Source code

Revision control

Copy as Markdown

Other Tools

.. _test_certificates:
Adding Certificates for Testing
Sometimes we need to write tests for scenarios that require custom client, server or certificate authority (CA) certificates. For that purpose, you can generate such certificates using ``build/pgo/``.
The certificate specifications (and key specifications) are located in ``build/pgo/certs/``.
To add a new **server certificate**, add a ``${cert_name}.certspec`` file to that folder.
If it needs a non-default private key, add a corresponding ``${cert_name}.server.keyspec``.
For a new **client certificate**, add a ``${cert_name}.client.keyspec`` and corresponding ``${cert_name}.certspec``.
To add a new **CA**, add a ``${cert_name}.ca.keyspec`` as well as a corresponding ``${cert_name}.certspec`` to that folder.
.. hint::
* The full syntax for .certspec files is documented at
* The full syntax for .keyspec files is documented at
Then regenerate the certificates by running:::
./mach python build/pgo/
These commands will modify cert9.db and key4.db, and if you have added a .keyspec file will generate a ``{$cert_name}.client`` or ``{$cert_name}.ca`` file.
**These files need to be committed.**
If you've created a new server certificate, you probably want to modify ``build/pgo/server-locations.txt`` to add a location with your specified certificate:::
You will need to run ``./mach build`` again afterwards.
.. important::
Make sure to exactly follow the naming conventions and use the same ``cert_name`` in all places