REM Copyright 2013 The Chromium Authors. All rights reserved. | |
REM Use of this source code is governed by a BSD-style license that can be | |
REM found in the LICENSE file. | |
del /q certificates\* | |
REM Create a Cert Authority. | |
makecert -r -pe -n "CN=CertAuthority" -ss CA -sr CurrentUser ^ | |
-a sha256 -cy authority -sky signature ^ | |
-sv certificates\AuthorityCert.pvk certificates\AuthorityCert.cer | |
REM Create a second Cert Authority (used to test cert pinning). | |
makecert -r -pe -n "CN=OtherCertAuthority" -ss CA -sr CurrentUser ^ | |
-a sha256 -cy authority -sky signature ^ | |
-sv certificates\OtherAuthorityCert.pvk ^ | |
certificates\OtherAuthorityCert.cer | |
REM Create a self-signed cert. | |
makecert -r -pe -n "CN=SelfSigned" -ss CA -sr CurrentUser ^ | |
-a sha256 -cy authority -sky signature ^ | |
-sv certificates\SelfSigned.pvk certificates\SelfSigned.cer | |
pvk2pfx -pvk certificates\SelfSigned.pvk -spc certificates\SelfSigned.cer ^ | |
-pfx certificates\SelfSigned.pfx | |
signtool sign /v /f certificates\SelfSigned.pfx dlls\self_signed.dll | |
REM Create a signing cert from our first CA, with proper company name. | |
makecert -pe -n "CN=Google Inc, OU=Chrome Testers" -a sha256 -cy end ^ | |
-sky signature ^ | |
-ic certificates\AuthorityCert.cer -iv certificates\AuthorityCert.pvk ^ | |
-sv certificates\ValidCert.pvk certificates\ValidCert.cer | |
pvk2pfx -pvk certificates\ValidCert.pvk -spc certificates\ValidCert.cer ^ | |
-pfx certificates\ValidCert.pfx | |
signtool sign /v /f certificates\ValidCert.pfx dlls\valid_sig.dll | |
REM Create a signing cert from our first CA, with wrong company name. | |
makecert -pe -n "CN=NotGoogle Inc, OU=Chrome Testers" -a sha256 -cy end ^ | |
-sky signature ^ | |
-ic certificates\AuthorityCert.cer -iv certificates\AuthorityCert.pvk ^ | |
-sv certificates\NotGoogleCert.pvk certificates\NotGoogleCert.cer | |
pvk2pfx -pvk certificates\NotGoogleCert.pvk ^ | |
-spc certificates\NotGoogleCert.cer -pfx certificates\NotGoogleCert.pfx | |
signtool sign /v /f certificates\NotGoogleCert.pfx dlls\not_google.dll | |
REM Create a signing cert from the other CA. | |
makecert -pe -n "CN=Google Inc, OU=Other Chrome Testers" -a sha256 -cy end ^ | |
-sky signature ^ | |
-ic certificates\OtherAuthorityCert.cer ^ | |
-iv certificates\OtherAuthorityCert.pvk ^ | |
-sv certificates\DifferentHash.pvk certificates\DifferentHash.cer | |
pvk2pfx -pvk certificates\DifferentHash.pvk ^ | |
-spc certificates\DifferentHash.cer -pfx certificates\DifferentHash.pfx | |
signtool sign /v /f certificates\DifferentHash.pfx dlls\different_hash.dll | |
REM Create an expired signing cert from our first CA. | |
makecert -pe -n "CN=Google Inc, OU=Chrome Testers" -a sha256 -cy end ^ | |
-sky signature ^ | |
-ic certificates\AuthorityCert.cer -iv certificates\AuthorityCert.pvk ^ | |
-e 12/31/2012 ^ | |
-sv certificates\ExpiredCert.pvk certificates\ExpiredCert.cer | |
pvk2pfx -pvk certificates\ExpiredCert.pvk -spc certificates\ExpiredCert.cer ^ | |
-pfx certificates\ExpiredCert.pfx | |
signtool sign /v /f certificates\ExpiredCert.pfx dlls\expired.dll | |
del /q certificates\*.pvk | |
del /q certificates\*.pfx |