certs
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|
parent directory.. | ||||
The certificate authority and server certificates here are generated by
$topsrcdir/build/pgo/genpgocert.py.
You can regenerate the certificates by running: ./mach python
build/pgo/genpgocert.py
To add a new CA, add a ${cert_name}.ca.keyspec as well as a corresponding
${cert_name}.certspec to this folder.
To add new server certificates, add a ${cert_name}.certspec file to this folder.
If it needs a non-default private key, add a corresponding
${cert_name}.server.keyspec.
For new client certificates, add a ${cert_name}.client.keyspec and corresponding
${cert_name}.certspec.
The naming convention here is because the generated ".client" and ".ca" PEM
files need to be copied into this folder for Mochitests' runtests.py to import.
These commands will modify cert9.db and key4.db. The changes to these should be
committed.
Specific notes for certs:
dynamicPinningGood: Changing this keyspec will require changing
browser/base/content/test/general/pinning_headers.sjs . You can obtain a new
valid pin via:
certutil -L -d . -n dynamicPinningGood -r | openssl x509 -inform der -pubkey \
-noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary \
| openssl enc -base64