README
1The certificate authority and server certificates here are generated by
2$topsrcdir/build/pgo/genpgocert.py.
3
4You can regenerate the certificates by running: ./mach python
5build/pgo/genpgocert.py
6
7To add a new CA, add a ${cert_name}.ca.keyspec as well as a corresponding
8${cert_name}.certspec to this folder.
9
10To add new server certificates, add a ${cert_name}.certspec file to this folder.
11If it needs a non-default private key, add a corresponding
12${cert_name}.server.keyspec.
13
14For new client certificates, add a ${cert_name}.client.keyspec and corresponding
15${cert_name}.certspec.
16
17The naming convention here is because the generated ".client" and ".ca" PEM
18files need to be copied into this folder for Mochitests' runtests.py to import.
19
20These commands will modify cert9.db and key4.db. The changes to these should be
21committed.
22
23Specific notes for certs:
24
25 dynamicPinningGood: Changing this keyspec will require changing
26 browser/base/content/test/general/pinning_headers.sjs . You can obtain a new
27 valid pin via:
28
29 certutil -L -d . -n dynamicPinningGood -r | openssl x509 -inform der -pubkey \
30 -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary \
31 | openssl enc -base64
32