This project generates example S/MIME certificates that comply with version 1.0 of the CA/Browser Forum Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates.
- Install Python 3.
- Clone this repository (
git clone https://github.com/digicert/smbr-cert-factory.git
). cd
to the root of the cloned repository (cd smbr-cert-factory
).- Install required packages (
pip3 install -r requirements.txt
). - Run
python3 main.py
. Example certificates, CRLs, and private keys will be output to theartifacts
directory.
These example certificates were generated by running this project locally. Note that the key pairs used by this project are sourced from Standard PKC Test Keys. If you run a CA, we highly recommend that you add these keys to your blocklist.
- Root CA
- Issuing CA
- Mailbox-Validated Strict
- Mailbox-Validated Multipurpose
- Organization-Validated Strict
- Organization-Validated Multipurpose
- Sponsored-Validated Strict
- Sponsored-Validated Multipurpose
- Individual-Validated Strict
- Individual-Validated Multipurpose
- Individual-Validated Legacy
Perhaps unsurprisingly, these example S/MIME certificates lint clean against pkilint's CA/Browser Forum S/MIME Baseline Requirements linter.