD03-May-20242.4 KiB5250

ok_cert.pemD03-May-20246 KiB111109

prime256v1-ecdsa-ee-by-1024-rsa-intermediate.pemD03-May-20242.1 KiB4544

prime256v1-ecdsa-ee-by-2048-rsa-intermediate.pemD03-May-20242.7 KiB5554

prime256v1-ecdsa-ee-by-768-rsa-intermediate.pemD03-May-20241.9 KiB4241

prime256v1-ecdsa-ee-by-prime256v1-ecdsa-intermediate.pemD03-May-20241.8 KiB4039

prime256v1-ecdsa-intermediate.pemD03-May-20242.8 KiB5958

punycodetest.derD03-May-20241.4 KiB

quic_intermediate.crtD03-May-20243.9 KiB7675

quic_intermediate.keyD03-May-20241.6 KiB2827

quic_root.crtD03-May-20243.9 KiB7574

quic_root.keyD03-May-20241.6 KiB2827

quic_test.example.com.crtD03-May-20244 KiB7877

quic_test.example.com.keyD03-May-20241.6 KiB2827

quic_test_ecc.example.com.crtD03-May-20242.9 KiB6160

quic_test_ecc.example.com.keyD03-May-2024227 65

redundant-server-chain.pemD03-May-202414.5 KiB272270

redundant-validated-chain-root.pemD03-May-2024964 1716

redundant-validated-chain.pemD03-May-202410.7 KiB197195

root_ca_cert.pemD03-May-20245.6 KiB103101

salesforce_com_test.pemD03-May-20244.3 KiB8278

satveda.pemD03-May-202411 KiB208197

spdy_pooling.pemD03-May-20242.7 KiB5453

subjectAltName_sanity_check.pemD03-May-20243 KiB5655

test_mail_google_com.pemD03-May-20241.5 KiB2726

thawte.single.pemD03-May-20241.1 KiB1919

unescaped.pemD03-May-20243.4 KiB6361

unittest.key.binD03-May-2024635

unittest.originbound.derD03-May-2024488

unittest.originbound.key.derD03-May-2024633

unittest.selfsigned.derD03-May-2024414

verisign_intermediate_ca_2011.pemD03-May-20243.7 KiB7269

verisign_intermediate_ca_2016.pemD03-May-20243.7 KiB7269

weak_digest_md2_ee.pemD03-May-20243.1 KiB6260

weak_digest_md2_intermediate.pemD03-May-20242.8 KiB5856

weak_digest_md2_root.pemD03-May-2024778 1514

weak_digest_md4_ee.pemD03-May-20243.1 KiB6260

weak_digest_md4_intermediate.pemD03-May-20242.8 KiB5856

weak_digest_md4_root.pemD03-May-2024778 1514

weak_digest_md5_ee.pemD03-May-20243.1 KiB6260

weak_digest_md5_intermediate.pemD03-May-20242.8 KiB5856

weak_digest_md5_root.pemD03-May-2024778 1514

weak_digest_sha1_ee.pemD03-May-20243.1 KiB6260

weak_digest_sha1_intermediate.pemD03-May-20242.8 KiB5856

weak_digest_sha1_root.pemD03-May-2024778 1514

websocket_cacert.pemD03-May-20243.1 KiB6260

websocket_client_cert.p12D03-May-20242.5 KiB

www_us_army_mil_cert.derD03-May-20241.2 KiB

x509_verify_results.chain.pemD03-May-20242.9 KiB5150

README

1This directory contains various certificates for use with SSL-related
2unit tests.
3
4- google.binary.p7b
5- google.chain.pem
6- google.pem_cert.p7b
7- google.pem_pkcs7.p7b
8- google.pkcs7.p7b
9- google.single.der
10- google.single.pem
11- thawte.single.pem : Certificates for testing parsing of different formats.
12
13- googlenew.chain.pem : The refreshed Google certificate
14     (valid until Sept 30 2013).
15
16- mit.davidben.der : An expired MIT client certificate.
17
18- foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity
19     created for testing.
20
21- www_us_army_mil_cert.der
22- dod_ca_17_cert.der
23- dod_root_ca_2_cert.der :
24     A certificate chain used for testing certificate imports
25
26- unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing.
27
28- client.p12 : A PKCS #12 file containing a client certificate and a private
29     key created for testing.  The password is "12345".
30
31- client-nokey.p12 : A PKCS #12 file containing a client certificate (the same
32     as the one in client.p12) but no private key. The password is "12345".
33
34- punycodetest.der : A test self-signed server certificate with punycode name.
35     The common name is "xn--wgv71a119e.com" (日本語.com)
36
37- unittest.selfsigned.der : A self-signed certificate generated using private
38     key in unittest.key.bin. The common name is "unittest".
39
40- unittest.key.bin : private key stored unencrypted.
41
42- unittest.originbound.der: A test origin-bound certificate for
43     https://www.google.com:443.
44- unittest.originbound.key.der: matching PrivateKeyInfo.
45
46- x509_verify_results.chain.pem : A simple certificate chain used to test that
47    the correctly ordered, filtered certificate chain is returned during
48    verification, regardless of the order in which the intermediate/root CA
49    certificates are provided.
50
51- google_diginotar.pem
52- diginotar_public_ca_2025.pem : A certificate chain for the regression test
53      of http://crbug.com/94673
54
55- test_mail_google_com.pem : A certificate signed by the test CA for
56    "mail.google.com". Because it is signed by that CA instead of the true CA
57    for that host, it will fail the
58    TransportSecurityState::IsChainOfPublicKeysPermitted test.
59
60- salesforce_com_test.pem
61- verisign_intermediate_ca_2011.pem
62- verisign_intermediate_ca_2016.pem : Certificates for testing two
63     X509Certificate objects that contain the same server certificate but
64     different intermediate CA certificates.  The two intermediate CA
65     certificates actually represent the same intermediate CA but have
66     different validity periods.
67
68- multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
69     certificate with all of the AttributeTypeAndValues stored within a single
70     RelativeDistinguishedName, rather than one AVA per RDN as normally seen.
71
72- unescaped.pem : Regression test for http://crbug.com/102839. Contains
73     characters such as '=' and '"' that would normally be escaped when
74     converting a subject/issuer name to their stringized form.
75
76- 2048-rsa-root.pem
77- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
78- {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by-
79      {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
80     These certficates are generated by
81     net/data/ssl/scripts/generate-weak-test-chains.sh and used in the
82     RejectWeakKeys test in net/base/x509_certificate_unittest.cc.
83
84- cross-signed-leaf.pem
85- cross-signed-root-md5.pem
86- cross-signed-root-sha1.pem
87     A certificate chain for regression testing http://crbug.com/108514,
88     generated via scripts/generate-cross-signed-certs.sh
89
90- redundant-validated-chain.pem
91- redundant-server-chain.pem
92- redundant-validated-chain-root.pem
93
94     Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same
95     public key) to test that SSLInfo gets the reconstructed, re-ordered
96     chain instead of the chain as served. See
97     SSLClientSocketTest.VerifyReturnChainProperlyOrdered in
98     net/socket/ssl_client_socket_unittest.cc. These chains are valid until
99     26 Feb 2022 and are generated by
100     net/data/ssl/scripts/generate-redundant-test-chains.sh.
101
102- comodo.chain.pem : A certificate chain for www.comodo.com which should be
103     recognised as EV. Expires Jun 21 2013.
104
105- ocsp-test-root.pem : A root certificate for the code in
106      net/tools/testserver/minica.py
107
108- spdy_pooling.pem : Used to test the handling of spdy IP connection pooling
109     Generated by using the command
110     "openssl req -x509 -days 3650 -sha1 -extensions req_spdy_pooling \
111          -config ../scripts/ee.cnf -newkey rsa:1024 -text \
112          -out spdy_pooling.pem"
113
114- subjectAltName_sanity_check.pem : Used to test the handling of various types
115     within the subjectAltName extension of a certificate. Generated by using
116     the command
117     "openssl req -x509 -days 3650 -sha1 -extensions req_san_sanity \
118          -config ../scripts/ee.cnf -newkey rsa:1024 -text \
119          -out subjectAltName_sanity_check.pem"
120
121- ndn.ca.crt: "New Dream Network Certificate Authority" root certificate.
122     This is an X.509 v1 certificate that omits the version field. Used to
123     test that the certificate version gets the default value v1.
124
125- websocket_cacert.pem : The testing root CA for testing WebSocket client
126     certificate authentication.
127     This file is used in SSLUITest.TestWSSClientCert.
128
129- websocket_client_cert.p12 : A PKCS #12 file containing a client certificate
130     and a private key created for WebSocket testing. The password is "".
131     This file is used in SSLUITest.TestWSSClientCert.
132
133- android-test-key-rsa.pem
134- android-test-key-dsa.pem
135- android-test-key-dsa-public.pem
136- android-test-key-ecdsa.pem
137- android-test-key-ecdsa-public.pem
138     This is a set of test RSA/DSA/ECDSA keys used by the Android-specific
139     unit test in net/android/keystore_unittest.c. They are used to verify
140     that the OpenSSL-specific wrapper for platform PrivateKey objects
141     works properly. See the generate-android-test-keys.sh script.
142
143- client_1.pem
144- client_1.key
145- client_1_ca.pem
146- client_2.pem
147- client_2.key
148- client_2_ca.pem
149     This is a set of files used to unit test SSL client certificate
150     authentication. These are generated by
151     net/data/ssl/scripts/generate-client-certificates.sh
152     - client_1_ca.pem and client_2_ca.pem are the certificates of
153       two distinct signing CAs.
154     - client_1.pem and client_1.key correspond to the certificate and
155       private key for a first certificate signed by client_1_ca.pem.
156     - client_2.pem and client_2.key correspond to the certificate and
157       private key for a second certificate signed by client_2_ca.pem.
158
159- eku-test-root.pem
160- non-crit-codeSigning-chain.pem
161- crit-codeSigning-chain.pem
162     Two code-signing certificates (eKU: codeSigning; eKU: critical,
163     codeSigning) which we use to test that clients are making sure that web
164     server certs are checked for correct eKU fields (when an eKU field is
165     present). Since codeSigning is not valid for web server auth, the checks
166     should fail.
167
168- duplicate_cn_1.p12
169- duplicate_cn_1.pem
170- duplicate_cn_2.p12
171- duplicate_cn_2.pem
172     Two certificates from the same issuer that share the same common name,
173     but have distinct subject names (namely, their O fields differ). NSS
174     requires that certificates have unique nicknames if they do not share the
175     same subject, and these certificates are used to test that the nickname
176     generation algorithm generates unique nicknames.
177     The .pem versions contain just the certs, while the .p12 versions contain
178     both the cert and a private key, since there are multiple ways to import
179     certificates into NSS.
180
181- aia-cert.pem
182- aia-intermediate.der
183- aia-root.pem
184     A certificate chain which we use to ensure AIA fetching works correctly
185     when using NSS to verify certificates (which uses our HTTP stack).
186     aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL
187     containing the intermediate, which can be served via a URLRequestFilter.
188     aia-intermediate.der is stored in DER form for convenience, since that is
189     the form expected of certificates discovered via AIA.
190
191- cybertrust_gte_root.pem
192- cybertrust_baltimore_root.pem
193- cybertrust_omniroot_chain.pem
194- cybertrust_baltimore_cross_certified_1.pem
195- cybertrust_baltimore_cross_certified_2.pem
196     These certificates are reflect a portion of the CyberTrust (Verizon
197     Business) CA hierarchy. _gte_root.pem is a legacy 1024-bit root that is
198     still widely supported, while _baltimore_root.pem reflects the newer
199     2048-bit root. For clients that only support the GTE root, two versions
200     of the Baltimore root were cross-signed by GTE, namely
201     _cross_certified_[1,2].pem. _omniroot_chain.pem contains a certificate
202     chain that was issued under the Baltimore root. Combined, these
203     certificates can be used to test real-world cross-signing; in practice,
204     they are used to test certain workarounds for OS X's chain building code.
205
206- no_subject_common_name_cert.pem: Used to test the function that generates a
207  NSS certificate nickname for a user certificate. This certificate's Subject
208  field doesn't have a common name.
209
210- expired_cert.pem
211- ok_cert.pem
212- root_ca_cert.pem
213     These certificates are the common certificates used by the Python test
214     server for simulating HTTPS connections. They are generated by running
215     the script net/data/ssl/scripts/generate-test-certs.sh.
216
217- quic_intermediate.crt
218- quic_test_ecc.example.com.crt
219- quic_test.example.com.crt
220- quic_root.crt
221     These certificates are used by the ProofVerifier's unit tests of QUIC.
222
223- explicit-policy-chain.pem
224     A test certificate chain with requireExplicitPolicy field set on the
225     intermediate, with SkipCerts=0. This is used for regression testing
226     http://crbug.com/31497. It is generated by running the script
227     net/data/ssl/scripts/generate-policy-certs.sh
228
229- ct-test-embedded-cert.pem
230- ct-test-embedded-with-intermediate-chain.pem
231- ct-test-embedded-with-intermediate-preca-chain.pem
232- ct-test-embedded-with-preca-chain.pem
233     Test certificate chains for Certificate Transparency: Each of these
234     files contains a leaf certificate as the first certificate, which has
235     embedded SCTs, followed by the issuer certificates chain.
236     All files are from the src/test/testdada directory in
237     https://code.google.com/p/certificate-transparency/
238