Movatterモバイル変換

chromium/badssl.comPublic

NotificationsYou must be signed in to change notification settings
Fork197
Star2.9k

🔒 Memorable site for testing clients against bad SSL configs.

badssl.com

License

Apache-2.0 license

2.9k stars 197 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 496 Commits
_layouts		_layouts
_plugins		_plugins
certs		certs
common		common
domains-local-only/cert		domains-local-only/cert
domains		domains
nginx-includes		nginx-includes
.gitignore		.gitignore
AUTHORS		AUTHORS
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
_config.yml		_config.yml
badssl.png		badssl.png
fallback-common.conf		fallback-common.conf
fallback.conf		fallback.conf
nginx.conf		nginx.conf

Repository files navigation

Visitbadssl.com for a list of test subdomains, including:

Server Setup

Stock Ubuntu VM, DNS A records forbadssl.com. and*.badssl.com. pointing to the VM.

Testing and development

Follow the instructions toinstall Docker.
Clone into the badssl repo by runninggit clone https://github.com/chromium/badssl.com && cd badssl.com.
In order to access the various badssl subdomains locally you will need to add them to yoursystem hosts file. Runmake list-hosts and copy and paste the output into/etc/hosts.
Start Docker by runningmake serve.
You can now navigate tobadssl.test in your browser, and you should see a certificate error.
The badssl root certificate is atcerts/sets/test/gen/crt/ca-root.crt. In order to get the rest of the badssl subdomains working, you will need to add this to your machine's list of trusted certificates.
- OnmacOS, dragcerts/sets/test/gen/crt/ca-root.crt into the login section of the program Keychain Access. A BadSSL Root Certificate Authority entry should appear in the list. Double-click on this entry and select "Always Trust" from the drop-down menu next to "Secure Sockets Layer (SSL)." Close the window to save your changes.
  If you are already familiar with this process, you can instead run this command:
```
security add-trusted-cert -r trustRoot -p ssl \  -k"$HOME/Library/Keychains/login.keychain" certs/sets/test/gen/crt/ca-root.crt
```
In order to preserve the client and root certificates even after runningmake clean, run:

cd certs/sets/testmkdir -p pregen/crt pregen/keycp gen/crt/ca-root.crt pregen/crt/ca-root.crtcp gen/crt/client.crt pregen/crt/client.crtcp gen/crt/client-ca-root.crt pregen/crt/client-ca-root.crtcp gen/key/ca-root.key pregen/key/ca-root.keycp gen/key/client.key pregen/key/client.keycp gen/key/client-ca-root.key pregen/key/client-ca-root.key

Acknowledgments

badssl.com is hosted on Google Cloud infrastructure and co-maintained by:

April King, Mozilla Firefox
Lucas Garron, formerly Google Chrome
Chris Thompson, Google Chrome

Several public badssl.com certificates required special issuance processes. Most certificates were graciously issued for free, thanks to help from:

Vincent Lynch,The SSL Store (sha1-2016,sha1-2017)
Richard Barnes, Mozilla (1000-sans,10000-sans)
Clint Wilson,DigiCert (most wildcards)
Andrew Ayer,SSLMate (invalid-expected-sct)
Rob Stradling,Comodo (1000-sans,10000-sans,no-subject,no-common-name,sha1-intermediate,ѕрооғ)

Various subdomains and test pages are also implemented byexternal contributors.

Disclaimer

badssl.com is meant formanual testing of security UI in web clients.

Most subdomains are likely to have stable functionality, but anythingcould change without notice. If you would like a documented guarantee for a particular use case, please file an issue. (Alternatively, you could make a fork and host your own copy.)

badssl.com is not an official Google product. It is offered "AS-IS" and without any warranties.