Lib.rs

Cryptography
#private-key #certificate #tls #server #testing #client #x509

x509-test-certs

Sample ertificates for testing TLS connections

by Eric Seppanen

2 releases

0.1.1 Jun 7, 2023
0.1.0 Jun 7, 2023

#2907 in Cryptography

Download history 15/week @ 2024-11-16 15/week @ 2024-11-23 16/week @ 2024-11-30 35/week @ 2024-12-07 24/week @ 2024-12-14 3/week @ 2024-12-21 3/week @ 2024-12-28 13/week @ 2025-01-04 26/week @ 2025-01-11 17/week @ 2025-01-18 30/week @ 2025-01-25 35/week @ 2025-02-01 29/week @ 2025-02-08 22/week @ 2025-02-15 33/week @ 2025-02-22 29/week @ 2025-03-01

119 downloads per month

CC-PDDC license

44KB

Pre-built X509 certificates.

This crate provides cryptographic certificates and keys, meant for testing TLS clients and servers.

The certificates are meant to look realistic: they have most of the extensions that real-world certificates have, and try to follow the CAB guidelines as a real CA would.

This crate contains no code or dependencies, just const byte arrays containing pre-generated certificates and private keys.

If you would like to generate your own certificates, please try the x509-test-gen crate. It contains the code that was used to generate the certificates in the x509-test-certs crate. A collection of CA, client and server certificates.

The certificates can be used to test successful client or server validation.

The keys are RSA (2048 bit) and digests are SHA-256.

The server certificate is for a dns name test-server. You may need to spoof dns or instruct your client to use this name.

The client certificate is for an email address test@example.com.

The client and server certificates share the same root certificate.

A collection of CA, intermediate, client and server certificates

The certificates can be used to test successful client or server validation.

The keys are RSA (2048 bit) and digests are SHA-256.

The server certificate is for a dns name test-server. You may need to spoof dns or instruct your client to use this name.

The client certificate is for an email address test@example.com.

The client and server certificates share the same signature chain:

       root
        |
   intermediate
     /      \
  client   server

A client certificate with additional name types.

The certificates can be used to test successful client certificate decoding and authorization.

The keys are RSA (2048 bit) and digests are SHA-256.

The client certificate contains a Subject Alternative Name extension containing three names: a common name, a serial number, and a role.

CA and improperly signed server certificates.

The certificates can be used to test server validation failure.

The keys are RSA (2048 bit) and digests are SHA-256.

The server certificate is for a dns name test-server. You may need to spoof dns or instruct your client to use this name.

No runtime deps