Adding Certificates for Testing¶
Sometimes we need to write tests for scenarios that require custom client, server or certificate authority (CA) certificates. For that purpose, you can generate such certificates using build/pgo/genpgocert.py
.
The certificate specifications (and key specifications) are located in build/pgo/certs/
.
To add a new server certificate, add a ${cert_name}.certspec
file to that folder.
If it needs a non-default private key, add a corresponding ${cert_name}.server.keyspec
.
For a new client certificate, add a ${cert_name}.client.keyspec
and corresponding ${cert_name}.certspec
.
To add a new CA, add a ${cert_name}.ca.keyspec
as well as a corresponding ${cert_name}.certspec
to that folder.
Hint
The full syntax for .certspec files is documented at https://searchfox.org/mozilla-central/source/security/manager/ssl/tests/unit/pycert.py
The full syntax for .keyspec files is documented at https://searchfox.org/mozilla-central/source/security/manager/ssl/tests/unit/pykey.py
Then regenerate the certificates by running::
./mach python build/pgo/genpgocert.py
These commands will modify cert9.db and key4.db, and if you have added a .keyspec file will generate a {$cert_name}.client
or {$cert_name}.ca
file.
These files need to be committed.
If you’ve created a new server certificate, you probably want to modify build/pgo/server-locations.txt
to add a location with your specified certificate::
https://my-test.example.com:443 cert=${cert_name}
You will need to run ./mach build
again afterwards.
Important
Make sure to exactly follow the naming conventions and use the same cert_name
in all places