OLD | NEW |
1 This directory contains various certificates for use with SSL-related | 1 This directory contains various certificates for use with SSL-related |
2 unit tests. | 2 unit tests. |
3 | 3 |
| 4 ===== Real-world certificates that need manual updating |
4 - google.binary.p7b | 5 - google.binary.p7b |
5 - google.chain.pem | 6 - google.chain.pem |
6 - google.pem_cert.p7b | 7 - google.pem_cert.p7b |
7 - google.pem_pkcs7.p7b | 8 - google.pem_pkcs7.p7b |
8 - google.pkcs7.p7b | 9 - google.pkcs7.p7b |
9 - google.single.der | 10 - google.single.der |
10 - google.single.pem | 11 - google.single.pem |
11 - thawte.single.pem : Certificates for testing parsing of different formats. | 12 - thawte.single.pem : Certificates for testing parsing of different formats. |
12 | 13 |
13 - googlenew.chain.pem : The refreshed Google certificate | 14 - googlenew.chain.pem : The refreshed Google certificate |
14 (valid until Sept 30 2013). | 15 (valid until Sept 30 2013). |
15 | 16 |
16 - mit.davidben.der : An expired MIT client certificate. | 17 - mit.davidben.der : An expired MIT client certificate. |
17 | 18 |
18 - foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity | 19 - foaf.me.chromium-test-cert.der : A client certificate for a FOAF.ME identity |
19 created for testing. | 20 created for testing. |
20 | 21 |
21 - www_us_army_mil_cert.der | 22 - www_us_army_mil_cert.der |
22 - dod_ca_17_cert.der | 23 - dod_ca_17_cert.der |
23 - dod_root_ca_2_cert.der : | 24 - dod_root_ca_2_cert.der : |
24 A certificate chain used for testing certificate imports | 25 A certificate chain used for testing certificate imports |
25 | 26 |
26 - unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing. | 27 - unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing. |
27 | 28 |
| 29 - google_diginotar.pem |
| 30 - diginotar_public_ca_2025.pem : A certificate chain for the regression test |
| 31 of http://crbug.com/94673 |
| 32 |
| 33 - salesforce_com_test.pem |
| 34 - verisign_intermediate_ca_2011.pem |
| 35 - verisign_intermediate_ca_2016.pem : Certificates for testing two |
| 36 X509Certificate objects that contain the same server certificate but |
| 37 different intermediate CA certificates. The two intermediate CA |
| 38 certificates actually represent the same intermediate CA but have |
| 39 different validity periods. |
| 40 |
| 41 - cybertrust_gte_root.pem |
| 42 - cybertrust_baltimore_root.pem |
| 43 - cybertrust_omniroot_chain.pem |
| 44 - cybertrust_baltimore_cross_certified_1.pem |
| 45 - cybertrust_baltimore_cross_certified_2.pem |
| 46 These certificates are reflect a portion of the CyberTrust (Verizon |
| 47 Business) CA hierarchy. _gte_root.pem is a legacy 1024-bit root that is |
| 48 still widely supported, while _baltimore_root.pem reflects the newer |
| 49 2048-bit root. For clients that only support the GTE root, two versions |
| 50 of the Baltimore root were cross-signed by GTE, namely |
| 51 _cross_certified_[1,2].pem. _omniroot_chain.pem contains a certificate |
| 52 chain that was issued under the Baltimore root. Combined, these |
| 53 certificates can be used to test real-world cross-signing; in practice, |
| 54 they are used to test certain workarounds for OS X's chain building code. |
| 55 |
| 56 - ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. |
| 57 This is an X.509 v1 certificate that omits the version field. Used to |
| 58 test that the certificate version gets the default value v1. |
| 59 |
| 60 - ct-test-embedded-cert.pem |
| 61 - ct-test-embedded-with-intermediate-chain.pem |
| 62 - ct-test-embedded-with-intermediate-preca-chain.pem |
| 63 - ct-test-embedded-with-preca-chain.pem |
| 64 Test certificate chains for Certificate Transparency: Each of these |
| 65 files contains a leaf certificate as the first certificate, which has |
| 66 embedded SCTs, followed by the issuer certificates chain. |
| 67 All files are from the src/test/testdada directory in |
| 68 https://code.google.com/p/certificate-transparency/ |
| 69 |
| 70 - comodo.chain.pem : A certificate chain for www.comodo.com which should be |
| 71 recognised as EV. Expires Jun 20 2015. |
| 72 |
| 73 ===== Manually generated certificates |
28 - client.p12 : A PKCS #12 file containing a client certificate and a private | 74 - client.p12 : A PKCS #12 file containing a client certificate and a private |
29 key created for testing. The password is "12345". | 75 key created for testing. The password is "12345". |
30 | 76 |
31 - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same | 77 - client-nokey.p12 : A PKCS #12 file containing a client certificate (the same |
32 as the one in client.p12) but no private key. The password is "12345". | 78 as the one in client.p12) but no private key. The password is "12345". |
33 | 79 |
34 - punycodetest.der : A test self-signed server certificate with punycode name. | |
35 The common name is "xn--wgv71a119e.com" (日本語.com) | |
36 | |
37 - unittest.selfsigned.der : A self-signed certificate generated using private | 80 - unittest.selfsigned.der : A self-signed certificate generated using private |
38 key in unittest.key.bin. The common name is "unittest". | 81 key in unittest.key.bin. The common name is "unittest". |
39 | 82 |
40 - unittest.key.bin : private key stored unencrypted. | 83 - unittest.key.bin : private key stored unencrypted. |
41 | 84 |
42 - unittest.originbound.der: A test origin-bound certificate for | 85 - unittest.originbound.der: A test origin-bound certificate for |
43 https://www.google.com:443. | 86 https://www.google.com:443. |
44 - unittest.originbound.key.der: matching PrivateKeyInfo. | 87 - unittest.originbound.key.der: matching PrivateKeyInfo. |
45 | 88 |
46 - x509_verify_results.chain.pem : A simple certificate chain used to test that | 89 - x509_verify_results.chain.pem : A simple certificate chain used to test that |
47 the correctly ordered, filtered certificate chain is returned during | 90 the correctly ordered, filtered certificate chain is returned during |
48 verification, regardless of the order in which the intermediate/root CA | 91 verification, regardless of the order in which the intermediate/root CA |
49 certificates are provided. | 92 certificates are provided. |
50 | 93 |
51 - google_diginotar.pem | |
52 - diginotar_public_ca_2025.pem : A certificate chain for the regression test | |
53 of http://crbug.com/94673 | |
54 | |
55 - test_mail_google_com.pem : A certificate signed by the test CA for | 94 - test_mail_google_com.pem : A certificate signed by the test CA for |
56 "mail.google.com". Because it is signed by that CA instead of the true CA | 95 "mail.google.com". Because it is signed by that CA instead of the true CA |
57 for that host, it will fail the | 96 for that host, it will fail the |
58 TransportSecurityState::IsChainOfPublicKeysPermitted test. | 97 TransportSecurityState::IsChainOfPublicKeysPermitted test. |
59 | 98 |
60 - salesforce_com_test.pem | |
61 - verisign_intermediate_ca_2011.pem | |
62 - verisign_intermediate_ca_2016.pem : Certificates for testing two | |
63 X509Certificate objects that contain the same server certificate but | |
64 different intermediate CA certificates. The two intermediate CA | |
65 certificates actually represent the same intermediate CA but have | |
66 different validity periods. | |
67 | |
68 - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A | 99 - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A |
69 certificate with all of the AttributeTypeAndValues stored within a single | 100 certificate with all of the AttributeTypeAndValues stored within a single |
70 RelativeDistinguishedName, rather than one AVA per RDN as normally seen. | 101 RelativeDistinguishedName, rather than one AVA per RDN as normally seen. |
71 | 102 |
72 - unescaped.pem : Regression test for http://crbug.com/102839. Contains | 103 - unescaped.pem : Regression test for http://crbug.com/102839. Contains |
73 characters such as '=' and '"' that would normally be escaped when | 104 characters such as '=' and '"' that would normally be escaped when |
74 converting a subject/issuer name to their stringized form. | 105 converting a subject/issuer name to their stringized form. |
75 | 106 |
| 107 - ocsp-test-root.pem : A root certificate for the code in |
| 108 net/tools/testserver/minica.py |
| 109 |
| 110 - websocket_cacert.pem : The testing root CA for testing WebSocket client |
| 111 certificate authentication. |
| 112 This file is used in SSLUITest.TestWSSClientCert. |
| 113 |
| 114 - websocket_client_cert.p12 : A PKCS #12 file containing a client certificate |
| 115 and a private key created for WebSocket testing. The password is "". |
| 116 This file is used in SSLUITest.TestWSSClientCert. |
| 117 |
| 118 - no_subject_common_name_cert.pem: Used to test the function that generates a |
| 119 NSS certificate nickname for a user certificate. This certificate's Subject |
| 120 field doesn't have a common name. |
| 121 |
| 122 - quic_intermediate.crt |
| 123 - quic_test_ecc.example.com.crt |
| 124 - quic_test.example.com.crt |
| 125 - quic_root.crt |
| 126 These certificates are used by the ProofVerifier's unit tests of QUIC. |
| 127 |
| 128 ===== From net/data/ssl/scripts/generate-test-certs.sh |
| 129 - expired_cert.pem |
| 130 - ok_cert.pem |
| 131 - root_ca_cert.pem |
| 132 These certificates are the common certificates used by the Python test |
| 133 server for simulating HTTPS connections. |
| 134 |
| 135 - name_constraint_bad.pem |
| 136 - name_constraint_good.pem |
| 137 Two certificates used to test the built-in ability to restrict a root to |
| 138 a particular namespace. |
| 139 |
| 140 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. |
| 141 |
| 142 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling |
| 143 |
| 144 - subjectAltName_sanity_check.pem : Used to test the handling of various types |
| 145 within the subjectAltName extension of a certificate. |
| 146 |
| 147 - punycodetest.pem : A test self-signed server certificate with punycode name. |
| 148 The common name is "xn--wgv71a119e.com" (日本語.com) |
| 149 |
| 150 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh |
76 - 2048-rsa-root.pem | 151 - 2048-rsa-root.pem |
77 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | 152 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
78 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- | 153 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by- |
79 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem | 154 {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem |
80 These certficates are generated by | 155 Test certificates used to ensure that weak keys are detected and rejected |
81 net/data/ssl/scripts/generate-weak-test-chains.sh and used in the | |
82 RejectWeakKeys test in net/base/x509_certificate_unittest.cc. | |
83 | 156 |
| 157 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh |
84 - cross-signed-leaf.pem | 158 - cross-signed-leaf.pem |
85 - cross-signed-root-md5.pem | 159 - cross-signed-root-md5.pem |
86 - cross-signed-root-sha1.pem | 160 - cross-signed-root-sha1.pem |
87 A certificate chain for regression testing http://crbug.com/108514, | 161 A certificate chain for regression testing http://crbug.com/108514 |
88 generated via scripts/generate-cross-signed-certs.sh | |
89 | 162 |
| 163 ===== From net/data/ssl/scripts/generate-redundant-test-chains.sh |
90 - redundant-validated-chain.pem | 164 - redundant-validated-chain.pem |
91 - redundant-server-chain.pem | 165 - redundant-server-chain.pem |
92 - redundant-validated-chain-root.pem | 166 - redundant-validated-chain-root.pem |
93 | 167 |
94 Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same | 168 Two chains, A -> B -> C -> D and A -> B -> C2 (C and C2 share the same |
95 public key) to test that SSLInfo gets the reconstructed, re-ordered | 169 public key) to test that SSLInfo gets the reconstructed, re-ordered |
96 chain instead of the chain as served. See | 170 chain instead of the chain as served. See |
97 SSLClientSocketTest.VerifyReturnChainProperlyOrdered in | 171 SSLClientSocketTest.VerifyReturnChainProperlyOrdered in |
98 net/socket/ssl_client_socket_unittest.cc. These chains are valid until | 172 net/socket/ssl_client_socket_unittest.cc. These chains are valid until |
99 26 Feb 2022 and are generated by | 173 26 Feb 2022 and are generated by |
100 net/data/ssl/scripts/generate-redundant-test-chains.sh. | 174 net/data/ssl/scripts/generate-redundant-test-chains.sh. |
101 | 175 |
102 - multi-root-chain1.pem | 176 ===== From net/data/ssl/scripts/generate-policy-certs.sh |
103 - multi-root-chain2.pem | 177 - explicit-policy-chain.pem |
104 Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the | 178 A test certificate chain with requireExplicitPolicy field set on the |
105 same public key) to test that certificate validation caching does not | 179 intermediate, with SkipCerts=0. This is used for regression testing |
106 interfere with the chain_verify_callback used by CertVerifyProcChromeOS. | 180 http://crbug.com/31497. |
107 See CertVerifyProcChromeOSTest. | |
108 | 181 |
109 - comodo.chain.pem : A certificate chain for www.comodo.com which should be | 182 ===== From net/data/ssl/scripts/generate-client-certificates.sh |
110 recognised as EV. Expires Jun 21 2013. | |
111 | |
112 - ocsp-test-root.pem : A root certificate for the code in | |
113 net/tools/testserver/minica.py | |
114 | |
115 - sha256.pem: Used to test the handling of SHA-256 certs on Windows. | |
116 Generated by using the command: | |
117 "openssl req -x509 -days 3650 -sha256 -newkey rsa:2048 -text \ | |
118 -config ../scripts/ee.cnf -out sha256.pem" | |
119 | |
120 - spdy_pooling.pem : Used to test the handling of spdy IP connection pooling | |
121 Generated by using the command | |
122 "openssl req -x509 -days 3650 -sha1 -extensions req_spdy_pooling \ | |
123 -config ../scripts/ee.cnf -newkey rsa:1024 -text \ | |
124 -out spdy_pooling.pem" | |
125 | |
126 - subjectAltName_sanity_check.pem : Used to test the handling of various types | |
127 within the subjectAltName extension of a certificate. Generated by using | |
128 the command | |
129 "openssl req -x509 -days 3650 -sha1 -extensions req_san_sanity \ | |
130 -config ../scripts/ee.cnf -newkey rsa:1024 -text \ | |
131 -out subjectAltName_sanity_check.pem" | |
132 | |
133 - ndn.ca.crt: "New Dream Network Certificate Authority" root certificate. | |
134 This is an X.509 v1 certificate that omits the version field. Used to | |
135 test that the certificate version gets the default value v1. | |
136 | |
137 - websocket_cacert.pem : The testing root CA for testing WebSocket client | |
138 certificate authentication. | |
139 This file is used in SSLUITest.TestWSSClientCert. | |
140 | |
141 - websocket_client_cert.p12 : A PKCS #12 file containing a client certificate | |
142 and a private key created for WebSocket testing. The password is "". | |
143 This file is used in SSLUITest.TestWSSClientCert. | |
144 | |
145 - android-test-key-rsa.pem | |
146 - android-test-key-dsa.pem | |
147 - android-test-key-dsa-public.pem | |
148 - android-test-key-ecdsa.pem | |
149 - android-test-key-ecdsa-public.pem | |
150 This is a set of test RSA/DSA/ECDSA keys used by the Android-specific | |
151 unit test in net/android/keystore_unittest.c. They are used to verify | |
152 that the OpenSSL-specific wrapper for platform PrivateKey objects | |
153 works properly. See the generate-android-test-keys.sh script. | |
154 | |
155 - client_1.pem | 183 - client_1.pem |
156 - client_1.key | 184 - client_1.key |
157 - client_1.pk8 | 185 - client_1.pk8 |
158 - client_1_ca.pem | 186 - client_1_ca.pem |
159 - client_2.pem | 187 - client_2.pem |
160 - client_2.key | 188 - client_2.key |
161 - client_2.pk8 | 189 - client_2.pk8 |
162 - client_2_ca.pem | 190 - client_2_ca.pem |
163 This is a set of files used to unit test SSL client certificate | 191 This is a set of files used to unit test SSL client certificate |
164 authentication. These are generated by | 192 authentication. |
165 net/data/ssl/scripts/generate-client-certificates.sh | |
166 - client_1_ca.pem and client_2_ca.pem are the certificates of | 193 - client_1_ca.pem and client_2_ca.pem are the certificates of |
167 two distinct signing CAs. | 194 two distinct signing CAs. |
168 - client_1.pem and client_1.key correspond to the certificate and | 195 - client_1.pem and client_1.key correspond to the certificate and |
169 private key for a first certificate signed by client_1_ca.pem. | 196 private key for a first certificate signed by client_1_ca.pem. |
170 - client_2.pem and client_2.key correspond to the certificate and | 197 - client_2.pem and client_2.key correspond to the certificate and |
171 private key for a second certificate signed by client_2_ca.pem. | 198 private key for a second certificate signed by client_2_ca.pem. |
172 - each .pk8 file contains the same key as the corresponding .key file | 199 - each .pk8 file contains the same key as the corresponding .key file |
173 as PKCS#8 PrivateKeyInfo in DER encoding. | 200 as PKCS#8 PrivateKeyInfo in DER encoding. |
174 | 201 |
| 202 ===== From net/data/ssl/scripts/generate-android-test-key.sh |
| 203 - android-test-key-rsa.pem |
| 204 - android-test-key-dsa.pem |
| 205 - android-test-key-dsa-public.pem |
| 206 - android-test-key-ecdsa.pem |
| 207 - android-test-key-ecdsa-public.pem |
| 208 This is a set of test RSA/DSA/ECDSA keys used by the Android-specific |
| 209 unit test in net/android/keystore_unittest.c. They are used to verify |
| 210 that the OpenSSL-specific wrapper for platform PrivateKey objects |
| 211 works properly. See the generate-android-test-keys.sh script. |
| 212 |
| 213 ===== From net/data/ssl/scripts/generate-bad-eku-certs.sh |
175 - eku-test-root.pem | 214 - eku-test-root.pem |
176 - non-crit-codeSigning-chain.pem | 215 - non-crit-codeSigning-chain.pem |
177 - crit-codeSigning-chain.pem | 216 - crit-codeSigning-chain.pem |
178 Two code-signing certificates (eKU: codeSigning; eKU: critical, | 217 Two code-signing certificates (eKU: codeSigning; eKU: critical, |
179 codeSigning) which we use to test that clients are making sure that web | 218 codeSigning) which we use to test that clients are making sure that web |
180 server certs are checked for correct eKU fields (when an eKU field is | 219 server certs are checked for correct eKU fields (when an eKU field is |
181 present). Since codeSigning is not valid for web server auth, the checks | 220 present). Since codeSigning is not valid for web server auth, the checks |
182 should fail. | 221 should fail. |
183 | 222 |
| 223 ===== From net/data/ssl/scripts/generate-multi-root-test-chains.sh |
| 224 - multi-root-chain1.pem |
| 225 - multi-root-chain2.pem |
| 226 Two chains, A -> B -> C -> D and A -> B -> C2 -> E (C and C2 share the |
| 227 same public key) to test that certificate validation caching does not |
| 228 interfere with the chain_verify_callback used by CertVerifyProcChromeOS. |
| 229 See CertVerifyProcChromeOSTest. |
| 230 |
| 231 ===== From net/data/ssl/scripts/generate-duplicate-cn-certs.sh |
184 - duplicate_cn_1.p12 | 232 - duplicate_cn_1.p12 |
185 - duplicate_cn_1.pem | 233 - duplicate_cn_1.pem |
186 - duplicate_cn_2.p12 | 234 - duplicate_cn_2.p12 |
187 - duplicate_cn_2.pem | 235 - duplicate_cn_2.pem |
188 Two certificates from the same issuer that share the same common name, | 236 Two certificates from the same issuer that share the same common name, |
189 but have distinct subject names (namely, their O fields differ). NSS | 237 but have distinct subject names (namely, their O fields differ). NSS |
190 requires that certificates have unique nicknames if they do not share the | 238 requires that certificates have unique nicknames if they do not share the |
191 same subject, and these certificates are used to test that the nickname | 239 same subject, and these certificates are used to test that the nickname |
192 generation algorithm generates unique nicknames. | 240 generation algorithm generates unique nicknames. |
193 The .pem versions contain just the certs, while the .p12 versions contain | 241 The .pem versions contain just the certs, while the .p12 versions contain |
194 both the cert and a private key, since there are multiple ways to import | 242 both the cert and a private key, since there are multiple ways to import |
195 certificates into NSS. | 243 certificates into NSS. |
196 | 244 |
| 245 ===== From net/data/ssl/scripts/generate-aia-certs.sh |
197 - aia-cert.pem | 246 - aia-cert.pem |
198 - aia-intermediate.der | 247 - aia-intermediate.der |
199 - aia-root.pem | 248 - aia-root.pem |
200 A certificate chain which we use to ensure AIA fetching works correctly | 249 A certificate chain which we use to ensure AIA fetching works correctly |
201 when using NSS to verify certificates (which uses our HTTP stack). | 250 when using NSS to verify certificates (which uses our HTTP stack). |
202 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL | 251 aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL |
203 containing the intermediate, which can be served via a URLRequestFilter. | 252 containing the intermediate, which can be served via a URLRequestFilter. |
204 aia-intermediate.der is stored in DER form for convenience, since that is | 253 aia-intermediate.der is stored in DER form for convenience, since that is |
205 the form expected of certificates discovered via AIA. | 254 the form expected of certificates discovered via AIA. |
206 | 255 |
207 - cybertrust_gte_root.pem | |
208 - cybertrust_baltimore_root.pem | |
209 - cybertrust_omniroot_chain.pem | |
210 - cybertrust_baltimore_cross_certified_1.pem | |
211 - cybertrust_baltimore_cross_certified_2.pem | |
212 These certificates are reflect a portion of the CyberTrust (Verizon | |
213 Business) CA hierarchy. _gte_root.pem is a legacy 1024-bit root that is | |
214 still widely supported, while _baltimore_root.pem reflects the newer | |
215 2048-bit root. For clients that only support the GTE root, two versions | |
216 of the Baltimore root were cross-signed by GTE, namely | |
217 _cross_certified_[1,2].pem. _omniroot_chain.pem contains a certificate | |
218 chain that was issued under the Baltimore root. Combined, these | |
219 certificates can be used to test real-world cross-signing; in practice, | |
220 they are used to test certain workarounds for OS X's chain building code. | |
221 | 256 |
222 - no_subject_common_name_cert.pem: Used to test the function that generates a | |
223 NSS certificate nickname for a user certificate. This certificate's Subject | |
224 field doesn't have a common name. | |
225 | |
226 - expired_cert.pem | |
227 - ok_cert.pem | |
228 - root_ca_cert.pem | |
229 These certificates are the common certificates used by the Python test | |
230 server for simulating HTTPS connections. They are generated by running | |
231 the script net/data/ssl/scripts/generate-test-certs.sh. | |
232 | |
233 - quic_intermediate.crt | |
234 - quic_test_ecc.example.com.crt | |
235 - quic_test.example.com.crt | |
236 - quic_root.crt | |
237 These certificates are used by the ProofVerifier's unit tests of QUIC. | |
238 | |
239 - explicit-policy-chain.pem | |
240 A test certificate chain with requireExplicitPolicy field set on the | |
241 intermediate, with SkipCerts=0. This is used for regression testing | |
242 http://crbug.com/31497. It is generated by running the script | |
243 net/data/ssl/scripts/generate-policy-certs.sh | |
244 | |
245 - ct-test-embedded-cert.pem | |
246 - ct-test-embedded-with-intermediate-chain.pem | |
247 - ct-test-embedded-with-intermediate-preca-chain.pem | |
248 - ct-test-embedded-with-preca-chain.pem | |
249 Test certificate chains for Certificate Transparency: Each of these | |
250 files contains a leaf certificate as the first certificate, which has | |
251 embedded SCTs, followed by the issuer certificates chain. | |
252 All files are from the src/test/testdada directory in | |
253 https://code.google.com/p/certificate-transparency/ | |
OLD | NEW |