Re: X.509 Certificate Testing...

[Sean Mullan]

The NIST PKITS test suite is a good one and contains a whole bunch of 
certificates/CRLs for testing compliance with RFC 3280: 
http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html


--Sean

On 09/15/2016 07:19 PM, Milton Smith wrote:

Hi All,

I'm looking for a set of certificates, self-signed certs, cross-signed
certs, small chains, large chains, different critical and non-critical
sections, revoked certs, blacklisted certs, invalid, not yet valid, time
stamped, etc.  I realize it's difficult to be comprehensive but is there
anything anyone can recommend for unit tests or CD/CI builds?  Trying to
avoid creating all this if it exists already.  Thanks!

Regards,
Milton

Re: X.509 Certificate Testing...

[Wang Weijun]

I don't know a single place including all these things. In fact, in most cases 
we avoid including a certificate directly in a test if it can be created on the 
fly.

--Max

> On Sep 16, 2016, at 7:19 AM, Milton Smith  wrote:
> 
> Hi All,
> 
> I'm looking for a set of certificates, self-signed certs, cross-signed certs, 
> small chains, large chains, different critical and non-critical sections, 
> revoked certs, blacklisted certs, invalid, not yet valid, time stamped, etc.  
> I realize it's difficult to be comprehensive but is there anything anyone can 
> recommend for unit tests or CD/CI builds?  Trying to avoid creating all this 
> if it exists already.  Thanks!
> 
> Regards,
> Milton