testssl.sh/etc/README.md

43 lines
2.2 KiB
Markdown
Raw Normal View History

2016-03-13 20:38:06 +01:00
2016-03-14 22:40:29 +01:00
#### Certificate stores
2016-03-13 20:38:06 +01:00
The certificate stores were retrieved by
* Mozilla; see https://curl.haxx.se/docs/caextract.html
2016-03-13 21:13:03 +01:00
* Linux: Just copied from an up-to-date Linux machine
2016-03-25 11:52:23 +01:00
* Microsoft: For Windows >= 7/2008 Microsoft decided not to provide
a full certificate store by default or via update as all other OS do.
It's being populated with time -- supposed you use e.g. IE while browsing.
Thus this file is smaller as the others.
This store was destilled from three different windows installations via
2016-03-25 11:52:23 +01:00
"certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities"
and the Third Party Store.
2016-03-25 11:52:23 +01:00
Feedback is welcome, see #317.
It's still behind what MS publishes what [should be included](http://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants-v-2016-april.aspx).
Unfortunately there doesn't seem to be store to DL. Let me know if
you have a pointer
2016-03-25 11:52:23 +01:00
* Apple: It comes from Apple OS X keychain app. Open Keychain Access.
In the Finder window, under Favorites --> "Applications" --> "Utilities"
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
--> "Category" --> "All Items"
Select all CA certificates, "File" --> "Export Items"
2016-03-13 20:38:06 +01:00
In this directory you can also save e.g. your company Root CA(s) in PEM
format, extension ``pem``. This has two catches momentarily: You will still
2016-03-25 11:52:23 +01:00
get a warning for the other certificate stores while scanning internal net-
works. Second catch: If you scan other hosts in the internet the check against
2016-03-25 11:52:23 +01:00
your Root CA will fail, too. This will be fixed in the future, see #230.
2016-03-13 20:38:06 +01:00
2017-02-24 17:55:20 +01:00
#### Further needed files
2017-08-13 11:32:24 +02:00
* ``tls_data.txt`` contains lists of cipher suites and private keys for sockets-based tests
2017-08-04 15:10:41 +02:00
* ``cipher-mapping.txt`` contains information about all of the cipher suites defined for SSL/TLS
2017-02-24 17:55:20 +01:00
* ``ca_hashes.txt`` is used for HPKP test in order to have a fast comparison with known CAs
* ``common-primes.txt`` is used for LOGJAM
* ``client-simulation.txt`` as the name indicates it's the data for the client simulation. Use
``~/utils/update_client_sim_data.pl`` for an update. Note: This list has been manually
edited to sort it and weed it out.