Closed Bug 538294 Opened 10 years ago Closed 2 years ago

Need to be able to regenerate all of the certificates in the test certificate database

Categories

(Testing :: Mochitest, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: mossop, Unassigned)

References

Details

(Keywords: intermittent-failure, Whiteboard: [orange:time-bomb])

In 2018 we'll need to regenerate the temporary CA that is used in the test certificate database for mochitests ssl tests. At the same time we'll need to regenerate a bunch of the client certs in there that are issued by the CA.

Equally some of the certs in there aren't issued by the CA but will also have to get regenerated at some point to stop them expiring.

Right now we have a script to regenerate the CA and the main SSL certs, but none of the additional certs in the database which is currently the following:

escapeattack1
escapeattack2
bug413909cert
Unknown CA
untrusted
selfsigned
expired

Going to start by documenting here the commands necessary to generate the certs manually and then we can look to patching the script to just do it for us.
Bug 435743 added the last 4 in the list above. I think the following commands would recreate them, all with a duration of 10 years (except expired which expires the moment it is created).

certutil -d . -S -n "selfsigned" -s "CN=self-signed.example.com" -x -t "P,," -m 1 -v 120
certutil -d . -S -n "unknown ca" -s "CN=Unknown CA" -t "C,," -x -m 1 -2 -v 120
certutil -d . -S -n "untrusted" -s "CN=untrusted.example.com" -c "unknown_ca" -t
"P,," -k rsa -g 1024 -m 1 -v 120
certutil -d . -S -n "expired" -s "CN=expired.example.com" -c "pgo temporary ca"
-t "P,," -m 2387 -k rsa -g 1024 -v 0
Blocks: 413909, 483437, 435743
Blocks: 438871
Whiteboard: [orange][orange:time-bomb] → [orange:time-bomb]
Mass closing mochitest bugs that haven't had activity in the past 5 years. Please re-open or file a new bug with modern context if this is still relevant.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.