DSS Test Certificates
Test User 1 should be the default for testing Test User A is revoked ! PEMs have no password. P12s have password 'password'.
- UPUSign.pem or .p12 is the default Server-side signing key/pair certificate.
TestUser1, 2, and 3 .pem or .p12 are selectable client-owned, server-resident keys
- TestUserA is simply a client-owned, server-resident key/pair which has been revoked with CRL entry in the UPU_5yr_crl.crl file
dss:KeySelector should be initialized to access the TestUser1 credential and keys as the implementation sees fit. The core doc is extremely sparse on this subject a refers the reader directly to ds:KeyInfo.
Thus one could use the KeyName sub-element or perhaps the X509SubjectName sub-element to point to TestUser1. Implementations are free to map this name back to the key/pair certificate pem or p12 as they see fit.