SecurityTests/clxutils/certcrl/testSubjects/crlFromSsl/crlssl.scr

   1 #
   2 # CRL verfication of certs obtained from SSL sites
   3 #
   4 globals
   5 certNetFetchEnable = false
   6 crlNetFetchEnable = true
   7 useSystemAnchors = true
   8 # alternate these two on successful runs, flip either one for failure
   9 allowUnverified = true
  10 requireCrlIfPresent = false
  11 end
  12 ###
  13 ### all these (until further notice) get CRLs from crl.verisign.com
  14 ###
  15 echo "================================="
  16 test = "www.amazon.com"
  17 revokePolicy = crl
  18 cert = amazon_v3.100.cer
  19 cert = amazon_v3.101.cer
  20 sslHost = www.amazon.com
  21 requireCrlIfPresent = true
  22 end
  23 echo "================================="
  24 test = "www.cduniverse.com"
  25 revokePolicy = crl
  26 cert = cduniverse_v3.100.cer
  27 cert = cduniverse_v3.101.cer
  28 sslHost = www.cduniverse.com
  29 allowUnverified = false
  30 end
  31 echo "================================="
  32 test = "store.apple.com"
  33 revokePolicy = crl
  34 allowUnverified = false
  35 cert = apple_v3.100.cer
  36 cert = apple_v3.101.cer
  37 sslHost = store.apple.com
  38 end
  39 echo "================================="
  40 test = "www.wellsfargo.com"
  41 revokePolicy = crl
  42 allowUnverified = false
  43 cert = wellsfargo_v3.100.cer
  44 cert = wellsfargo_v3.101.cer
  45 sslHost = www.wellsfargo.com
  46 end
  47
  48 #echo "================================="
  49 #
  50 # this server's cert has expired and they don't have a new one yet
  51 #
  52 #test = "www.xdss.com"
  53 #revokePolicy = crl
  54 #requireOcspIfPresent = true
  55 #cert = xdss_v3.100.cer
  56 #cert = xdss_v3.101.cer
  57 #sslHost = www.xdss.com
  58 #end
  59 echo "================================="
  60 test = "www.verisign.com"
  61 revokePolicy = crl
  62 allowUnverified = false
  63 cert = verisign_v3.100.cer
  64 cert = verisign_v3.101.cer
  65 #
  66 # This one is the root, which SSL server sent us.
  67 # Leave it in for variety.
  68 #
  69 cert = verisign_v3.102.cer
  70 sslHost = www.verisign.com
  71 end
  72 echo "================================="
  73 test = "accounts.key.com"
  74 revokePolicy = crl
  75 allowUnverified = false
  76 cert = keybank_v3.100.cer
  77 cert = keybank_v3.101.cer
  78 #
  79 # This one is the root, which SSL server sent us.
  80 # Leave it in for variety.
  81 #
  82 cert = keybank_v3.102.cer
  83 sslHost = accounts.key.com
  84 end
  85 echo "================================="
  86 test = "secure.authorize.net"
  87 revokePolicy = crl
  88 allowUnverified = false
  89 cert = secauth_v3.100.cer
  90 cert = secauth_v3.101.cer
  91 sslHost = secure.authorize.net
  92 end
  93 ###
  94 ### CRLs from crl.thawte.com
  95 ###
  96 ###
  97 ### CRL from http://crl.geotrust.com, issued by Equifax
  98 ###
  99 echo "================================="
 100 test = "www.firstamlink.com"
 101 revokePolicy = crl
 102 cert = firstamlink_v3.100.cer
 103 sslHost = www.firstamlink.com
 104 requireCrlIfPresent = true
 105 end
 106
 107 #
 108 # cert and CRL from entrust
 109 # temp disabled...
 110 #
 111 #echo "================================="
 112 #test = "accesd.desjardins.com"
 113 #revokePolicy = crl
 114 #cert = entrust_v3.100.cer
 115 #cert = entrust_v3.101.cer
 116 #sslHost = accesd.desjardins.com
 117 #requireCrlIfPresent = true
 118 #end
 119 #
 120 # Secure Server Certification Authority
 121 # CRL http://SVRSecure-crl.verisign.com/SVRSecure.crl
 122 #
 123 echo "================================="
 124 test = "www.netfile.state.co.us"
 125 revokePolicy = crl
 126 requireCrlIfPresent = true
 127 cert = netfile.state.co_v3.100.cer
 128 cert = netfile.state.co_v3.101.cer
 129 sslHost = www.netfile.state.co.us
 130 end