Lib.rs

Cryptography
#private-key #certificate #tls #server #testing #client #x509

x509-test-certs

Sample ertificates for testing TLS connections

by Eric Seppanen

2 releases

0.1.1 Jun 7, 2023
0.1.0 Jun 7, 2023

#2415 in Cryptography

Download history 1/week @ 2024-01-01 37/week @ 2024-01-08 34/week @ 2024-01-15 51/week @ 2024-01-22 66/week @ 2024-01-29 25/week @ 2024-02-05 28/week @ 2024-02-12 31/week @ 2024-02-19 109/week @ 2024-02-26 49/week @ 2024-03-04 65/week @ 2024-03-11 26/week @ 2024-03-18 31/week @ 2024-03-25 64/week @ 2024-04-01 34/week @ 2024-04-08 56/week @ 2024-04-15

187 downloads per month

CC-PDDC license

44KB

Pre-built X509 certificates.

This crate provides cryptographic certificates and keys, meant for testing TLS clients and servers.

The certificates are meant to look realistic: they have most of the extensions that real-world certificates have, and try to follow the CAB guidelines as a real CA would.

This crate contains no code or dependencies, just const byte arrays containing pre-generated certificates and private keys.

If you would like to generate your own certificates, please try the x509-test-gen crate. It contains the code that was used to generate the certificates in the x509-test-certs crate. A collection of CA, client and server certificates.

The certificates can be used to test successful client or server validation.

The keys are RSA (2048 bit) and digests are SHA-256.

The server certificate is for a dns name test-server. You may need to spoof dns or instruct your client to use this name.

The client certificate is for an email address test@example.com.

The client and server certificates share the same root certificate.

A collection of CA, intermediate, client and server certificates

The certificates can be used to test successful client or server validation.

The keys are RSA (2048 bit) and digests are SHA-256.

The server certificate is for a dns name test-server. You may need to spoof dns or instruct your client to use this name.

The client certificate is for an email address test@example.com.

The client and server certificates share the same signature chain:

       root
        |
   intermediate
     /      \
  client   server

A client certificate with additional name types.

The certificates can be used to test successful client certificate decoding and authorization.

The keys are RSA (2048 bit) and digests are SHA-256.

The client certificate contains a Subject Alternative Name extension containing three names: a common name, a serial number, and a role.

CA and improperly signed server certificates.

The certificates can be used to test server validation failure.

The keys are RSA (2048 bit) and digests are SHA-256.

The server certificate is for a dns name test-server. You may need to spoof dns or instruct your client to use this name.

No runtime deps