Index: net/data/ssl/certificates/README |
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README |
index a58aaa1cff9f99e3a93100ecd5e982e63bc4698f..039a526bd43650219c28757c6671e3fcd9c11883 100644 |
--- a/net/data/ssl/certificates/README |
+++ b/net/data/ssl/certificates/README |
@@ -20,13 +20,6 @@ unit tests. |
- dod_root_ca_2_cert.der : A certificate chain for regression tests of |
http://crbug.com/31497. |
-- expired_cert.pem : An expired certificate, used by test_server.cc. |
- |
-- ok_cert.pem : A valid certificate, used by test_server.cc |
- |
-- root_ca_cert.crt : The testing root CA used to sign the test_server.cc's |
- certificates. |
- |
- unosoft_hu_cert : Certificate used by X509CertificateTest.UnoSoftCertParsing. |
- client.p12 : A PKCS #12 file containing a client certificate and a private |
@@ -34,3 +27,38 @@ unit tests. |
- punycodetest.der : A test self-signed server certificate with punycode name. |
The common name is "xn--wgv71a119e.com" (日本語.com) |
+ |
+===== |
+Generated Test Certificates: |
+ The following certificates were generated locally, and are primarily used |
+ by test_server.cc and test_server.py: |
+ - expired_cert.pem : An expired certificate, used by test_server.cc. |
+ - ok_cert.pem : A valid certificate, used by test_server.cc and others |
+ - root_ca_cert.crt : The testing root CA used to sign the test |
wtc
2010/12/08 19:58:22
Typo: root_ca_cert.crt => root_ca_cert.pem
Please
|
+ certificates |
+ In addition, a support file is provided for making it easier to make |
+ modifications or re-generate these certificates. |
+ - openssl_ca.cnf : The configuration file used to generate the test |
+ certificates |
+ |
+ The following commands were used to generated the test root certificates |
+ Note: Be sure to adjust path slashes as appropriate for your platform. |
+ |
+mkdir root_ca |
+mkdir root_ca\private |
+mkdir root_ca\newcerts |
+echo 01 > root_ca\serial |
+[On Windows] |
+ copy nul: root_ca\index.txt |
+ copy nul: root_ca\index.txt.attr |
+[On POSIX] |
+ touch root_ca\index.txt |
+ touch root_ca\index.txt.attr |
+ |
+openssl req -new -x509 -days 18250 -keyout root_ca\private\cacert.key -out root_ca\cacert.pem -config openssl_ca.cnf |
+openssl req -new -keyout expired_cert.key -out expired_cert.req -config openssl_cert.cnf |
+openssl req -new -keyout ok_cert.key -out ok_cert.req -config openssl_cert.cnf |
+openssl ca -name CA_root -extensions user_cert -startdate 060101000000Z -enddate 070101000000Z -in expired_cert.req -out expired_cert.pem -config openssl_ca.cnf |
+openssl ca -name CA_root -extensions user_cert -days 18250 -in ok_cert.req -out ok_cert.pem -config openssl_ca.cnf |
+ |
+ Then each output certificate (.pem) and private key (.key) were combined into previously mentioned filenames. |