How to import Happy Hacker CA for tests?


#1

Hi,

I’m using staging server (aka Happy Hacker CA) to get certs for our staging environment. I would like to monitor them (we have valid certs on our staging platform), and not use production CA for this.

For our current certs, we use a custom CA that we import in the browser and in the CA store on the server. Is it possible to get the Happy Hacker CA somewhere to import it? I looked at the boulder directory in the letsencrypt githup repo, but it doesn’t seem to be the same CA :frowning:

Thanks in advance for your help,


#2

You can obtain it from http://cert.staging-x1.letsencrypt.org/ in DER format. That said, the Happy Hacker signing key for the staging network is in no way protected, it’s in fact distributed with Boulder’s source code, so beware.

I know there are plans to generate a new staging cert chain (with intermediates) so that staging can submit to test CT logs, but I don’t believe it’s a high priority.


#3

Thank you very much jcjones, this is exactly what I needed.

We’ll update our process if the staging cert chain change.


#4

It sounds like you’re doing the right thing: Importing the CA cert for staging into a browser that is only used for CI testing.

Just to be clear for anyone else visiting this thread: Do not import the staging CA into any browser you actually use to surf the web. It will allow anyone to trivially MITM you.