summaryrefslogtreecommitdiffstats
path: root/build/pgo/certs
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--build/pgo/certs/README5
-rw-r--r--build/pgo/certs/alternateroot.ca18
-rw-r--r--build/pgo/certs/alternateroot.ca.keyspec1
-rw-r--r--build/pgo/certs/alternateroot.certspec7
-rw-r--r--build/pgo/certs/badCertDomain.certspec3
-rw-r--r--build/pgo/certs/bug413909cert.certspec3
-rw-r--r--build/pgo/certs/cert9.dbbin0 -> 229376 bytes
-rw-r--r--build/pgo/certs/dynamicPinningBad.certspec5
-rw-r--r--build/pgo/certs/dynamicPinningBad.server.keyspec1
-rw-r--r--build/pgo/certs/dynamicPinningGood.certspec3
-rw-r--r--build/pgo/certs/escapeattack1.certspec3
-rw-r--r--build/pgo/certs/evintermediate.ca26
-rw-r--r--build/pgo/certs/evintermediate.ca.keyspec1
-rw-r--r--build/pgo/certs/evintermediate.certspec7
-rw-r--r--build/pgo/certs/expired.certspec4
-rw-r--r--build/pgo/certs/imminently_distrusted.certspec4
-rw-r--r--build/pgo/certs/key4.dbbin0 -> 294912 bytes
-rw-r--r--build/pgo/certs/mochitest.certspec3
-rw-r--r--build/pgo/certs/mochitest.clientbin0 -> 2448 bytes
-rw-r--r--build/pgo/certs/mochitest.client.keyspec1
-rw-r--r--build/pgo/certs/noSubjectAltName.certspec2
-rw-r--r--build/pgo/certs/pgoca.ca21
-rw-r--r--build/pgo/certs/pgoca.ca.keyspec1
-rw-r--r--build/pgo/certs/pgoca.certspec5
-rw-r--r--build/pgo/certs/selfsigned.certspec3
-rw-r--r--build/pgo/certs/sha1_end_entity.certspec4
-rw-r--r--build/pgo/certs/sha256_end_entity.certspec4
-rw-r--r--build/pgo/certs/staticPinningBad.certspec5
-rw-r--r--build/pgo/certs/staticPinningBad.server.keyspec1
-rw-r--r--build/pgo/certs/unknown_ca.certspec5
-rw-r--r--build/pgo/certs/untrusted.certspec3
-rw-r--r--build/pgo/certs/untrustedandexpired.certspec4
32 files changed, 153 insertions, 0 deletions
diff --git a/build/pgo/certs/README b/build/pgo/certs/README
new file mode 100644
index 0000000000..7036e4a87e
--- /dev/null
+++ b/build/pgo/certs/README
@@ -0,0 +1,5 @@
+This directory contains CA and server certificates for testing.
+
+You can find instructions on how to add or modify certificates at:
+
+https://firefox-source-docs.mozilla.org/build/buildsystem/test_certificates.html
diff --git a/build/pgo/certs/alternateroot.ca b/build/pgo/certs/alternateroot.ca
new file mode 100644
index 0000000000..9fa2078b4c
--- /dev/null
+++ b/build/pgo/certs/alternateroot.ca
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIUb/+pohOlRCuQgMy2GJLCUQq+HeMwDQYJKoZIhvcNAQEL
+BQAwJjEkMCIGA1UEAwwbQWx0ZXJuYXRlIFRydXN0ZWQgQXV0aG9yaXR5MCIYDzIw
+MTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaMCYxJDAiBgNVBAMMG0FsdGVy
+bmF0ZSBUcnVzdGVkIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSj
+s8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMT
+ud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvF
+o+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UT
+H5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4
+xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAS+qy/sIFV+oia7zsyFhe3X
+j3ZHSvmqJ4mxIg5KOPVP2NvDaxD/+pysxGLf69QDRjIsePBdRJz0zZoVl9pSXIn1
+Kpk0sjzKX2bJtAomog+ZnAZUxtLzoXy/aqaheWm8cRJ8qFOJtSMDRrLISqBXCQLO
+ECqXIxf3Nt3S+Riu2Pam3YymFdtmqUJvLhhekWtEEnXyh/xfAsoUgS3SQ27c4dCY
+R7XGnFsaXrKXv93QeJmtfvrAZMXEuKaBGPSNHV6QH0S0Loh9Jed2Zp7GxnFtIPYe
+J2Q5qtxa8KD/tgGFpAD74eMBdgQ4SxbA/YqqXIt1lLNcr7wm0cPRpP0vIY3hk8k=
+-----END CERTIFICATE-----
diff --git a/build/pgo/certs/alternateroot.ca.keyspec b/build/pgo/certs/alternateroot.ca.keyspec
new file mode 100644
index 0000000000..cbd5f309c0
--- /dev/null
+++ b/build/pgo/certs/alternateroot.ca.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/build/pgo/certs/alternateroot.certspec b/build/pgo/certs/alternateroot.certspec
new file mode 100644
index 0000000000..d831222020
--- /dev/null
+++ b/build/pgo/certs/alternateroot.certspec
@@ -0,0 +1,7 @@
+issuer:Alternate Trusted Authority
+subject:Alternate Trusted Authority
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+issuerKey:alternate
+subjectKey:alternate
diff --git a/build/pgo/certs/badCertDomain.certspec b/build/pgo/certs/badCertDomain.certspec
new file mode 100644
index 0000000000..5d13ffae3b
--- /dev/null
+++ b/build/pgo/certs/badCertDomain.certspec
@@ -0,0 +1,3 @@
+subject:www.badcertdomain.example.com
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:www.badcertdomain.example.com
diff --git a/build/pgo/certs/bug413909cert.certspec b/build/pgo/certs/bug413909cert.certspec
new file mode 100644
index 0000000000..ed4100219a
--- /dev/null
+++ b/build/pgo/certs/bug413909cert.certspec
@@ -0,0 +1,3 @@
+subject:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
diff --git a/build/pgo/certs/cert9.db b/build/pgo/certs/cert9.db
new file mode 100644
index 0000000000..9206c49b32
--- /dev/null
+++ b/build/pgo/certs/cert9.db
Binary files differ
diff --git a/build/pgo/certs/dynamicPinningBad.certspec b/build/pgo/certs/dynamicPinningBad.certspec
new file mode 100644
index 0000000000..1d377103d2
--- /dev/null
+++ b/build/pgo/certs/dynamicPinningBad.certspec
@@ -0,0 +1,5 @@
+subject:bad.include-subdomains.pinning-dynamic.example.com
+issuer:Alternate Trusted Authority
+extension:subjectAlternativeName:bad.include-subdomains.pinning-dynamic.example.com
+subjectKey:alternate
+issuerKey:alternate
diff --git a/build/pgo/certs/dynamicPinningBad.server.keyspec b/build/pgo/certs/dynamicPinningBad.server.keyspec
new file mode 100644
index 0000000000..cbd5f309c0
--- /dev/null
+++ b/build/pgo/certs/dynamicPinningBad.server.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/build/pgo/certs/dynamicPinningGood.certspec b/build/pgo/certs/dynamicPinningGood.certspec
new file mode 100644
index 0000000000..2db3836919
--- /dev/null
+++ b/build/pgo/certs/dynamicPinningGood.certspec
@@ -0,0 +1,3 @@
+subject:dynamic-pinning.example.com
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:*.include-subdomains.pinning-dynamic.example.com,*.pinning-dynamic.example.com
diff --git a/build/pgo/certs/escapeattack1.certspec b/build/pgo/certs/escapeattack1.certspec
new file mode 100644
index 0000000000..df34d5920c
--- /dev/null
+++ b/build/pgo/certs/escapeattack1.certspec
@@ -0,0 +1,3 @@
+subject:www.bank1.com\00www.bad-guy.com
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:www.bank1.com\00www.bad-guy.com
diff --git a/build/pgo/certs/evintermediate.ca b/build/pgo/certs/evintermediate.ca
new file mode 100644
index 0000000000..84a6d8e802
--- /dev/null
+++ b/build/pgo/certs/evintermediate.ca
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEfDCCA2SgAwIBAgIUETbLA86peOWkUFhyKYIuZVGUEygwDQYJKoZIhvcNAQEL
+BQAwgdwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRh
+aW4gVmlldzEjMCEGA1UEChMaTW96aWxsYSAtIEVWIGRlYnVnIHRlc3QgQ0ExHTAb
+BgNVBAsTFFNlY3VyaXR5IEVuZ2luZWVyaW5nMTYwNAYDVQQDEy1FViBUZXN0aW5n
+ICh1bnRydXN0d29ydGh5KSBDQS9uYW1lPWV2LXRlc3QtY2ExLDAqBgkqhkiG9w0B
+CQEWHWNoYXJsYXRhbkB0ZXN0aW5nLmV4YW1wbGUuY29tMCIYDzIwMTAwMTAxMDAw
+MDAwWhgPMjA1MDAxMDEwMDAwMDBaMIHcMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
+Q0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxIzAhBgNVBAoTGk1vemlsbGEgLSBF
+ViBkZWJ1ZyB0ZXN0IENBMR0wGwYDVQQLExRTZWN1cml0eSBFbmdpbmVlcmluZzE2
+MDQGA1UEAxMtRVYgVGVzdGluZyAodW50cnVzdHdvcnRoeSkgQ0EvbmFtZT1ldi10
+ZXN0LWNhMSwwKgYJKoZIhvcNAQkBFh1jaGFybGF0YW5AdGVzdGluZy5leGFtcGxl
+LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVJiVydABCNEaH5
+n4ep49Gl21367PGI2le/ZBNojyzkciz/EJA4wXQCyToqRz29KGrtP9zTY89aKRR3
+Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPNRGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dx
+ShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s33iuMUTtKMReeSk4Y6eiKkiYCjakDnLV
+ecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rdGq6KoszONIoBabgOKKLXDBqWDG8zXy2g
+m5tkP1q/uknoqqmB6WDifYdIC91V3ZQX+hhQn7tVTM+BpDl+i6gSijS98nhlwYnl
+c0+yKQUCAwEAAaMwMC4wCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wEQYDVR0g
+BAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQArG5slgBRJuytlKFa4qcHW
+pAOfjN9fwi57fDds1yNv6tXhESdkbVPhIgw+GanVbrVcorGdCkfB51+dPJM+cBgH
+HSwEB7TQnNYvm/csA1zH4n+CnX9nBL7dwK63n6dyR9f1uvu6KSB+YJm3amKil85a
+d7HeDWdh+gNhC58lEC2QzuOMivP593aS5vLJHfp8pjc21XJkO8M7SRw44OJKYq9/
+v0k6v4SznbfZzSLg3gM4aSNuCLExUtUY2myxPFwJs9QQ4xx5zJTjJTRlpxUm630Z
+n4IYlseao949U+UbBNU4PZKH7dzSQzfhdFJpvK3dsPOPNnHYiXO0xAhsEvvjq8zQ
+-----END CERTIFICATE-----
diff --git a/build/pgo/certs/evintermediate.ca.keyspec b/build/pgo/certs/evintermediate.ca.keyspec
new file mode 100644
index 0000000000..1a3d76a550
--- /dev/null
+++ b/build/pgo/certs/evintermediate.ca.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/build/pgo/certs/evintermediate.certspec b/build/pgo/certs/evintermediate.certspec
new file mode 100644
index 0000000000..a04850d53f
--- /dev/null
+++ b/build/pgo/certs/evintermediate.certspec
@@ -0,0 +1,7 @@
+issuer:printableString/C=US/ST=CA/L=Mountain View/O=Mozilla - EV debug test CA/OU=Security Engineering/CN=EV Testing (untrustworthy) CA/name=ev-test-ca/emailAddress=charlatan@testing.example.com
+subject:printableString/C=US/ST=CA/L=Mountain View/O=Mozilla - EV debug test CA/OU=Security Engineering/CN=EV Testing (untrustworthy) CA/name=ev-test-ca/emailAddress=charlatan@testing.example.com
+subjectKey:ev
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+extension:certificatePolicies:any
diff --git a/build/pgo/certs/expired.certspec b/build/pgo/certs/expired.certspec
new file mode 100644
index 0000000000..3193168130
--- /dev/null
+++ b/build/pgo/certs/expired.certspec
@@ -0,0 +1,4 @@
+subject:expired.example.com
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:expired.example.com
+validity:20100105-20100106
diff --git a/build/pgo/certs/imminently_distrusted.certspec b/build/pgo/certs/imminently_distrusted.certspec
new file mode 100644
index 0000000000..e44e4e8e07
--- /dev/null
+++ b/build/pgo/certs/imminently_distrusted.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:printableString/CN=Imminently Distrusted End Entity
+validity:20100101-20500101
+extension:subjectAlternativeName:imminently-distrusted.example.com
diff --git a/build/pgo/certs/key4.db b/build/pgo/certs/key4.db
new file mode 100644
index 0000000000..3ccd3336f2
--- /dev/null
+++ b/build/pgo/certs/key4.db
Binary files differ
diff --git a/build/pgo/certs/mochitest.certspec b/build/pgo/certs/mochitest.certspec
new file mode 100644
index 0000000000..31f926290e
--- /dev/null
+++ b/build/pgo/certs/mochitest.certspec
@@ -0,0 +1,3 @@
+subject:Mochitest client
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+serialNumber:3
diff --git a/build/pgo/certs/mochitest.client b/build/pgo/certs/mochitest.client
new file mode 100644
index 0000000000..9e965a414d
--- /dev/null
+++ b/build/pgo/certs/mochitest.client
Binary files differ
diff --git a/build/pgo/certs/mochitest.client.keyspec b/build/pgo/certs/mochitest.client.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/build/pgo/certs/mochitest.client.keyspec
@@ -0,0 +1 @@
+default
diff --git a/build/pgo/certs/noSubjectAltName.certspec b/build/pgo/certs/noSubjectAltName.certspec
new file mode 100644
index 0000000000..dcbda9ee6e
--- /dev/null
+++ b/build/pgo/certs/noSubjectAltName.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:certificate without subjectAlternativeNames
diff --git a/build/pgo/certs/pgoca.ca b/build/pgo/certs/pgoca.ca
new file mode 100644
index 0000000000..31cf9c33a0
--- /dev/null
+++ b/build/pgo/certs/pgoca.ca
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIUQx5pxD+JMg1qPztfSg1Ucw8xsz0wDQYJKoZIhvcNAQEL
+BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAw
+MFowajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
+MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
+ZCBPcHRpbWl6YXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAYFnzom5ROuxDR3WFQatxHs5ekni4uUbEx
+6pN8fOzcsllEfCwvmMLVCh36ffSguf/UlmR5Hq1s/S7iMiic5mnK4aaVwixzS4Z3
+ug7Dc+fG7j0VOcBTKWU983xUK/1F409ghQ5KlO38KA7hyx1kzjYjzvxLaweDXRqr
+J/RZ1ACP2fKNziEOCbXzzzEx39oc17NBV+LotPFzKZ+pcxMDrtiNts4hwCw/UUw7
+Gp0tKte2CevGJbzjPHP3/6FUzHfOatZSpxEmvAcSTDp5sjdVuOStx4v6jVrwvyAz
+VQzDPzaRWh3NtY5JNasrhExr5qxQlygfBngCMgZ9gESG9FvLG+sx
+-----END CERTIFICATE-----
diff --git a/build/pgo/certs/pgoca.ca.keyspec b/build/pgo/certs/pgoca.ca.keyspec
new file mode 100644
index 0000000000..4ad96d5159
--- /dev/null
+++ b/build/pgo/certs/pgoca.ca.keyspec
@@ -0,0 +1 @@
+default
diff --git a/build/pgo/certs/pgoca.certspec b/build/pgo/certs/pgoca.certspec
new file mode 100644
index 0000000000..058e5b55a5
--- /dev/null
+++ b/build/pgo/certs/pgoca.certspec
@@ -0,0 +1,5 @@
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+subject:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/build/pgo/certs/selfsigned.certspec b/build/pgo/certs/selfsigned.certspec
new file mode 100644
index 0000000000..be255b497a
--- /dev/null
+++ b/build/pgo/certs/selfsigned.certspec
@@ -0,0 +1,3 @@
+issuer:self-signed.example.com
+subject:self-signed.example.com
+extension:subjectAlternativeName:self-signed.example.com
diff --git a/build/pgo/certs/sha1_end_entity.certspec b/build/pgo/certs/sha1_end_entity.certspec
new file mode 100644
index 0000000000..eced653a9a
--- /dev/null
+++ b/build/pgo/certs/sha1_end_entity.certspec
@@ -0,0 +1,4 @@
+subject:sha1ee.example.com
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:sha1ee.example.com
+signature:sha1WithRSAEncryption
diff --git a/build/pgo/certs/sha256_end_entity.certspec b/build/pgo/certs/sha256_end_entity.certspec
new file mode 100644
index 0000000000..c3cb5fda2a
--- /dev/null
+++ b/build/pgo/certs/sha256_end_entity.certspec
@@ -0,0 +1,4 @@
+subject:sha256ee.example.com
+issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
+extension:subjectAlternativeName:sha256ee.example.com
+signature:sha256WithRSAEncryption
diff --git a/build/pgo/certs/staticPinningBad.certspec b/build/pgo/certs/staticPinningBad.certspec
new file mode 100644
index 0000000000..7589ff6fc3
--- /dev/null
+++ b/build/pgo/certs/staticPinningBad.certspec
@@ -0,0 +1,5 @@
+subject:include-subdomains.pinning.example.com
+issuer:Alternate Trusted Authority
+extension:subjectAlternativeName:include-subdomains.pinning.example.com
+subjectKey:alternate
+issuerKey:alternate
diff --git a/build/pgo/certs/staticPinningBad.server.keyspec b/build/pgo/certs/staticPinningBad.server.keyspec
new file mode 100644
index 0000000000..cbd5f309c0
--- /dev/null
+++ b/build/pgo/certs/staticPinningBad.server.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/build/pgo/certs/unknown_ca.certspec b/build/pgo/certs/unknown_ca.certspec
new file mode 100644
index 0000000000..40e1bedc70
--- /dev/null
+++ b/build/pgo/certs/unknown_ca.certspec
@@ -0,0 +1,5 @@
+issuer:Unknown CA
+subject:Unknown CA
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/build/pgo/certs/untrusted.certspec b/build/pgo/certs/untrusted.certspec
new file mode 100644
index 0000000000..445d3451b0
--- /dev/null
+++ b/build/pgo/certs/untrusted.certspec
@@ -0,0 +1,3 @@
+subject:untrusted.example.com
+issuer:Unknown CA
+extension:subjectAlternativeName:untrusted.example.com
diff --git a/build/pgo/certs/untrustedandexpired.certspec b/build/pgo/certs/untrustedandexpired.certspec
new file mode 100644
index 0000000000..bed16c7694
--- /dev/null
+++ b/build/pgo/certs/untrustedandexpired.certspec
@@ -0,0 +1,4 @@
+subject:untrusted-expired.example.com
+issuer:Unknown CA
+extension:subjectAlternativeName:untrusted-expired.example.com
+validity:20121012-20121012