| This directory contains various certificates for use with SSL-related |
| unit tests. |
| |
| - google.binary.p7b |
| - google.chain.pem |
| - google.pem_cert.p7b |
| - google.pem_pkcs7.p7b |
| - google.pkcs7.p7b |
| - google.single.der |
| - google.single.pem |
| - thawte.single.pem : Certificates for testing parsing of different formats. |
| |
| - googlenew.chain.pem : The refreshed Google certificate |
| (valid until Sept 30 2013). |
| |
| - mit.davidben.der : An expired MIT client certificate. |
| |
| - foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity |
| created for testing. |
| |
| - www_us_army_mil_cert.der |
| - dod_ca_17_cert.der |
| - dod_root_ca_2_cert.der : A certificate chain for regression tests of |
| http://crbug.com/31497. |
| |
| - expired_cert.pem : An expired certificate, used by test_server.cc. |
| |
| - ok_cert.pem : A valid certificate, used by test_server.cc |
| |
| - root_ca_cert.crt : The testing root CA used to sign the test_server.cc's |
| certificates. |
| |
| - unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing. |
| |
| - client.p12 : A PKCS #12 file containing a client certificate and a private |
| key created for testing. The password is "12345". |
| |
| - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same |
| as the one in client.p12) but no private key. The password is "12345". |
| |
| - punycodetest.der : A test self-signed server certificate with punycode name. |
| The common name is "xn--wgv71a119e.com" (日本語.com) |
| |
| - unittest.selfsigned.der : A self-signed certificate generated using private |
| key in unittest.key.bin. The common name is "unittest". |
| |
| - unittest.key.bin : private key stored unencrypted. |
| |
| - unittest.originbound.der: A test origin-bound certificate for |
| https://www.google.com:443. |
| - unittest.originbound.key.der: matching PrivateKeyInfo. |
| |
| - x509_verify_results.chain.pem : A simple certificate chain used to test that |
| the correctly ordered, filtered certificate chain is returned during |
| verification, regardless of the order in which the intermediate/root CA |
| certificates are provided. |
| |
| - google_diginotar.pem |
| - diginotar_public_ca_2025.pem : A certificate chain for the regression test |
| of http://crbug.com/94673 |
| |
| - test_mail_google_com.pem : A certificate signed by the test CA for |
| "mail.google.com". Because it is signed by that CA instead of the true CA |
| for that host, it will fail the |
| TransportSecurityState::IsChainOfPublicKeysPermitted test. |
| |
| - salesforce_com_test.pem |
| - verisign_intermediate_ca_2011.pem |
| - verisign_intermediate_ca_2016.pem : Certificates for testing two |
| X509Certificate objects that contain the same server certificate but |
| different intermediate CA certificates. The two intermediate CA |
| certificates actually represent the same intermediate CA but have |
| different validity periods. |
| |
| - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A |
| certificate with all of the AttributeTypeAndValues stored within a single |
| RelativeDistinguishedName, rather than one AVA per RDN as normally seen. |
| |
| - unescaped.pem : Regression test for http://crbug.com/102839. Contains |
| characters such as '=' and '"' that would normally be escaped when |
| converting a subject/issuer name to their stringized form. |
| |
| - 2048-rsa-root.pem |
| - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
| - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- |
| {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
| These certficates are generated by |
| net/data/ssl/scripts/generate-weak-test-chains.sh and used in the |
| RejectWeakKeys test in net/base/x509_certificate_unittest.cc. |
| |
| - images_etrade_wallst_com.pem |
| - globalsign_orgv1_ca.pem |
| - globalsign_root_ca_md5.pem : A certificate chain for the regression test |
| of http://crbug.com/108514 |
| |
| - redundant-validated-chain.pem |
| - redundant-server-chain.pem |
| - redundant-validated-chain-root.pem |
| |
| Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same |
| public key) to test that SSLInfo gets the reconstructed, re-ordered |
| chain instead of the chain as served. See |
| SSLClientSocketTest.VerifyReturnChainProperlyOrdered in |
| net/socket/ssl_client_socket_unittest.cc. These chains are valid until |
| 26 Feb 2022 and are generated by |
| net/data/ssl/scripts/generate-redundant-test-chains.sh. |
| |
| - comodo.chain.pem : A certificate chain for www.comodo.com which should be |
| recognised as EV. Expires Jun 21 2013. |
| |
| - ocsp-test-root.pem : A root certificate for the code in |
| net/tools/testserver/minica.py |
| |
| - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling |
| Generated by using the command |
| "openssl req -x509 -days 3650 -sha1 -extensions req_spdy_pooling \ |
| -config ../scripts/ee.cnf -newkey rsa:1024 -text \ |
| -out spdy_pooling.pem" |
| |
| - subjectAltName_sanity_check.pem : Used to test the handling of various types |
| within the subjectAltName extension of a certificate. Generated by using |
| the command |
| "openssl req -x509 -days 3650 -sha1 -extensions req_san_sanity \ |
| -config ../scripts/ee.cnf -newkey rsa:1024 -text \ |
| -out subjectAltName_sanity_check.pem" |
| |
| - ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. |
| This is an X.509 v1 certificate that omits the version field. Used to |
| test that the certificate version gets the default value v1. |
| |
| - websocket_cacert.pem : The testing root CA for testing WebSocket client |
| certificate authentication. |
| This file is used in SSLUITest.TestWSSClientCert. |
| |
| - websocket_client_cert.p12 : A PKCS #12 file containing a client certificate |
| and a private key created for WebSocket testing. The password is "". |
| This file is used in SSLUITest.TestWSSClientCert. |
| |
