The following command has been used to generate test keys: for x in 256 512 2048; do openssl genrsa -out rsa${k}_key.pem $k; done For the elliptic curve private keys, this command was used: for k in "prime256v1" "secp384r1" "secp521r1" do openssl genpkey -algorithm ${k} -out ec_${k}_key.pem done and for the CSR PEM (Certificate Signing Request): openssl req -new -out csr-Xsans_X.pem -key rsa512_key.pem [-config csr-Xsans_X.conf | -subj '/CN=example.com'] [-outform DER > csr_X.der] and for the certificate: openssl req -new -out cert_X.pem -key rsaX_key.pem -subj '/CN=example.com' -x509 [-outform DER > cert_X.der] `csr-mixed.pem` was generated with pyca/cryptography using the following snippet: from cryptography import x509 from cryptography.hazmat.primitives import hashes, serialization k = serialization.load_pem_private_key( open("./acme/acme/_internal/tests/testdata/rsa2048_key.pem", "rb").read(), None ) csr = ( x509.CertificateSigningRequestBuilder().add_extension( x509.SubjectAlternativeName([x509.DNSName('a.exemple.com'), x509.IPAddress(ipaddress.ipaddr('192.0.2.111'))]), critical=False ).subject_name( x509.Name([]) ).sign( k, hashes.SHA256() ) ) open("./acme/acme/_internal/tests/testdata/csr-mixed.pem", "wb").write( csr.public_bytes(serialization.Encoding.PEM) ) SIMPAN PERUBAHAN