testssl.sh/etc
Dirk Wetter 12c7af11c6 fixed hashes 2016-07-20 19:11:38 +02:00
..
Apple.pem - added Apple certificate store 2016-03-24 18:52:10 +01:00
Linux.pem - now the stores are properly named 2016-03-24 18:56:26 +01:00
Microsoft.pem - now the stores are properly named 2016-03-24 18:56:26 +01:00
Mozilla.pem - now the stores are properly named 2016-03-24 18:56:26 +01:00
README.md - polishing 2016-03-25 11:52:23 +01:00
ca_hashes.txt fixed hashes 2016-07-20 19:11:38 +02:00
curves.txt - added values to curve448 + 25519 2016-06-09 13:18:55 +02:00
mapping-rfc.txt rename old alg chacha/poly ciphers according to SSLlabs (#379 / https://github.com/PeterMosmans/openssl/issues/43) 2016-06-15 20:14:08 +02:00
mapping.txt initial commit 2016-06-09 15:06:42 +02:00

README.md

Certificate stores

The certificate stores were retrieved by

  • Mozilla; see https://curl.haxx.se/docs/caextract.html
  • Linux: Just copied from an up-to-date Linux machine
  • Microsoft: For Windows >= 7/2008 Microsoft decided not to provide a full certificate store by default or via update as all other OS do. It's being populated with time -- supposed you use e.g. IE while browsing. This store was destilled from three different windows installations via "certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities" --> "Certificates". Third Party Root Certificates were for now deliberately omitted. Feedback is welcome, see #317.
  • Apple: It comes from Apple OS X keychain app. Open Keychain Access. In the Finder window, under Favorites --> "Applications" --> "Utilities" --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" --> "Category" --> "All Items" Select all CA certificates, "File" --> "Export Items"

In this directory you can also save e.g. your company Root CA(s) in PEM format, extension pem. This has two catches momentarily: You will still get a warning for the other certificate stores while scanning internal net- works. Second catch: If you scan other hosts in the internet the check against your Root CA will fail, too. This will be fixed in the future, see #230.

Mapping files

The file mapping-rfc.txt uses the hexcode to map OpenSSL names against the RFC/IANA names. curves.txt is not being used yet, it is supposed to map EC curve names properly.