Closed Bug 538294 Opened 11 years ago Closed 3 years ago
Need to be able to regenerate all of the certificates in the test certificate database
In 2018 we'll need to regenerate the temporary CA that is used in the test certificate database for mochitests ssl tests. At the same time we'll need to regenerate a bunch of the client certs in there that are issued by the CA. Equally some of the certs in there aren't issued by the CA but will also have to get regenerated at some point to stop them expiring. Right now we have a script to regenerate the CA and the main SSL certs, but none of the additional certs in the database which is currently the following: escapeattack1 escapeattack2 bug413909cert Unknown CA untrusted selfsigned expired Going to start by documenting here the commands necessary to generate the certs manually and then we can look to patching the script to just do it for us.
Bug 435743 added the last 4 in the list above. I think the following commands would recreate them, all with a duration of 10 years (except expired which expires the moment it is created). certutil -d . -S -n "selfsigned" -s "CN=self-signed.example.com" -x -t "P,," -m 1 -v 120 certutil -d . -S -n "unknown ca" -s "CN=Unknown CA" -t "C,," -x -m 1 -2 -v 120 certutil -d . -S -n "untrusted" -s "CN=untrusted.example.com" -c "unknown_ca" -t "P,," -k rsa -g 1024 -m 1 -v 120 certutil -d . -S -n "expired" -s "CN=expired.example.com" -c "pgo temporary ca" -t "P,," -m 2387 -k rsa -g 1024 -v 0
Whiteboard: [orange][orange:time-bomb] → [orange:time-bomb]
Mass closing mochitest bugs that haven't had activity in the past 5 years. Please re-open or file a new bug with modern context if this is still relevant.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.