test_certificates.rst (1822B)
1 .. _test_certificates: 2 3 =============================== 4 Adding Certificates for Testing 5 =============================== 6 7 Sometimes we need to write tests for scenarios that require custom client, server or certificate authority (CA) certificates. For that purpose, you can generate such certificates using ``build/pgo/genpgocert.py``. 8 9 The certificate specifications (and key specifications) are located in ``build/pgo/certs/``. 10 11 To add a new **server certificate**, add a ``${cert_name}.certspec`` file to that folder. 12 If it needs a non-default private key, add a corresponding ``${cert_name}.server.keyspec``. 13 14 For a new **client certificate**, add a ``${cert_name}.client.keyspec`` and corresponding ``${cert_name}.certspec``. 15 16 To add a new **CA**, add a ``${cert_name}.ca.keyspec`` as well as a corresponding ``${cert_name}.certspec`` to that folder. 17 18 .. hint:: 19 20 * The full syntax for .certspec files is documented at https://searchfox.org/mozilla-central/source/security/manager/tools/pycert.py 21 22 * The full syntax for .keyspec files is documented at https://searchfox.org/mozilla-central/source/security/manager/tools/pykey.py 23 24 Then regenerate the certificates by running::: 25 26 ./mach python build/pgo/genpgocert.py 27 28 These commands will modify cert9.db and key4.db, and if you have added a .keyspec file will generate a ``{$cert_name}.client`` or ``{$cert_name}.ca`` file. 29 30 **These files need to be committed.** 31 32 If you've created a new server certificate, you probably want to modify ``build/pgo/server-locations.txt`` to add a location with your specified certificate::: 33 34 https://my-test.example.com:443 cert=${cert_name} 35 36 You will need to run ``./mach build`` again afterwards. 37 38 .. important:: 39 40 Make sure to exactly follow the naming conventions and use the same ``cert_name`` in all places