Skip to main content

Using test certificates

The CAI SDK does not allow you to use a self-signed certificate to sign a manifest.

For initial development and testing, the SDK provides example test certificates and private keys:

  • The Rust library sdk/tests/fixtures/certs/ folder contains certificates and signing keys for many of the supported signature types.
  • The prerelease libraries (Node.js, Python, and C++) provide a subset of test certificates in each repository's tests/fixtures folder. The Node.js library even provides a CreateTestSigner() convenience function to create a local signer instance using the test certificate.
Warning

While these test credentials are useful during development, you must get your own certificate and use your own private key for production deployment.

Although not recommended due to complexity and difficulty, you can create your own certificates for development and testing. Follow the requirements in the C2PA Technical Specification X.509 Certificates and Digital Signatures sections.

For manifest claims signed with one of the test certificates, the C2PA Verify tool will display the message "The Content Credential issuer couldn't be recognized." See Using the Verify tool for more information.