a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777561457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ysBVySv1z1+Mjt6k3kl5giyU+5/ceW+62nKSfYgT8No=; b=DeyyXvZjTeNkAl28TR4WSmKxpNELrnfucL/r1u8ZQzIcnDM9+JGq2O6ncaJtuV2M7GglDb fgMtx8b11Wd4WCLHZb1d3rCJBDeDMcTW7N6h2rbT9R5iEDEYHhtBjj8bm9ZrDf669057b8 SICXNvsPf+48ZymbZUzKKaknUn6AMv2ehgDi3bGhb2KzBygF4hsNe5bPNB0D4GDXvqdNef lIPyP5RcjrV/WixcRtdkhH1Cz5celLrZmlL3zuhXFYzlQ1OsDyi0PpJTUWUFsOG0fAc04e qhdclQSZfpO1wuc9MtHugZf+J2fEoowNe2RM5lC3i0fNuNR9zx8C49VYG3FSNg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777561457; a=rsa-sha256; cv=none; b=aNqYsFBB9BRGLa/GWWQBpYNUcQLAK3U2dMsITt0PSOiB9s4lRJfCzbFSjPz7xxgTEW3LB0 Oj9OC4bjQRQcGNich9903iSvp4ronxTUkTBwEyqCjTdGaqFxTe/BkXq31OYrnKsbPF9o4w xpzyBuKgCg8amz3ocDe9eW0ONV1Xsqp4IfZDvBETUmcaAp+YEXXAgypIt+rVulSGrwdqDd nX7Ngcza4nsav41ADNvRv/df1l5AqQEHeWeMWxj2WUJG9iotxzA5CmbKRN3el2q1N5y6DW mf5+MsST3zmcXmHXXYJeaxUgzOH2dxdU+1/ajGCN6Y8WegmaSumILDcDttLJ8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777561457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ysBVySv1z1+Mjt6k3kl5giyU+5/ceW+62nKSfYgT8No=; b=tmCCyadvbOz2ensbeEu+omglyp+5yUuPLWuIrsyFXXQfgM/7jurJYhgUcBBihhB2cZbwgp X5BeIZcImslCmtiV8zygvfiq42AYd48b89Q8emqXOO99gNQsczcm1SlECg3n+gC2YtXfeA 4f13aqyrrCMfjJ3Sx5kWzlHmz0W/woWw4KeVsIK6LTk5OO5s4Kp2b6jjRNHL2au6wBTtEt z0lbGSg8L0vcXe8+X486tyrwuZzpSKqu4JtLn2zTaTGa5NEscR9v5loP/6knddV2DJweU1 yK0exFbnOS/uwwsbASt+bxYXP08FjnNIRqHNkb6RCG9VBHlj48eHVjq/StHVSQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g5yB95WpXz1rk for ; Thu, 30 Apr 2026 15:04:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3eb67 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 30 Apr 2026 15:04:17 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: 7e064a35a7c3 - stable/14 - caroot: Clean up List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 7e064a35a7c32988618387d7ad73db7e51b834b4 Auto-Submitted: auto-generated Date: Thu, 30 Apr 2026 15:04:17 +0000 Message-Id: <69f36f71.3eb67.704a0032@gitrepo.freebsd.org> The branch stable/14 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=7e064a35a7c32988618387d7ad73db7e51b834b4 commit 7e064a35a7c32988618387d7ad73db7e51b834b4 Author: Dag-Erling Smørgrav AuthorDate: 2026-04-27 09:32:19 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-04-30 15:03:10 +0000 caroot: Clean up * Get certdata.txt directly from the NSS Mercurial repository, rather than from the Mozilla Firefox repository which imports it from NSS at irregular intervals. * Instead of always fetching the latest certdata.txt, fetch a specific version. For this commit, we set this to the version that was last imported in May 2025. * Add a refrence to the MPL to the generated files. * Regenerate with latest OpenSSL. This is purely cosmetic; mostly, the certificate names now contain less unnecessary whitespace and some elements are quoted. MFC after: 1 week Reviewed by: michaelo, kevans Differential Revision: https://reviews.freebsd.org/D56620 (cherry picked from commit ce33d6396aadb0613f1e74661bdbec571f836a60) --- secure/caroot/Makefile | 7 ++++++- secure/caroot/ca-extract.pl | 4 ++-- secure/caroot/trusted/ACCVRAIZ1.pem | 12 +++++------- secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem | 11 ++++------- .../caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem | 11 ++++------- secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem | 11 ++++------- secure/caroot/trusted/Actalis_Authentication_Root_CA.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Commercial.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Networking.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Premium.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Premium_ECC.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_1.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_2.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_3.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_4.pem | 11 ++++------- secure/caroot/trusted/Atos_TrustedRoot_2011.pem | 11 ++++------- .../trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem | 11 ++++------- .../trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem | 11 ++++------- ...idad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem | 11 ++++------- secure/caroot/trusted/BJCA_Global_Root_CA1.pem | 11 ++++------- secure/caroot/trusted/BJCA_Global_Root_CA2.pem | 11 ++++------- secure/caroot/trusted/Baltimore_CyberTrust_Root.pem | 11 ++++------- secure/caroot/trusted/Buypass_Class_2_Root_CA.pem | 11 ++++------- secure/caroot/trusted/Buypass_Class_3_Root_CA.pem | 11 ++++------- secure/caroot/trusted/CA_Disig_Root_R2.pem | 11 ++++------- secure/caroot/trusted/CFCA_EV_ROOT.pem | 11 ++++------- secure/caroot/trusted/COMODO_Certification_Authority.pem | 12 +++++------- .../caroot/trusted/COMODO_ECC_Certification_Authority.pem | 11 ++++------- .../caroot/trusted/COMODO_RSA_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/Certainly_Root_E1.pem | 11 ++++------- secure/caroot/trusted/Certainly_Root_R1.pem | 11 ++++------- secure/caroot/trusted/Certigna.pem | 11 ++++------- secure/caroot/trusted/Certigna_Root_CA.pem | 13 ++++++------- secure/caroot/trusted/Certum_EC-384_CA.pem | 11 ++++------- secure/caroot/trusted/Certum_Trusted_Network_CA.pem | 11 ++++------- secure/caroot/trusted/Certum_Trusted_Network_CA_2.pem | 11 ++++------- secure/caroot/trusted/Certum_Trusted_Root_CA.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem | 11 ++++------- secure/caroot/trusted/Comodo_AAA_Services_root.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_BR_Root_CA_1_2020.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem | 12 +++++------- secure/caroot/trusted/D-TRUST_EV_Root_CA_1_2020.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem | 12 +++++------- secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_2009.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem | 13 ++++++------- secure/caroot/trusted/DigiCert_Assured_ID_Root_CA.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Assured_ID_Root_G2.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Assured_ID_Root_G3.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Global_Root_CA.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Global_Root_G2.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Global_Root_G3.pem | 11 ++++------- .../caroot/trusted/DigiCert_High_Assurance_EV_Root_CA.pem | 11 ++++------- secure/caroot/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem | 11 ++++------- secure/caroot/trusted/DigiCert_TLS_RSA4096_Root_G5.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Trusted_Root_G4.pem | 11 ++++------- .../caroot/trusted/Entrust_Root_Certification_Authority.pem | 11 ++++------- .../trusted/Entrust_Root_Certification_Authority_-_EC1.pem | 11 ++++------- .../trusted/Entrust_Root_Certification_Authority_-_G2.pem | 11 ++++------- .../trusted/Entrust_net_Premium_2048_Secure_Server_CA.pem | 11 ++++------- secure/caroot/trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem | 11 ++++------- secure/caroot/trusted/GDCA_TrustAUTH_R5_ROOT.pem | 11 ++++------- secure/caroot/trusted/GLOBALTRUST_2020.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R1.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R2.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R3.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R4.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R4.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R5.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_CA.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_CA_-_R3.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_CA_-_R6.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_E46.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_R46.pem | 11 ++++------- secure/caroot/trusted/Go_Daddy_Class_2_CA.pem | 11 ++++------- .../trusted/Go_Daddy_Root_Certificate_Authority_-_G2.pem | 11 ++++------- secure/caroot/trusted/HARICA_TLS_ECC_Root_CA_2021.pem | 11 ++++------- secure/caroot/trusted/HARICA_TLS_RSA_Root_CA_2021.pem | 11 ++++------- ...c_Academic_and_Research_Institutions_ECC_RootCA_2015.pem | 11 ++++------- ...lenic_Academic_and_Research_Institutions_RootCA_2015.pem | 11 ++++------- secure/caroot/trusted/HiPKI_Root_CA_-_G1.pem | 11 ++++------- secure/caroot/trusted/Hongkong_Post_Root_CA_3.pem | 11 ++++------- secure/caroot/trusted/ISRG_Root_X1.pem | 11 ++++------- secure/caroot/trusted/ISRG_Root_X2.pem | 11 ++++------- secure/caroot/trusted/IdenTrust_Commercial_Root_CA_1.pem | 11 ++++------- secure/caroot/trusted/IdenTrust_Public_Sector_Root_CA_1.pem | 11 ++++------- secure/caroot/trusted/Izenpe_com.pem | 11 ++++------- secure/caroot/trusted/Microsec_e-Szigno_Root_CA_2009.pem | 11 ++++------- .../Microsoft_ECC_Root_Certificate_Authority_2017.pem | 11 ++++------- .../Microsoft_RSA_Root_Certificate_Authority_2017.pem | 11 ++++------- .../trusted/NAVER_Global_Root_Certification_Authority.pem | 11 ++++------- .../NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem | 11 ++++------- secure/caroot/trusted/OISTE_WISeKey_Global_Root_GB_CA.pem | 11 ++++------- secure/caroot/trusted/OISTE_WISeKey_Global_Root_GC_CA.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_1_G3.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_2.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_2_G3.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_3.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_3_G3.pem | 11 ++++------- .../trusted/SSL_com_EV_Root_Certification_Authority_ECC.pem | 11 ++++------- .../SSL_com_EV_Root_Certification_Authority_RSA_R2.pem | 11 ++++------- .../trusted/SSL_com_Root_Certification_Authority_ECC.pem | 11 ++++------- .../trusted/SSL_com_Root_Certification_Authority_RSA.pem | 11 ++++------- secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem | 11 ++++------- secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem | 11 ++++------- secure/caroot/trusted/SZAFIR_ROOT_CA2.pem | 11 ++++------- .../Sectigo_Public_Server_Authentication_Root_E46.pem | 11 ++++------- .../Sectigo_Public_Server_Authentication_Root_R46.pem | 11 ++++------- secure/caroot/trusted/SecureSign_Root_CA12.pem | 11 ++++------- secure/caroot/trusted/SecureSign_Root_CA14.pem | 11 ++++------- secure/caroot/trusted/SecureSign_Root_CA15.pem | 11 ++++------- secure/caroot/trusted/SecureTrust_CA.pem | 12 +++++------- secure/caroot/trusted/Secure_Global_CA.pem | 12 +++++------- .../caroot/trusted/Security_Communication_ECC_RootCA1.pem | 11 ++++------- secure/caroot/trusted/Security_Communication_RootCA2.pem | 11 ++++------- secure/caroot/trusted/Starfield_Class_2_CA.pem | 11 ++++------- .../trusted/Starfield_Root_Certificate_Authority_-_G2.pem | 11 ++++------- .../Starfield_Services_Root_Certificate_Authority_-_G2.pem | 11 ++++------- secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem | 11 ++++------- secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_2.pem | 11 ++++------- secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_3.pem | 11 ++++------- .../TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem | 11 ++++------- secure/caroot/trusted/TWCA_CYBER_Root_CA.pem | 11 ++++------- secure/caroot/trusted/TWCA_Global_Root_CA.pem | 11 ++++------- secure/caroot/trusted/TWCA_Root_Certification_Authority.pem | 11 ++++------- .../caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem | 11 ++++------- .../caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem | 11 ++++------- secure/caroot/trusted/TeliaSonera_Root_CA_v1.pem | 11 ++++------- secure/caroot/trusted/Telia_Root_CA_v2.pem | 11 ++++------- secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem | 11 ++++------- secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem | 11 ++++------- .../trusted/Trustwave_Global_Certification_Authority.pem | 11 ++++------- .../Trustwave_Global_ECC_P256_Certification_Authority.pem | 11 ++++------- .../Trustwave_Global_ECC_P384_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/TunTrust_Root_CA.pem | 11 ++++------- secure/caroot/trusted/UCA_Extended_Validation_Root.pem | 11 ++++------- secure/caroot/trusted/UCA_Global_G2_Root.pem | 11 ++++------- .../trusted/USERTrust_ECC_Certification_Authority.pem | 11 ++++------- .../trusted/USERTrust_RSA_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/XRamp_Global_CA_Root.pem | 12 +++++------- secure/caroot/trusted/certSIGN_ROOT_CA.pem | 11 ++++------- secure/caroot/trusted/certSIGN_Root_CA_G2.pem | 11 ++++------- secure/caroot/trusted/e-Szigno_Root_CA_2017.pem | 11 ++++------- secure/caroot/trusted/ePKI_Root_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/emSign_ECC_Root_CA_-_C3.pem | 11 ++++------- secure/caroot/trusted/emSign_ECC_Root_CA_-_G3.pem | 11 ++++------- secure/caroot/trusted/emSign_Root_CA_-_C1.pem | 11 ++++------- secure/caroot/trusted/emSign_Root_CA_-_G1.pem | 11 ++++------- secure/caroot/trusted/vTrus_ECC_Root_CA.pem | 11 ++++------- secure/caroot/trusted/vTrus_Root_CA.pem | 11 ++++------- .../untrusted/Camerfirma_Chambers_of_Commerce_Root.pem | 10 +++++----- .../caroot/untrusted/Camerfirma_Global_Chambersign_Root.pem | 10 +++++----- secure/caroot/untrusted/Certum_Root_CA.pem | 9 ++++----- .../caroot/untrusted/Chambers_of_Commerce_Root_-_2008.pem | 9 ++++----- secure/caroot/untrusted/D-TRUST_Root_CA_3_2013.pem | 11 ++++++----- secure/caroot/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem | 11 ++++------- secure/caroot/untrusted/E-Tugra_Global_Root_CA_RSA_v3.pem | 11 ++++------- secure/caroot/untrusted/EC-ACC.pem | 9 ++++----- secure/caroot/untrusted/EE_Certification_Centre_Root_CA.pem | 10 ++++------ .../untrusted/Entrust_Root_Certification_Authority_-_G4.pem | 11 ++++------- .../untrusted/GeoTrust_Primary_Certification_Authority.pem | 10 ++++------ .../GeoTrust_Primary_Certification_Authority_-_G2.pem | 9 ++++----- .../GeoTrust_Primary_Certification_Authority_-_G3.pem | 10 ++++------ secure/caroot/untrusted/GeoTrust_Universal_CA.pem | 10 ++++------ secure/caroot/untrusted/GeoTrust_Universal_CA_2.pem | 10 ++++------ secure/caroot/untrusted/Global_Chambersign_Root_-_2008.pem | 9 ++++----- ...lenic_Academic_and_Research_Institutions_RootCA_2011.pem | 11 ++++------- secure/caroot/untrusted/LuxTrust_Global_Root_2.pem | 10 ++++------ .../untrusted/Network_Solutions_Certificate_Authority.pem | 12 +++++------- secure/caroot/untrusted/OISTE_WISeKey_Global_Root_GA_CA.pem | 9 ++++----- secure/caroot/untrusted/SecureSign_RootCA11.pem | 11 ++++------- secure/caroot/untrusted/Security_Communication_RootCA3.pem | 11 ++++------- .../caroot/untrusted/Staat_der_Nederlanden_Root_CA_-_G3.pem | 9 ++++----- secure/caroot/untrusted/SwissSign_Platinum_CA_-_G2.pem | 9 ++++----- secure/caroot/untrusted/SwissSign_Silver_CA_-_G2.pem | 11 ++++------- ..._Class_1_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------ ..._Class_1_Public_Primary_Certification_Authority_-_G6.pem | 9 ++++----- ..._Class_2_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------ ..._Class_2_Public_Primary_Certification_Authority_-_G6.pem | 9 ++++----- secure/caroot/untrusted/Taiwan_GRCA.pem | 10 ++++------ secure/caroot/untrusted/TrustCor_ECA-1.pem | 11 ++++------- secure/caroot/untrusted/TrustCor_RootCert_CA-1.pem | 11 ++++------- secure/caroot/untrusted/TrustCor_RootCert_CA-2.pem | 11 ++++------- ..._Class_3_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------ ..._Class_3_Public_Primary_Certification_Authority_-_G5.pem | 10 ++++------ .../VeriSign_Universal_Root_Certification_Authority.pem | 9 ++++----- ..._Class_1_Public_Primary_Certification_Authority_-_G3.pem | 9 ++++----- ..._Class_2_Public_Primary_Certification_Authority_-_G3.pem | 9 ++++----- ..._Class_3_Public_Primary_Certification_Authority_-_G3.pem | 10 ++++------ secure/caroot/untrusted/thawte_Primary_Root_CA.pem | 10 ++++------ secure/caroot/untrusted/thawte_Primary_Root_CA_-_G2.pem | 10 ++++------ secure/caroot/untrusted/thawte_Primary_Root_CA_-_G3.pem | 10 ++++------ 194 files changed, 800 insertions(+), 1300 deletions(-) diff --git a/secure/caroot/Makefile b/secure/caroot/Makefile index fc50d54bae10..5e77bc233712 100644 --- a/secure/caroot/Makefile +++ b/secure/caroot/Makefile @@ -6,12 +6,17 @@ SUBDIR+= untrusted .include +# Set this to an upstream hash or tag +# https://hg-edge.mozilla.org/projects/nss/tags +HGVER = e71e3de47d4ca7a3efa7c11096ab2e20ae71683e + # To be used by secteam@ to update the trusted certificates fetchcerts: .PHONY - fetch --no-sslv3 --no-tlsv1 -o certdata.txt 'https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt' + fetch --mirror -o certdata.txt 'https://hg-edge.mozilla.org/projects/nss/raw-file/${HGVER}/lib/ckfw/builtins/certdata.txt' cleancerts: .PHONY @${MAKE} -C ${.CURDIR}/trusted ${.TARGET} + @${MAKE} -C ${.CURDIR}/untrusted ${.TARGET} updatecerts: .PHONY cleancerts fetchcerts perl ${.CURDIR}/ca-extract.pl -i certdata.txt \ diff --git a/secure/caroot/ca-extract.pl b/secure/caroot/ca-extract.pl index 75f8352e384e..c02411b2cf42 100755 --- a/secure/caroot/ca-extract.pl +++ b/secure/caroot/ca-extract.pl @@ -40,7 +40,6 @@ use Carp; use MIME::Base64; use Getopt::Long; use Time::Local qw( timegm_posix ); -use POSIX qw( strftime ); my $generated = '@' . 'generated'; my $inputfh = *STDIN; @@ -79,7 +78,8 @@ sub print_header($$) ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## $generated ## diff --git a/secure/caroot/trusted/ACCVRAIZ1.pem b/secure/caroot/trusted/ACCVRAIZ1.pem index 9c48cb1f7155..4306a9da04ea 100644 --- a/secure/caroot/trusted/ACCVRAIZ1.pem +++ b/secure/caroot/trusted/ACCVRAIZ1.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 6828503384748696800 (0x5ec3b7a6437fa4e0) Signature Algorithm: sha1WithRSAEncryption - Issuer: CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES + Issuer: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES Validity Not Before: May 5 09:37:37 2011 GMT Not After : Dec 31 09:37:37 2030 GMT - Subject: CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES + Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) @@ -79,6 +76,7 @@ Certificate: X509v3 CRL Distribution Points: Full Name: URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl + X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Alternative Name: diff --git a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem index b526b6694741..7cf292057c7a 100644 --- a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem +++ b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 Signature Algorithm: sha256WithRSAEncryption - Issuer: C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM + Issuer: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM Validity Not Before: Oct 29 15:59:56 2008 GMT Not After : Jan 1 00:00:00 2030 GMT - Subject: C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM + Subject: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem index c90964ddb4d3..2a08b9a091ec 100644 --- a/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem +++ b/secure/caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 62:f6:32:6c:e5:c4:e3:68:5c:1b:62:dd:9c:2e:9d:95 Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = ES, O = FNMT-RCM, OU = Ceres, organizationIdentifier = VATES-Q2826004J, CN = AC RAIZ FNMT-RCM SERVIDORES SEGUROS + Issuer: C=ES, O=FNMT-RCM, OU=Ceres, organizationIdentifier=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS Validity Not Before: Dec 20 09:37:33 2018 GMT Not After : Dec 20 09:37:33 2043 GMT - Subject: C = ES, O = FNMT-RCM, OU = Ceres, organizationIdentifier = VATES-Q2826004J, CN = AC RAIZ FNMT-RCM SERVIDORES SEGUROS + Subject: C=ES, O=FNMT-RCM, OU=Ceres, organizationIdentifier=VATES-Q2826004J, CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem b/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem index 158d806bffc3..8a133cfc419d 100644 --- a/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem +++ b/secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 996390341000653745 (0xdd3e3bc6cf96bb1) Signature Algorithm: sha256WithRSAEncryption - Issuer: serialNumber = G63287510, C = ES, O = ANF Autoridad de Certificacion, OU = ANF CA Raiz, CN = ANF Secure Server Root CA + Issuer: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA Validity Not Before: Sep 4 10:00:38 2019 GMT Not After : Aug 30 10:00:38 2039 GMT - Subject: serialNumber = G63287510, C = ES, O = ANF Autoridad de Certificacion, OU = ANF CA Raiz, CN = ANF Secure Server Root CA + Subject: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem b/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem index b71e3f700c29..d695e866c1bd 100644 --- a/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem +++ b/secure/caroot/trusted/Actalis_Authentication_Root_CA.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 6271844772424770508 (0x570a119742c4e3cc) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA + Issuer: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA Validity Not Before: Sep 22 11:22:02 2011 GMT Not After : Sep 22 11:22:02 2030 GMT - Subject: C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA + Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/AffirmTrust_Commercial.pem b/secure/caroot/trusted/AffirmTrust_Commercial.pem index b59fd17d8d7b..b889d02ba6b7 100644 --- a/secure/caroot/trusted/AffirmTrust_Commercial.pem +++ b/secure/caroot/trusted/AffirmTrust_Commercial.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 8608355977964138876 (0x7777062726a9b17c) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = US, O = AffirmTrust, CN = AffirmTrust Commercial + Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Commercial Validity Not Before: Jan 29 14:06:06 2010 GMT Not After : Dec 31 14:06:06 2030 GMT - Subject: C = US, O = AffirmTrust, CN = AffirmTrust Commercial + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/trusted/AffirmTrust_Networking.pem b/secure/caroot/trusted/AffirmTrust_Networking.pem index 33f7a4bebcb6..e4a201bc82ae 100644 --- a/secure/caroot/trusted/AffirmTrust_Networking.pem +++ b/secure/caroot/trusted/AffirmTrust_Networking.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 8957382827206547757 (0x7c4f04391cd4992d) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = US, O = AffirmTrust, CN = AffirmTrust Networking + Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Networking Validity Not Before: Jan 29 14:08:24 2010 GMT Not After : Dec 31 14:08:24 2030 GMT - Subject: C = US, O = AffirmTrust, CN = AffirmTrust Networking + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/trusted/AffirmTrust_Premium.pem b/secure/caroot/trusted/AffirmTrust_Premium.pem index ec32ac850bbd..853f7dc0e2d3 100644 --- a/secure/caroot/trusted/AffirmTrust_Premium.pem +++ b/secure/caroot/trusted/AffirmTrust_Premium.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 7893706540734352110 (0x6d8c1446b1a60aee) Signature Algorithm: sha384WithRSAEncryption - Issuer: C = US, O = AffirmTrust, CN = AffirmTrust Premium + Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium Validity Not Before: Jan 29 14:10:36 2010 GMT Not After : Dec 31 14:10:36 2040 GMT - Subject: C = US, O = AffirmTrust, CN = AffirmTrust Premium + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem b/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem index 19a9ffb6b45b..68ce02904f4f 100644 --- a/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem +++ b/secure/caroot/trusted/AffirmTrust_Premium_ECC.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 8401224907861490260 (0x7497258ac73f7a54) Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC + Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC Validity Not Before: Jan 29 14:20:24 2010 GMT Not After : Dec 31 14:20:24 2040 GMT - Subject: C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/trusted/Amazon_Root_CA_1.pem b/secure/caroot/trusted/Amazon_Root_CA_1.pem index 5a7236d01703..ffbbd9359026 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_1.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_1.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca Signature Algorithm: sha256WithRSAEncryption - Issuer: C = US, O = Amazon, CN = Amazon Root CA 1 + Issuer: C=US, O=Amazon, CN=Amazon Root CA 1 Validity Not Before: May 26 00:00:00 2015 GMT Not After : Jan 17 00:00:00 2038 GMT - Subject: C = US, O = Amazon, CN = Amazon Root CA 1 + Subject: C=US, O=Amazon, CN=Amazon Root CA 1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/trusted/Amazon_Root_CA_2.pem b/secure/caroot/trusted/Amazon_Root_CA_2.pem index 5418e52f1cfd..d46be964b784 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_2.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_2.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 Signature Algorithm: sha384WithRSAEncryption - Issuer: C = US, O = Amazon, CN = Amazon Root CA 2 + Issuer: C=US, O=Amazon, CN=Amazon Root CA 2 Validity Not Before: May 26 00:00:00 2015 GMT Not After : May 26 00:00:00 2040 GMT - Subject: C = US, O = Amazon, CN = Amazon Root CA 2 + Subject: C=US, O=Amazon, CN=Amazon Root CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/Amazon_Root_CA_3.pem b/secure/caroot/trusted/Amazon_Root_CA_3.pem index 0baa14e92de3..6c83842bcad5 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_3.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_3.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a Signature Algorithm: ecdsa-with-SHA256 - Issuer: C = US, O = Amazon, CN = Amazon Root CA 3 + Issuer: C=US, O=Amazon, CN=Amazon Root CA 3 Validity Not Before: May 26 00:00:00 2015 GMT Not After : May 26 00:00:00 2040 GMT - Subject: C = US, O = Amazon, CN = Amazon Root CA 3 + Subject: C=US, O=Amazon, CN=Amazon Root CA 3 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) diff --git a/secure/caroot/trusted/Amazon_Root_CA_4.pem b/secure/caroot/trusted/Amazon_Root_CA_4.pem index 06ccb20544dc..167f0d3ae365 100644 --- a/secure/caroot/trusted/Amazon_Root_CA_4.pem +++ b/secure/caroot/trusted/Amazon_Root_CA_4.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = US, O = Amazon, CN = Amazon Root CA 4 + Issuer: C=US, O=Amazon, CN=Amazon Root CA 4 Validity Not Before: May 26 00:00:00 2015 GMT Not After : May 26 00:00:00 2040 GMT - Subject: C = US, O = Amazon, CN = Amazon Root CA 4 + Subject: C=US, O=Amazon, CN=Amazon Root CA 4 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/trusted/Atos_TrustedRoot_2011.pem b/secure/caroot/trusted/Atos_TrustedRoot_2011.pem index 736143dc94ff..a5781197cff1 100644 --- a/secure/caroot/trusted/Atos_TrustedRoot_2011.pem +++ b/secure/caroot/trusted/Atos_TrustedRoot_2011.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 6643877497813316402 (0x5c33cb622c5fb332) Signature Algorithm: sha256WithRSAEncryption - Issuer: CN = Atos TrustedRoot 2011, O = Atos, C = DE + Issuer: CN=Atos TrustedRoot 2011, O=Atos, C=DE Validity Not Before: Jul 7 14:58:30 2011 GMT Not After : Dec 31 23:59:59 2030 GMT - Subject: CN = Atos TrustedRoot 2011, O = Atos, C = DE + Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem index c1d1df849c8f..b696144b1487 100644 --- a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem +++ b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 3d:98:3b:a6:66:3d:90:63:f7:7e:26:57:38:04:ef:00 Signature Algorithm: ecdsa-with-SHA384 - Issuer: CN = Atos TrustedRoot Root CA ECC TLS 2021, O = Atos, C = DE + Issuer: CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE Validity Not Before: Apr 22 09:26:23 2021 GMT Not After : Apr 17 09:26:22 2041 GMT - Subject: CN = Atos TrustedRoot Root CA ECC TLS 2021, O = Atos, C = DE + Subject: CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem index c602172911ed..410b7cbed96f 100644 --- a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem +++ b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 53:d5:cf:e6:19:93:0b:fb:2b:05:12:d8:c2:2a:a2:a4 Signature Algorithm: sha384WithRSAEncryption - Issuer: CN = Atos TrustedRoot Root CA RSA TLS 2021, O = Atos, C = DE + Issuer: CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE Validity Not Before: Apr 22 09:21:10 2021 GMT Not After : Apr 17 09:21:09 2041 GMT - Subject: CN = Atos TrustedRoot Root CA RSA TLS 2021, O = Atos, C = DE + Subject: CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem index ceae80a3e6d8..0e4b90b76ffe 100644 --- a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem +++ b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 1977337328857672817 (0x1b70e9d2ffae6c71) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068 + Issuer: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 Validity Not Before: Sep 23 15:22:07 2014 GMT Not After : May 5 15:22:07 2036 GMT - Subject: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068 + Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/BJCA_Global_Root_CA1.pem b/secure/caroot/trusted/BJCA_Global_Root_CA1.pem index b8ae26804770..060a47ab2ee6 100644 --- a/secure/caroot/trusted/BJCA_Global_Root_CA1.pem +++ b/secure/caroot/trusted/BJCA_Global_Root_CA1.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 55:6f:65:e3:b4:d9:90:6a:1b:09:d1:6c:3e:c0:6c:20 Signature Algorithm: sha256WithRSAEncryption - Issuer: C = CN, O = BEIJING CERTIFICATE AUTHORITY, CN = BJCA Global Root CA1 + Issuer: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1 Validity Not Before: Dec 19 03:16:17 2019 GMT Not After : Dec 12 03:16:17 2044 GMT - Subject: C = CN, O = BEIJING CERTIFICATE AUTHORITY, CN = BJCA Global Root CA1 + Subject: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/BJCA_Global_Root_CA2.pem b/secure/caroot/trusted/BJCA_Global_Root_CA2.pem index 8265c5da88e8..d551c65560a2 100644 --- a/secure/caroot/trusted/BJCA_Global_Root_CA2.pem +++ b/secure/caroot/trusted/BJCA_Global_Root_CA2.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 2c:17:08:7d:64:2a:c0:fe:85:18:59:06:cf:b4:4a:eb Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = CN, O = BEIJING CERTIFICATE AUTHORITY, CN = BJCA Global Root CA2 + Issuer: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2 Validity Not Before: Dec 19 03:18:21 2019 GMT Not After : Dec 12 03:18:21 2044 GMT - Subject: C = CN, O = BEIJING CERTIFICATE AUTHORITY, CN = BJCA Global Root CA2 + Subject: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem b/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem index e7bc165793d8..8f5973a12f5b 100644 --- a/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem +++ b/secure/caroot/trusted/Baltimore_CyberTrust_Root.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 33554617 (0x20000b9) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root + Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root Validity Not Before: May 12 18:46:00 2000 GMT Not After : May 12 23:59:00 2025 GMT - Subject: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root + Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem b/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem index 20f28f053315..5596e08b3cb3 100644 --- a/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem +++ b/secure/caroot/trusted/Buypass_Class_2_Root_CA.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA + Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA Validity Not Before: Oct 26 08:38:03 2010 GMT Not After : Oct 26 08:38:03 2040 GMT - Subject: C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA + Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem b/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem index c9e409413ec6..7c6136850886 100644 --- a/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem +++ b/secure/caroot/trusted/Buypass_Class_3_Root_CA.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 2 (0x2) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA + Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA Validity Not Before: Oct 26 08:28:58 2010 GMT Not After : Oct 26 08:28:58 2040 GMT - Subject: C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA + Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/trusted/CA_Disig_Root_R2.pem b/secure/caroot/trusted/CA_Disig_Root_R2.pem index 86f93bb2f151..1b007f970460 100644 *** 5540 LINES SKIPPED ***