Re: X.509 Certificate Testing...
The NIST PKITS test suite is a good one and contains a whole bunch of certificates/CRLs for testing compliance with RFC 3280: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html --Sean On 09/15/2016 07:19 PM, Milton Smith wrote: Hi All, I'm looking for a set of certificates, self-signed certs, cross-signed certs, small chains, large chains, different critical and non-critical sections, revoked certs, blacklisted certs, invalid, not yet valid, time stamped, etc. I realize it's difficult to be comprehensive but is there anything anyone can recommend for unit tests or CD/CI builds? Trying to avoid creating all this if it exists already. Thanks! Regards, Milton
Re: X.509 Certificate Testing...
I don't know a single place including all these things. In fact, in most cases we avoid including a certificate directly in a test if it can be created on the fly. --Max > On Sep 16, 2016, at 7:19 AM, Milton Smithwrote: > > Hi All, > > I'm looking for a set of certificates, self-signed certs, cross-signed certs, > small chains, large chains, different critical and non-critical sections, > revoked certs, blacklisted certs, invalid, not yet valid, time stamped, etc. > I realize it's difficult to be comprehensive but is there anything anyone can > recommend for unit tests or CD/CI builds? Trying to avoid creating all this > if it exists already. Thanks! > > Regards, > Milton