README
1The certificate authority and server certificates here are generated by 2$topsrcdir/build/pgo/genpgocert.py. 3 4You can regenerate the certificates by running: ./mach python 5build/pgo/genpgocert.py 6 7To add a new CA, add a ${cert_name}.ca.keyspec as well as a corresponding 8${cert_name}.certspec to this folder. 9 10To add new server certificates, add a ${cert_name}.certspec file to this folder. 11If it needs a non-default private key, add a corresponding 12${cert_name}.server.keyspec. 13 14For new client certificates, add a ${cert_name}.client.keyspec and corresponding 15${cert_name}.certspec. 16 17The naming convention here is because the generated ".client" and ".ca" PEM 18files need to be copied into this folder for Mochitests' runtests.py to import. 19 20These commands will modify cert9.db and key4.db. The changes to these should be 21committed. 22 23Specific notes for certs: 24 25 dynamicPinningGood: Changing this keyspec will require changing 26 browser/base/content/test/general/pinning_headers.sjs . You can obtain a new 27 valid pin via: 28 29 certutil -L -d . -n dynamicPinningGood -r | openssl x509 -inform der -pubkey \ 30 -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary \ 31 | openssl enc -base64 32