Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Feb 2024 20:34:15 GMT
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 16eebc4e19de - releng/13.3 - caroot: routine update
Message-ID:  <202402132034.41DKYFVf025040@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch releng/13.3 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=16eebc4e19de99bdc0457f483c97d749a27e7603

commit 16eebc4e19de99bdc0457f483c97d749a27e7603
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-02-11 06:33:12 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-02-13 20:34:00 +0000

    caroot: routine update
    
    Changes:
    - One (1) modified
    - Eight (8) added
    - One (1) expired, now untrusted
    
    Approved by:    re (cperciva)
    MFC after:      3 days
    
    (cherry picked from commit 0d3b2bdbf719ac6b5719a47387558ca9c34a4b2c)
    (cherry picked from commit 9b7611d9c7b48e68f017c43ec67d4182a4bc11c4)
---
 ObsoleteFiles.inc                                  |   3 +
 .../Security_Communication_Root_CA.pem             |   0
 ...ertificacion_Firmaprofesional_CIF_A62634068.pem | 118 +++++++++---------
 .../trusted/CommScope_Public_Trust_ECC_Root-01.pem |  67 ++++++++++
 .../trusted/CommScope_Public_Trust_ECC_Root-02.pem |  67 ++++++++++
 .../trusted/CommScope_Public_Trust_RSA_Root-01.pem | 134 ++++++++++++++++++++
 .../trusted/CommScope_Public_Trust_RSA_Root-02.pem | 134 ++++++++++++++++++++
 .../trusted/Telekom_Security_TLS_ECC_Root_2020.pem |  68 ++++++++++
 .../trusted/Telekom_Security_TLS_RSA_Root_2023.pem | 138 +++++++++++++++++++++
 .../caroot/trusted/TrustAsia_Global_Root_CA_G3.pem | 138 +++++++++++++++++++++
 .../caroot/trusted/TrustAsia_Global_Root_CA_G4.pem |  70 +++++++++++
 11 files changed, 878 insertions(+), 59 deletions(-)

diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index 73435961164c..9e1006e21e51 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -51,6 +51,9 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 20240213: caroot bundle updated
+OLD_FILES+=usr/share/certs/trusted/Security_Communication_Root_CA.pem
+
 # 20240112: replaced NetBSD tests for uniq with our own
 OLD_FILES+=usr/tests/usr.bin/uniq/d_basic.in
 OLD_FILES+=usr/tests/usr.bin/uniq/d_basic.out
diff --git a/secure/caroot/trusted/Security_Communication_Root_CA.pem b/secure/caroot/blacklisted/Security_Communication_Root_CA.pem
similarity index 100%
rename from secure/caroot/trusted/Security_Communication_Root_CA.pem
rename to secure/caroot/blacklisted/Security_Communication_Root_CA.pem
diff --git a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
index 7eeb715ac674..ceae80a3e6d8 100644
--- a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
+++ b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
@@ -14,12 +14,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 6047274297262753887 (0x53ec3beefbb2485f)
-        Signature Algorithm: sha1WithRSAEncryption
+        Serial Number: 1977337328857672817 (0x1b70e9d2ffae6c71)
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068
         Validity
-            Not Before: May 20 08:38:15 2009 GMT
-            Not After : Dec 31 08:38:15 2030 GMT
+            Not Before: Sep 23 15:22:07 2014 GMT
+            Not After : May  5 15:22:07 2036 GMT
         Subject: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -62,54 +62,54 @@ Certificate:
                     92:30:bb
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:1
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
             X509v3 Subject Key Identifier: 
                 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:1
             X509v3 Certificate Policies: 
                 Policy: X509v3 Any Policy
                   CPS: http://www.firmaprofesional.com/cps
                   User Notice:
                     Explicit Text: 
-    Signature Algorithm: sha1WithRSAEncryption
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
     Signature Value:
-        17:7d:a0:f9:b4:dd:c5:c5:eb:ad:4b:24:b5:a1:02:ab:dd:a5:
-        88:4a:b2:0f:55:4b:2b:57:8c:3b:e5:31:dd:fe:c4:32:f1:e7:
-        5b:64:96:36:32:18:ec:a5:32:77:d7:e3:44:b6:c0:11:2a:80:
-        b9:3d:6a:6e:7c:9b:d3:ad:fc:c3:d6:a3:e6:64:29:7c:d1:e1:
-        38:1e:82:2b:ff:27:65:af:fb:16:15:c4:2e:71:84:e5:b5:ff:
-        fa:a4:47:bd:64:32:bb:f6:25:84:a2:27:42:f5:20:b0:c2:13:
-        10:11:cd:10:15:ba:42:90:2a:d2:44:e1:96:26:eb:31:48:12:
-        fd:2a:da:c9:06:cf:74:1e:a9:4b:d5:87:28:f9:79:34:92:3e:
-        2e:44:e8:f6:8f:4f:8f:35:3f:25:b3:39:dc:63:2a:90:6b:20:
-        5f:c4:52:12:4e:97:2c:2a:ac:9d:97:de:48:f2:a3:66:db:c2:
-        d2:83:95:a6:66:a7:9e:25:0f:e9:0b:33:91:65:0a:5a:c3:d9:
-        54:12:dd:af:c3:4e:0e:1f:26:5e:0d:dc:b3:8d:ec:d5:81:70:
-        de:d2:4f:24:05:f3:6c:4e:f5:4c:49:66:8d:d1:ff:d2:0b:25:
-        41:48:fe:51:84:c6:42:af:80:04:cf:d0:7e:64:49:e4:f2:df:
-        a2:ec:b1:4c:c0:2a:1d:e7:b4:b1:65:a2:c4:bc:f1:98:f4:aa:
-        70:07:63:b4:b8:da:3b:4c:fa:40:22:30:5b:11:a6:f0:05:0e:
-        c6:02:03:48:ab:86:9b:85:dd:db:dd:ea:a2:76:80:73:7d:f5:
-        9c:04:c4:45:8d:e7:b9:1c:8b:9e:ea:d7:75:d1:72:b1:de:75:
-        44:e7:42:7d:e2:57:6b:7d:dc:99:bc:3d:83:28:ea:80:93:8d:
-        c5:4c:65:c1:70:81:b8:38:fc:43:31:b2:f6:03:34:47:b2:ac:
-        fb:22:06:cb:1e:dd:17:47:1c:5f:66:b9:d3:1a:a2:da:11:b1:
-        a4:bc:23:c9:e4:be:87:ff:b9:94:b6:f8:5d:20:4a:d4:5f:e7:
-        bd:68:7b:65:f2:15:1e:d2:3a:a9:2d:e9:d8:6b:24:ac:97:58:
-        44:47:ad:59:18:f1:21:65:70:de:ce:34:60:a8:40:f1:f3:3c:
-        a4:c3:28:23:8c:fe:27:33:43:40:a0:17:3c:eb:ea:3b:b0:72:
-        a6:a3:b9:4a:4b:5e:16:48:f4:b2:bc:c8:8c:92:c5:9d:9f:ac:
-        72:36:bc:34:80:34:6b:a9:8b:92:c0:b8:17:ed:ec:76:53:f5:
-        24:01:8c:b3:22:e8:4b:7c:55:c6:9d:fa:a3:14:bb:65:85:6e:
-        6e:4f:12:7e:0a:3c:9d:95
-SHA1 Fingerprint=AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA
+        74:87:28:02:2b:77:1f:66:89:64:ed:8f:74:2e:46:1c:bb:a8:
+        f8:f8:0b:1d:83:b6:3a:a7:e8:45:8a:07:b7:e0:3e:20:cb:e1:
+        08:db:13:08:f8:28:a1:35:b2:80:b3:0b:51:c0:d3:56:9a:8d:
+        33:45:49:af:49:f0:e0:3d:07:7a:45:13:5a:ff:c8:97:d8:d3:
+        18:2c:7d:96:f8:dd:a2:65:43:70:93:90:15:ba:90:df:e8:19:
+        b0:db:2c:8a:60:0f:b7:6f:94:07:1e:1d:a6:c9:85:f6:bd:34:
+        f8:40:78:62:10:70:3a:be:7d:4b:39:81:a9:10:d4:96:41:bb:
+        f8:5f:1c:0b:1d:08:f2:b1:b0:89:7a:f2:f7:a0:e0:c4:8f:8b:
+        78:b5:3b:58:a5:23:8e:4f:55:fe:36:3b:e0:0c:b7:ca:2a:30:
+        41:20:b4:80:cd:ae:fc:76:66:73:a8:ae:6e:e1:7c:da:03:e8:
+        94:20:e6:22:a3:d0:1f:90:5d:20:53:14:26:57:da:54:97:df:
+        16:44:10:01:1e:88:66:8f:72:38:93:dd:20:b7:34:be:d7:f1:
+        ee:63:8e:47:79:28:06:fc:f3:59:45:25:60:22:33:1b:a3:5f:
+        a8:ba:2a:da:1a:3d:cd:40:ea:8c:ee:05:15:95:d5:a5:2c:20:
+        2f:a7:98:28:ee:45:fc:f1:b8:88:00:2c:8f:42:da:51:d5:9c:
+        e5:13:68:71:45:43:8b:9e:0b:21:3c:4b:5c:05:dc:1a:9f:98:
+        8e:da:bd:22:9e:72:cd:ad:0a:cb:cc:a3:67:9b:28:74:c4:9b:
+        d7:1a:3c:04:58:a6:82:9d:ad:c7:7b:6f:ff:80:96:e9:f8:8d:
+        6a:bd:18:90:1d:ff:49:1a:90:52:37:93:2f:3c:02:5d:82:76:
+        0b:51:e7:16:c7:57:f8:38:f9:a7:cd:9b:22:54:ef:63:b0:15:
+        6d:53:65:03:4a:5e:4a:a0:b2:a7:8e:49:00:59:38:d5:c7:f4:
+        80:64:f5:6e:95:50:b8:11:7e:15:70:38:4a:b0:7f:d0:c4:32:
+        70:c0:19:ff:c9:38:2d:14:2c:66:f4:42:44:e6:55:76:1b:80:
+        15:57:ff:c0:a7:a7:aa:39:aa:d8:d3:70:d0:2e:ba:eb:94:6a:
+        fa:5f:34:86:e7:62:b5:fd:8a:f0:30:85:94:c9:af:24:02:2f:
+        6f:d6:dd:67:fe:e3:b0:55:4f:04:98:4f:a4:41:56:e2:93:d0:
+        6a:e8:d6:f3:fb:65:e0:ce:75:c4:31:59:0c:ee:82:c8:0c:60:
+        33:4a:19:ba:84:67:27:0f:bc:42:5d:bd:24:54:0d:ec:1d:70:
+        06:5f:a4:bc:fa:20:7c:55
+SHA1 Fingerprint=0B:BE:C2:27:22:49:CB:39:AA:DB:35:5C:53:E3:8C:AE:78:FF:B6:FE
 -----BEGIN CERTIFICATE-----
-MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE
+MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE
 BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h
-cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy
-MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg
+cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1
+MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg
 Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi
 MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9
 thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM
@@ -122,21 +122,21 @@ Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja
 EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T
 KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
 6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh
-OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD
-VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD
-VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
-cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv
-ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl
-AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF
-661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9
-am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1
-ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481
-PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS
-3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k
-SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF
-3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM
-ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
-StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz
-Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB
-jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1UdDgQWBBRlzeurNR4APn7VdMAc
+tHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4wgZswgZgGBFUd
+IAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j
+b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABC
+AG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAw
+ADEANzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9m
+iWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL4QjbEwj4KKE1soCzC1HA01aajTNF
+Sa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDbLIpgD7dvlAceHabJ
+hfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1ilI45P
+Vf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZE
+EAEeiGaPcjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV
+1aUsIC+nmCjuRfzxuIgALI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2t
+CsvMo2ebKHTEm9caPARYpoKdrcd7b/+Alun4jWq9GJAd/0kakFI3ky88Al2CdgtR
+5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH9IBk9W6VULgRfhVwOEqw
+f9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpfNIbnYrX9
+ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK
+GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV
 -----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem
new file mode 100644
index 000000000000..41e8a409ac3c
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem
@@ -0,0 +1,67 @@
+##
+##  CommScope Public Trust ECC Root-01
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            43:70:82:77:cf:4d:5d:34:f1:ca:ae:32:2f:37:f7:f4:7f:75:a0:9e
+        Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-01
+        Validity
+            Not Before: Apr 28 17:35:43 2021 GMT
+            Not After : Apr 28 17:35:42 2046 GMT
+        Subject: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-01
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:4b:36:e9:ae:57:5e:a8:70:d7:d0:8f:74:62:77:
+                    c3:5e:7a:aa:e5:b6:a2:f1:78:fd:02:7e:57:dd:91:
+                    79:9c:6c:b9:52:88:54:bc:2f:04:be:b8:cd:f6:10:
+                    d1:29:ec:b5:d0:a0:c3:f0:89:70:19:bb:51:65:c5:
+                    43:9c:c3:9b:63:9d:20:83:3e:06:0b:a6:42:44:85:
+                    11:a7:4a:3a:2d:e9:d6:68:2f:48:4e:53:2b:07:3f:
+                    4d:bd:b9:ac:77:39:57
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                8E:07:62:C0:50:DD:C6:19:06:00:46:74:04:F7:F3:AE:7D:75:4D:30
+    Signature Algorithm: ecdsa-with-SHA384
+    Signature Value:
+        30:65:02:31:00:9c:33:df:41:e3:23:a8:42:36:26:97:35:5c:
+        7b:eb:db:4b:f8:aa:8b:73:55:15:5c:ac:78:29:0f:ba:21:d8:
+        c4:a0:d8:d1:03:dd:6d:d1:39:3d:c4:93:60:d2:e3:72:b2:02:
+        30:7c:c5:7e:88:d3:50:f5:1e:25:e8:fa:4e:75:e6:58:96:a4:
+        35:5f:1b:65:ea:61:9a:70:23:b5:0d:a3:9b:92:52:6f:69:a0:
+        8c:8d:4a:d0:ee:8b:0e:cb:47:8e:d0:8d:11
+SHA1 Fingerprint=07:86:C0:D8:DD:8E:C0:80:98:06:98:D0:58:7A:EF:DE:A6:CC:A2:5D
+-----BEGIN CERTIFICATE-----
+MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMw
+TjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t
+bVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNa
+Fw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv
+cGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDEw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLxeP0C
+flfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJE
+hRGnSjot6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggq
+hkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg
+2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liWpDVfG2XqYZpwI7UNo5uS
+Um9poIyNStDuiw7LR47QjRE=
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem
new file mode 100644
index 000000000000..f547954704be
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem
@@ -0,0 +1,67 @@
+##
+##  CommScope Public Trust ECC Root-02
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            28:fd:99:60:41:47:a6:01:3a:ca:14:7b:1f:ef:f9:68:08:83:5d:7d
+        Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-02
+        Validity
+            Not Before: Apr 28 17:44:54 2021 GMT
+            Not After : Apr 28 17:44:53 2046 GMT
+        Subject: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-02
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:78:30:81:e8:63:1e:e5:eb:71:51:0f:f7:07:07:
+                    ca:39:99:7c:4e:d5:0f:cc:30:30:0b:8f:66:93:3e:
+                    cf:bd:c5:86:bd:f9:b1:b7:b4:3e:b4:07:c8:f3:96:
+                    31:f3:ed:a4:4f:f8:a3:4e:8d:29:15:58:b8:d5:6f:
+                    7f:ee:6c:22:b5:b0:af:48:45:0a:bd:a8:49:94:bf:
+                    84:43:b0:db:84:4a:03:23:19:67:6a:6f:c1:6e:bc:
+                    06:39:37:d1:88:22:f7
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                E6:18:75:FF:EF:60:DE:84:A4:F5:46:C7:DE:4A:55:E3:32:36:79:F5
+    Signature Algorithm: ecdsa-with-SHA384
+    Signature Value:
+        30:64:02:30:26:73:49:7a:b6:ab:e6:49:f4:7d:52:3f:d4:41:
+        04:ae:80:43:83:65:75:b9:85:80:38:3b:d6:6f:e4:93:86:ab:
+        8f:e7:89:c8:7f:9b:7e:6b:0a:12:55:61:aa:11:e0:79:02:30:
+        77:e8:31:71:ac:3c:71:03:d6:84:26:1e:14:b8:f3:3b:3b:de:
+        ed:59:fc:6b:4c:30:7f:59:ce:45:e9:73:60:15:9a:4c:f0:e6:
+        5e:25:22:15:6d:c2:87:59:d0:b2:8e:6a
+SHA1 Fingerprint=3C:3F:EF:57:0F:FE:65:93:86:9E:A0:FE:B0:F6:ED:8E:D1:13:C7:E5
+-----BEGIN CERTIFICATE-----
+MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMw
+TjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t
+bVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRa
+Fw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv
+cGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDIw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/MMDAL
+j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
+v4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggq
+hkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/n
+ich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs73u1Z/GtMMH9ZzkXpc2AV
+mkzw5l4lIhVtwodZ0LKOag==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem
new file mode 100644
index 000000000000..2f144760f93c
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem
@@ -0,0 +1,134 @@
+##
+##  CommScope Public Trust RSA Root-01
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3e:03:49:81:75:16:74:31:8e:4c:ab:d5:c5:90:29:96:c5:39:10:dd
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-01
+        Validity
+            Not Before: Apr 28 16:45:54 2021 GMT
+            Not After : Apr 28 16:45:53 2046 GMT
+        Subject: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-01
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b0:48:65:a3:0d:1d:42:e3:91:6d:9d:84:a4:61:
+                    96:12:c2:ed:c3:da:23:34:19:76:f6:ea:fd:55:5a:
+                    f6:55:01:53:0f:f2:cc:8c:97:4f:b9:50:cb:b3:01:
+                    44:56:96:fd:9b:28:ec:7b:74:0b:e7:42:6b:55:ce:
+                    c9:61:b2:e8:ad:40:3c:ba:b9:41:0a:05:4f:1b:26:
+                    85:8f:43:b5:40:b5:85:d1:d4:71:dc:83:41:f3:f6:
+                    45:c7:80:a2:84:50:97:46:ce:a0:0c:c4:60:56:04:
+                    1d:07:5b:46:a5:0e:b2:4b:a4:0e:a5:7c:ee:f8:d4:
+                    62:03:b9:93:6a:8a:14:b8:70:f8:2e:82:46:38:23:
+                    0e:74:c7:6b:41:b7:d0:29:a3:9d:80:b0:7e:77:93:
+                    63:42:fb:34:83:3b:73:a3:5a:21:36:eb:47:fa:18:
+                    17:d9:ba:66:c2:93:a4:8f:fc:5d:a4:ad:fc:50:6a:
+                    95:ac:bc:24:33:d1:bd:88:7f:86:f5:f5:b2:73:2a:
+                    8f:7c:af:08:f2:1a:98:3f:a9:81:65:3f:c1:8c:89:
+                    c5:96:30:9a:0a:cf:f4:d4:c8:34:ed:9d:2f:bc:8d:
+                    38:86:53:ee:97:9f:a9:b2:63:94:17:8d:0f:dc:66:
+                    2a:7c:52:51:75:cb:99:8e:e8:3d:5c:bf:9e:3b:28:
+                    8d:83:02:0f:a9:9f:72:e2:2c:2b:b3:dc:66:97:00:
+                    40:d0:a4:54:8e:9b:5d:7b:45:36:26:d6:72:43:eb:
+                    cf:c0:ea:0d:dc:ce:12:e6:7d:38:9f:05:27:a8:97:
+                    3e:e9:51:c6:6c:05:28:c1:02:0f:e9:18:6d:ec:bd:
+                    9c:06:d4:a7:49:f4:54:05:6b:6c:30:f1:eb:03:d5:
+                    ea:3d:6a:76:c2:cb:1a:28:49:4d:7f:64:e0:fa:2b:
+                    da:73:83:81:ff:91:03:bd:94:bb:e4:b8:8e:9c:32:
+                    63:cd:9f:bb:68:81:b1:84:5b:af:36:bf:77:ee:1d:
+                    7f:f7:49:9b:52:ec:d2:77:5a:7d:91:9d:4d:c2:39:
+                    2d:e4:ba:82:f8:6f:f2:4e:1e:0f:4e:e6:3f:59:a5:
+                    23:dc:3d:87:a8:28:58:28:d1:f1:1b:36:db:4f:c4:
+                    ff:e1:8c:5b:72:8c:c7:26:03:27:a3:39:0a:01:aa:
+                    c0:b2:31:60:83:22:a1:4f:12:09:01:11:af:34:d4:
+                    cf:d7:ae:62:d3:05:07:b4:31:75:e0:0d:6d:57:4f:
+                    69:87:f9:57:a9:ba:15:f6:c8:52:6d:a1:cb:9c:1f:
+                    e5:fc:78:a8:35:9a:9f:41:14:ce:a5:b4:ce:94:08:
+                    1c:09:ad:56:e5:da:b6:49:9a:4a:ea:63:18:53:9c:
+                    2c:2e:c3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                37:5D:A6:9A:74:32:C2:C2:F9:C7:A6:15:10:59:B8:E4:FD:E5:B8:6D
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        af:a7:cf:de:ff:e0:bd:42:8d:4d:e5:22:96:df:68:ea:7d:4d:
+        2a:7d:d0:ad:3d:16:5c:43:e7:7d:c0:86:e8:7a:35:63:f1:cc:
+        81:c8:c6:0b:e8:2e:52:35:a4:a6:49:90:63:51:ac:34:ac:05:
+        3b:57:00:e9:d3:62:d3:d9:29:d5:54:be:1c:10:91:9c:b2:6d:
+        fe:59:fd:79:f7:ea:56:d0:9e:68:54:42:8f:26:52:e2:4c:df:
+        2f:97:a6:2f:d2:07:98:a8:f3:60:5d:4b:9a:58:57:88:ef:82:
+        e5:fa:af:6c:81:4b:92:8f:40:9a:93:46:59:cb:5f:78:16:b1:
+        67:3e:42:0b:df:28:d9:b0:ad:98:20:be:43:7c:d1:5e:1a:09:
+        17:24:8d:7b:5d:95:e9:ab:c1:60:ab:5b:18:64:80:fb:ad:e0:
+        06:7d:1d:ca:59:b8:f3:78:29:67:c6:56:1d:af:b6:b5:74:2a:
+        76:a1:3f:fb:75:30:9f:94:5e:3b:a5:60:f3:cb:5c:0c:e2:0e:
+        c9:60:f8:c9:1f:16:8a:26:dd:e7:27:7f:eb:25:a6:8a:bd:b8:
+        2d:36:10:9a:b1:58:4d:9a:68:4f:60:54:e5:f6:46:13:8e:88:
+        ac:bc:21:42:12:ad:c6:4a:89:7d:9b:c1:d8:2d:e9:96:03:f4:
+        a2:74:0c:bc:00:1d:bf:d6:37:25:67:b4:72:8b:af:85:bd:ea:
+        2a:03:8f:cc:fb:3c:44:24:82:e2:01:a5:0b:59:b6:34:8d:32:
+        0b:12:0d:eb:27:c2:fd:41:d7:40:3c:72:46:29:c0:8c:ea:ba:
+        0f:f1:06:93:2e:f7:9c:a8:f4:60:3e:a3:f1:38:5e:8e:13:c1:
+        b3:3a:97:87:3f:92:ca:78:a9:1c:af:d0:b0:1b:26:1e:be:70:
+        ec:7a:f5:33:98:ea:5c:ff:2b:0b:04:4e:43:dd:63:7e:0e:a7:
+        4e:78:03:95:3e:d4:2d:30:95:11:10:28:2e:bf:a0:02:3e:ff:
+        5e:59:d3:05:0e:95:5f:53:45:ef:6b:87:d5:48:cd:16:a6:96:
+        83:e1:df:b3:06:f3:c1:14:db:a7:ec:1c:8b:5d:90:90:0d:72:
+        51:e7:61:f9:14:ca:af:83:8f:bf:af:b1:0a:59:5d:dc:5c:d7:
+        e4:96:ad:5b:60:1d:da:ae:97:b2:39:d9:06:f5:76:00:13:f8:
+        68:4c:21:b0:35:c4:dc:55:b2:c9:c1:41:5a:1c:89:c0:8c:6f:
+        74:a0:6b:33:4d:b5:01:28:fd:ad:ad:89:17:3b:a6:9a:84:bc:
+        eb:8c:ea:c4:71:24:a8:ba:29:f9:08:b2:27:56:35:32:5f:ea:
+        39:fb:31:9a:d5:19:cc:f0
+SHA1 Fingerprint=6D:0A:5F:F7:B4:23:06:B4:85:B3:B7:97:64:FC:AC:75:F5:33:F2:93
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi
+Q29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1
+NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t
+U2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt
+MDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45FtnYSk
+YZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslh
+suitQDy6uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0al
+DrJLpA6lfO741GIDuZNqihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3Oj
+WiE260f6GBfZumbCk6SP/F2krfxQapWsvCQz0b2If4b19bJzKo98rwjyGpg/qYFl
+P8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/cZip8UlF1y5mO6D1cv547
+KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTifBSeolz7p
+UcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/
+kQO9lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JO
+Hg9O5j9ZpSPcPYeoKFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkB
+Ea801M/XrmLTBQe0MXXgDW1XT2mH+VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6U
+CBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm45P3luG0wDQYJ
+KoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6
+NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQ
+nmhUQo8mUuJM3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+
+QgvfKNmwrZggvkN80V4aCRckjXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2v
+trV0KnahP/t1MJ+UXjulYPPLXAziDslg+MkfFoom3ecnf+slpoq9uC02EJqxWE2a
+aE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/WNyVntHKLr4W96ioD
+j8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+o/E4
+Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0w
+lREQKC6/oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHn
+YfkUyq+Dj7+vsQpZXdxc1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVoc
+icCMb3SgazNNtQEo/a2tiRc7ppqEvOuM6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem
new file mode 100644
index 000000000000..b343c7765878
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem
@@ -0,0 +1,134 @@
+##
+##  CommScope Public Trust RSA Root-02
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            54:16:bf:3b:7e:39:95:71:8d:d1:aa:00:a5:86:0d:2b:8f:7a:05:4e
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-02
+        Validity
+            Not Before: Apr 28 17:16:43 2021 GMT
+            Not After : Apr 28 17:16:42 2046 GMT
+        Subject: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-02
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:e1:fa:0e:fb:68:00:12:c8:4d:d5:ac:22:c4:35:
+                    01:3b:c5:54:e5:59:76:63:a5:7f:eb:c1:c4:6a:98:
+                    bd:32:8d:17:80:eb:5d:ba:d1:62:3d:25:23:19:35:
+                    14:e9:7f:89:a7:1b:62:3c:d6:50:e7:34:95:03:32:
+                    b1:b4:93:22:3d:a7:e2:b1:ed:e6:7b:4e:2e:87:9b:
+                    0d:33:75:0a:de:aa:35:e7:7e:e5:36:98:a2:ae:25:
+                    9e:95:b3:32:96:a4:2b:58:1e:ef:3f:fe:62:34:48:
+                    51:d1:b4:8d:42:ad:60:da:49:6a:95:70:dd:d2:00:
+                    e2:cc:57:63:02:7b:96:dd:49:97:5b:92:4e:95:d3:
+                    f9:cb:29:1f:18:4a:f8:01:2a:d2:63:09:6e:24:e9:
+                    89:d2:e5:c7:22:4c:dc:73:86:47:00:aa:0d:88:8e:
+                    ae:85:7d:4a:e9:bb:33:4f:0e:52:70:9d:95:e3:7c:
+                    6d:96:5b:2d:3d:5f:a1:83:46:5d:b6:e3:25:b8:7c:
+                    a7:19:80:1c:ea:65:43:dc:91:79:36:2c:74:7c:f2:
+                    67:06:c9:89:c9:db:bf:da:68:bf:23:ed:dc:6b:ad:
+                    28:83:79:2f:ec:38:a5:0d:37:01:67:27:9a:e9:33:
+                    d9:33:5f:37:a1:c5:f0:ab:3d:fa:78:b0:e7:2c:9f:
+                    f6:3e:9f:60:e0:ef:48:e9:90:45:1e:05:51:78:1a:
+                    2c:12:2c:5c:28:ac:0d:a2:23:9e:34:8f:05:e6:a2:
+                    33:ce:11:77:13:d4:0e:a4:1e:42:1f:86:cd:70:fe:
+                    d9:2e:15:3d:1d:bb:b8:f2:53:57:db:cc:c6:74:29:
+                    9c:18:b3:36:75:38:2e:0f:54:a1:f8:92:1f:89:96:
+                    4f:bb:d4:ee:9d:e9:3b:36:42:b5:0a:3b:2a:d4:64:
+                    79:36:10:e1:f9:91:03:2b:7b:20:54:cd:0d:19:1a:
+                    c8:41:32:34:d1:b0:99:e1:90:1e:01:40:36:b5:b7:
+                    fa:a9:e5:77:75:a4:22:81:5d:b0:8b:e4:27:12:0f:
+                    54:88:c6:db:85:74:e6:b7:c0:d7:a6:29:fa:db:de:
+                    f3:93:97:27:04:55:2f:0a:6f:37:c5:3d:13:af:0a:
+                    00:a9:2c:8b:1c:81:28:d7:ef:86:31:a9:ae:f2:6e:
+                    b8:ca:6a:2c:54:47:d8:2a:88:2e:af:c1:07:10:78:
+                    ac:11:a2:2f:42:f0:37:c5:f2:b8:56:dd:0e:62:2d:
+                    ce:2d:56:7e:55:f2:a7:44:f6:2b:32:f4:23:a8:47:
+                    e8:d4:2a:01:78:cf:6a:c3:37:a8:9e:65:d2:2c:e5:
+                    fa:ba:33:c1:06:44:f6:e6:cf:a5:0d:a7:66:08:34:
+                    8a:2c:f3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                47:D0:E7:B1:22:FF:9D:2C:F5:D9:57:60:B3:B1:B1:70:95:EF:61:7A
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        86:69:b1:4d:2f:e9:9f:4f:22:93:68:8e:e4:21:99:a3:ce:45:
+        53:1b:73:44:53:00:81:61:cd:31:e3:08:ba:81:28:28:7a:92:
+        b9:b6:a8:c8:43:9e:c7:13:26:4d:c2:d8:e5:55:9c:92:5d:50:
+        d8:c2:2b:db:fe:e6:a8:97:cf:52:3a:24:c3:65:64:5c:47:31:
+        a3:65:35:13:c3:93:b9:f7:f9:51:97:bb:a4:f0:62:87:c5:d6:
+        06:d3:97:83:20:a9:7e:bb:b6:21:c2:a5:0d:84:00:e1:f2:27:
+        10:83:ba:dd:03:81:d5:dd:68:c3:66:10:c8:d1:76:b4:b3:6f:
+        29:9e:00:f9:c2:29:f5:b1:93:19:52:69:1a:2c:4c:a0:8b:e0:
+        15:9a:31:2f:d3:88:95:59:6e:e5:c4:b3:50:c8:14:08:4a:9b:
+        8b:13:83:b1:a4:72:b2:3b:76:33:41:dc:dc:aa:a6:07:6f:1d:
+        24:12:9f:c8:76:bd:2f:d9:8e:f4:2c:ee:b7:d2:38:10:24:36:
+        51:2f:e3:5c:5d:81:21:a7:da:bb:4e:ff:e6:07:a8:fe:b9:0d:
+        27:6c:bb:70:5a:55:7a:13:e9:f1:2a:49:69:c7:5f:87:57:4c:
+        43:79:6d:3a:65:e9:30:5c:41:ee:eb:77:a5:73:12:88:e8:bf:
+        7d:ae:e5:c4:a8:1f:0d:8e:1c:6d:50:02:4f:26:18:43:de:8f:
+        55:85:b1:0b:37:05:60:c9:55:39:12:04:a1:2a:cf:71:16:9f:
+        36:51:49:bf:70:3b:9e:67:9c:fb:7b:79:c9:39:1c:78:ac:77:
+        91:54:9a:b8:75:0a:81:52:97:e3:66:61:6b:ed:3e:38:1e:96:
+        61:55:e1:91:54:8c:ed:8c:24:1f:81:c9:10:9a:73:99:2b:16:
+        4e:72:00:3f:54:1b:f8:8d:ba:8b:e7:14:d6:b6:45:4f:60:ec:
+        96:ae:c3:2f:02:4e:5d:9d:96:49:72:00:b2:ab:75:5c:0f:68:
+        5b:1d:65:c2:5f:33:0f:1e:0f:f0:3b:86:f5:b0:4e:bb:9c:f7:
+        ea:25:05:dc:ad:a2:9b:4b:17:01:be:42:df:35:21:1d:ad:ab:
+        ae:f4:bf:ae:1f:1b:d3:e2:3b:fc:b3:72:73:1c:9b:28:90:89:
+        13:3d:1d:c1:00:47:09:96:9a:38:1b:dd:b1:cf:0d:c2:b4:44:
+        f3:96:95:ce:32:3a:8f:34:9c:e0:17:c7:5e:ce:ae:0d:db:87:
+        38:e5:3f:5b:fd:9b:19:e1:31:41:7a:70:aa:23:6b:01:e1:45:
+        4c:cd:94:ce:3b:9e:2d:e7:88:02:22:f4:6e:e8:c8:ec:d6:3c:
+        f3:b9:b2:d7:77:7a:ac:7b
+SHA1 Fingerprint=EA:B0:E2:52:1B:89:93:4C:11:68:F2:D8:9A:AC:22:4C:A3:8A:57:AE
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQEL
+BQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi
+Q29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2
+NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t
+U2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt
+MDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3VrCLE
+NQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0
+kyI9p+Kx7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1C
+rWDaSWqVcN3SAOLMV2MCe5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxz
+hkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2WWy09X6GDRl224yW4fKcZgBzqZUPckXk2
+LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rpM9kzXzehxfCrPfp4sOcs
+n/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIfhs1w/tku
+FT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5
+kQMreyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3
+wNemKfrb3vOTlycEVS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6v
+wQcQeKwRoi9C8DfF8rhW3Q5iLc4tVn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs
+5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7GxcJXvYXowDQYJ
+KoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB
+KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3
++VGXu6TwYofF1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbyme
+APnCKfWxkxlSaRosTKCL4BWaMS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3Nyq
+pgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xdgSGn2rtO/+YHqP65DSdsu3BaVXoT
+6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2OHG1QAk8mGEPej1WF
+sQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+NmYWvt
+PjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2d
+lklyALKrdVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670
+v64fG9PiO/yzcnMcmyiQiRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17O
+rg3bhzjlP1v9mxnhMUF6cKojawHhRUzNlM47ni3niAIi9G7oyOzWPPO5std3eqx7
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem b/secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem
new file mode 100644
index 000000000000..da5285d26633
--- /dev/null
+++ b/secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem
@@ -0,0 +1,68 @@
+##
+##  Telekom Security TLS ECC Root 2020
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00
+        Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS ECC Root 2020
+        Validity
+            Not Before: Aug 25 07:48:20 2020 GMT
+            Not After : Aug 25 23:59:59 2045 GMT
+        Subject: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS ECC Root 2020
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:ce:bf:fe:57:a8:bf:d5:aa:f7:10:9a:cd:bc:d1:
+                    11:a2:bd:67:42:cc:90:eb:15:18:90:d9:a2:cd:0c:
+                    2a:25:eb:3e:4f:ce:b5:d2:8f:0f:f3:35:da:43:8b:
+                    02:80:be:6f:51:24:1d:0f:6b:2b:ca:9f:c2:6f:50:
+                    32:e5:37:20:b6:20:ff:88:0d:0f:6d:49:bb:db:06:
+                    a4:87:90:92:94:f4:09:d0:cf:7f:c8:80:0b:c1:97:
+                    b3:bb:35:27:c9:c2:1b
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                E3:72:CC:6E:95:99:47:B1:E6:B3:61:4C:D1:CB:AB:E3:BA:CD:DE:9F
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA384
+    Signature Value:
+        30:64:02:30:75:52:8b:b7:a4:10:4f:ae:4a:10:8b:b2:84:5b:
+        42:e1:e6:2a:36:02:da:a0:6e:19:3f:25:bf:da:59:32:8e:e4:
+        fb:90:dc:93:64:ce:ad:b4:41:47:60:e2:cf:a7:cb:1e:02:30:
+        37:41:8c:66:df:41:6b:d6:83:00:41:fd:2f:5a:f7:50:b4:67:
+        d1:2c:a8:71:d7:43:ca:9c:27:24:91:83:48:0d:cf:cd:f7:54:
+        81:af:ec:7f:e4:67:db:b8:90:ee:dd:25
+SHA1 Fingerprint=C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC
+-----BEGIN CERTIFICATE-----
+MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw
+CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH
+bWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw
+MB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIzNTk1OVowYzELMAkGA1UEBhMCREUx
+JzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkGA1UE
+AwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/O
+tdKPD/M12kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDP
+f8iAC8GXs7s1J8nCG6NCMEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6f
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
+MGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZMo7k+5Dck2TOrbRBR2Di
+z6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn
+27iQ7t0l
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem b/secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem
new file mode 100644
index 000000000000..69bbcdd0e322
--- /dev/null
+++ b/secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem
@@ -0,0 +1,138 @@
+##
+##  Telekom Security TLS RSA Root 2023
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS RSA Root 2023
+        Validity
+            Not Before: Mar 28 12:16:45 2023 GMT
+            Not After : Mar 27 23:59:59 2048 GMT
+        Subject: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS RSA Root 2023
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ed:35:a1:81:80:f3:cb:4a:69:5b:c2:fb:51:83:
+                    ae:26:fd:e1:6e:f3:81:12:7d:71:40:ff:87:75:42:
+                    29:21:ed:81:52:2c:df:12:c1:19:84:89:c1:bd:c5:
+                    28:d5:d5:4b:6c:44:d6:4c:db:07:96:4a:55:7a:ca:
+                    36:82:04:36:a8:a5:fc:27:f6:49:f1:d5:72:9e:91:
+                    f9:23:d6:70:7b:bb:f5:9b:c1:ec:93:cf:19:ea:65:
+                    7e:88:70:a0:73:fc:f6:ff:b5:56:62:e1:73:6a:34:
+                    98:3e:82:b8:ac:95:53:f4:01:a0:27:07:72:a3:00:
+                    53:a0:e4:b2:ab:83:38:57:33:25:94:9f:be:48:1d:
+                    98:e1:a3:ba:9e:5c:cd:04:71:51:7d:75:78:ab:f3:
+                    59:aa:c4:e0:60:be:8f:83:52:b8:75:1a:41:35:ed:
+                    bc:f3:3a:63:e9:a9:14:45:d7:e6:52:d1:6e:d2:de:
+                    bc:e3:f5:0b:3b:e6:e0:c4:bd:43:64:13:a6:ce:f4:
+                    98:37:6c:8a:95:a8:97:c8:47:0f:f0:5e:10:8b:e7:
+                    1d:1c:fe:b1:3b:a0:05:33:68:05:41:82:c1:03:2b:
+                    01:c8:e7:8f:4d:ab:e8:b5:f6:cd:6b:44:b5:e7:dd:
+                    8b:ec:ea:25:b4:00:22:57:4d:b0:b1:b2:31:c1:16:
+                    ce:ff:fd:14:84:b7:47:fa:b2:f1:70:de:db:8b:6c:
+                    36:58:a4:7c:b3:11:d1:c3:77:7f:5f:b6:25:e0:0d:
+                    c5:d2:b3:f9:b8:b8:77:db:37:71:71:47:e3:60:18:
+                    4f:24:b6:75:37:78:b9:a3:62:af:bd:c9:72:8e:2f:
+                    cc:bb:ae:db:e4:15:52:19:07:33:fb:6a:b7:2d:4b:
+                    90:28:82:73:fe:18:8b:35:8d:db:a7:04:6a:be:ea:
+                    c1:4d:36:3b:16:36:91:32:ef:b6:40:89:91:43:e0:
+                    f2:a2:ab:04:2e:e6:f2:4c:0e:16:34:20:ac:87:c1:
+                    2d:7e:c9:66:47:17:14:11:a4:f3:f7:a1:24:89:ab:
+                    d8:1a:c8:a1:5c:b1:a3:f7:8c:6d:c8:01:c9:4f:c9:
+                    ec:c4:fc:ac:51:33:d1:c8:83:d1:c9:9f:1d:d4:47:
+                    34:29:3e:cb:b0:0e:fa:83:0b:28:58:e5:29:dc:3f:
+                    7c:a8:9f:c9:b6:0a:bb:a6:e8:46:16:0f:96:e5:7b:
+                    e4:6a:7a:48:6d:76:98:05:a5:dc:6d:1e:42:1e:42:
+                    da:1a:e0:52:f7:b5:83:c0:1a:7b:78:35:2c:38:f5:
+                    1f:fd:49:a3:2e:d2:59:63:bf:80:b0:8c:93:73:cb:
+                    35:a6:99:95:22:61:65:03:60:fb:2f:93:4b:fa:9a:
+                    9c:80:3b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                B6:A7:97:82:3D:74:85:9B:F7:3C:9F:93:9A:95:79:75:52:8C:6D:47
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                B6:A7:97:82:3D:74:85:9B:F7:3C:9F:93:9A:95:79:75:52:8C:6D:47
+    Signature Algorithm: sha384WithRSAEncryption
+    Signature Value:
+        a8:cc:61:a6:be:75:9e:15:50:a4:6b:fb:a8:70:45:7c:ba:7e:
+        b1:5a:fc:5b:23:fa:0a:77:f8:98:71:82:0c:6d:e0:5e:46:aa:
+        93:f4:1e:a0:c3:e1:93:db:4b:ad:b2:a6:5d:ab:b0:d4:62:cb:
+        5e:bb:66:f5:2d:ee:97:40:3c:62:eb:5e:d6:14:d6:8c:e2:96:
+        8b:41:69:93:35:e6:b9:99:6b:62:b4:a1:17:66:34:a6:6b:63:
+        c6:b9:4e:f2:22:e9:58:0d:56:41:d1:fa:0c:4a:f0:33:cd:3b:
+        bb:6d:21:3a:ae:8e:72:b5:c3:4a:fb:e9:7d:e5:b1:9b:86:ee:
+        e2:e0:7d:b4:f7:32:fd:22:84:f1:85:c9:37:79:e9:b5:3f:bf:
+        5c:e4:74:b2:8f:11:62:00:dd:18:66:a1:d9:7b:23:5f:f1:8e:
+        d5:67:e8:54:da:5b:3a:6b:36:6f:f9:81:b1:33:47:33:77:40:
+        f9:52:aa:dd:d4:83:cf:85:78:99:9a:93:b9:73:67:42:46:11:
+        21:ea:fe:0a:a9:1b:1a:65:69:b3:8f:ae:16:b6:f6:4b:56:b2:
+        2d:f9:a5:c8:ec:3b:62:a3:ed:6b:d0:4e:d5:40:09:a4:1f:98:
+        d7:3a:a5:92:59:20:e4:b0:7d:cd:5b:73:68:bd:6d:c4:a2:13:
+        0e:67:19:b8:8d:42:7e:6c:0c:9a:6e:a0:24:2d:d5:45:1b:dc:
+        c4:02:14:fe:85:5b:65:97:ca:4e:90:50:08:7a:42:35:f9:ea:
+        c2:66:d4:f8:01:ae:1e:b4:be:c3:a8:ef:fe:76:9a:a2:a6:1f:
+        46:f6:84:ed:fc:db:ce:c4:02:ce:77:48:2c:8c:b2:ec:c3:00:
+        a3:ec:2c:55:18:c1:7e:19:ee:e1:2f:f2:ad:83:9b:9e:ab:19:
+        df:c6:8a:2f:8c:77:e5:b7:05:ec:3b:c1:ec:be:86:b3:86:bc:
+        c0:f7:dc:e7:ea:5b:ae:b2:cc:b5:35:86:4b:d0:e2:3f:b6:d8:
+        f8:0e:00:ee:5d:e3:f7:8d:58:ff:cf:8b:37:e9:63:5f:6e:f7:
+        09:71:36:c2:12:5d:57:f2:c8:b4:cd:f3:ee:02:df:11:dc:6a:
+        b9:57:84:1d:59:4d:8c:ce:c8:0e:23:c2:b7:26:9a:10:14:71:
+        fe:93:b2:8a:b8:80:f0:0e:10:9e:d3:a8:50:0c:37:82:2f:ea:
+        e0:8a:9d:e1:2c:39:ff:b5:b4:73:00:e4:f7:48:a6:73:ac:bf:
+        b2:de:77:04:87:b4:a3:cd:9b:35:24:37:fa:90:93:13:81:42:
+        c6:98:26:75:37:66:41:10:ac:bb:f5:94:e3:c2:31:2b:ad:e7:
+        23:56:cc:35:25:92:b3:50
+SHA1 Fingerprint=54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93
+-----BEGIN CERTIFICATE-----
+MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj
+MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0
+eSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy
+MDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMyNzIzNTk1OVowYzELMAkGA1UEBhMC
+REUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkG
+A1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9
+cUD/h3VCKSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHV
+cp6R+SPWcHu79ZvB7JPPGeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMA
+U6DksquDOFczJZSfvkgdmOGjup5czQRxUX11eKvzWarE4GC+j4NSuHUaQTXtvPM6
+Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWol8hHD/BeEIvnHRz+sTug
+BTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9FIS3R/qy
+8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73J
+co4vzLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg
+8qKrBC7m8kwOFjQgrIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8
+rFEz0ciD0cmfHdRHNCk+y7AO+oMLKFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12
+mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7SWWO/gLCMk3PLNaaZlSJhZQNg
++y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtqeX
+gj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2
+p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQ
+pGv7qHBFfLp+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm
+9S3ul0A8Yute1hTWjOKWi0FpkzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErw
+M807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy/SKE8YXJN3nptT+/XOR0so8RYgDd
+GGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4mZqTuXNnQkYRIer+
+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtzaL1t
+xKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+
+w6jv/naaoqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aK
+L4x35bcF7DvB7L6Gs4a8wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+lj
+X273CXE2whJdV/LItM3z7gLfEdxquVeEHVlNjM7IDiPCtyaaEBRx/pOyiriA8A4Q
+ntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0o82bNSQ3+pCTE4FCxpgm
+dTdmQRCsu/WU48IxK63nI1bMNSWSs1A=
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem b/secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem
new file mode 100644
index 000000000000..72e8d614f96a
--- /dev/null
+++ b/secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem
@@ -0,0 +1,138 @@
+##
+##  TrustAsia Global Root CA G3
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            64:f6:0e:65:77:61:6a:ab:3b:b4:ea:85:84:bb:b1:89:b8:71:93:0f
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G3
+        Validity
+            Not Before: May 20 02:10:19 2021 GMT
+            Not After : May 19 02:10:19 2046 GMT
+        Subject: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:31:82:61:92:e4:94:1b:0a:2a:65:d0:be:06:
+                    a9:87:3b:51:12:ea:70:41:ae:e2:fb:74:ea:0a:8d:
+                    b9:b3:4c:dc:8f:b7:13:52:4f:54:18:e1:2c:73:95:
+                    91:c5:66:3b:6a:cf:ac:63:6d:87:53:f0:f7:f1:39:
+                    b7:a0:43:63:b0:c4:03:5d:57:a9:e7:44:ce:c4:a1:
+                    83:65:f6:50:3e:b1:7e:16:b8:3a:8a:02:d0:96:1f:
+                    00:cd:05:21:ef:06:6d:dd:21:9c:19:43:45:a1:c5:
+                    e8:80:ca:c2:ad:40:62:17:06:c6:aa:bc:f3:d6:e6:
+                    fc:50:7e:66:42:1f:3c:8b:a6:79:79:86:40:35:9f:
+                    20:ef:3f:eb:8b:47:1f:8f:8e:c5:d4:8e:b6:2c:c9:
+                    44:04:e3:d4:43:75:3f:d5:3f:af:1c:cc:7e:46:5f:
+                    ac:df:64:10:8a:ef:46:f0:90:f0:0f:2d:f4:88:0b:
+                    b1:29:aa:af:85:aa:49:58:a8:bf:63:a0:38:91:e6:
+                    b3:e6:77:68:c4:f9:2a:19:84:bb:0e:e1:f5:af:89:
+                    ec:a5:2f:50:20:74:1e:12:41:73:1e:24:d9:ca:ce:
+                    2c:a1:59:35:c0:c8:1d:46:27:61:5a:8f:f9:4d:d3:
+                    72:79:66:1e:9f:15:90:21:2d:fd:ed:8b:56:70:03:
+                    4a:49:3e:7f:69:31:12:69:c7:1e:5c:ca:7a:13:8b:
+                    e8:e6:f5:60:0f:cc:93:2c:84:7f:f1:fc:6a:fc:9b:
+                    47:9d:db:ad:88:3d:f3:76:75:33:d7:4b:a4:c8:8b:
+                    f9:f5:43:58:4f:cb:c8:03:54:8f:a5:85:78:04:1a:
+                    f3:73:f2:d7:87:1d:41:9f:e7:d8:17:ce:1a:9c:0f:
+                    4a:fc:dc:44:68:54:68:e2:41:3c:fe:2c:84:86:37:
+                    3c:cd:3f:2f:a2:db:e7:f7:54:03:5f:59:d3:f7:91:
+                    78:c7:8b:77:6a:16:e5:49:85:90:45:72:70:2f:91:
+                    5d:f8:3e:65:40:0b:19:99:c9:26:20:5a:68:c1:35:
+                    bf:4f:a7:51:f1:d8:11:2b:5b:e0:9a:9e:28:3b:0a:
+                    3a:0a:1f:c1:81:e5:2e:f0:a6:b9:69:a5:88:94:e6:
+                    6b:13:7f:d1:64:3f:3d:9c:70:46:e5:a2:85:7b:58:
+                    84:27:dc:c4:80:3e:67:9a:9a:c7:9a:31:0e:30:ec:
+                    e6:17:40:95:d9:45:ed:01:96:aa:bf:0c:f3:4b:d1:
+                    63:f7:13:58:c0:b8:f3:fa:67:dd:9b:7d:6d:4a:ff:
+                    32:4c:b5:25:3b:ff:1c:67:0f:85:22:59:05:91:91:
+                    41:77:81:d0:85:4c:87:10:71:ff:9e:43:1b:ae:95:
+                    75:2d:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                40:E4:E4:F2:23:EF:38:CA:B0:AE:57:7F:F2:21:30:16:34:DB:BC:92
+            X509v3 Subject Key Identifier: 
+                40:E4:E4:F2:23:EF:38:CA:B0:AE:57:7F:F2:21:30:16:34:DB:BC:92
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+    Signature Algorithm: sha384WithRSAEncryption
+    Signature Value:
+        26:3b:51:e1:4d:38:f3:32:18:b4:b4:5e:e1:65:5e:c4:94:4f:
+        d4:a7:61:a3:f8:c0:cf:33:01:02:e9:c3:aa:35:0f:f1:94:13:
+        77:77:35:9e:2d:56:51:44:6e:e1:c6:2e:28:1e:ff:da:ec:47:
+        cd:97:44:17:f7:e0:4c:c2:e1:7c:7c:32:7a:66:c8:5a:b6:5c:
+        53:45:57:5a:45:d4:05:99:2f:2e:23:55:ee:63:68:df:d3:1b:
+        78:a7:12:94:06:00:75:0d:72:84:e9:2e:bc:5a:6a:d5:de:2f:
+        59:c7:a3:ec:d2:87:66:db:b7:54:b5:24:ab:f4:43:78:db:4b:
+        04:c4:6f:dd:e6:3e:66:3e:29:f2:4b:68:71:22:87:a0:f8:b1:
+        33:63:76:e3:0d:85:72:44:22:55:3f:1c:7c:e9:fc:b8:15:e8:
+        52:fa:aa:3e:a3:21:39:35:74:89:a6:6a:c2:39:fa:78:cf:b6:
+        ac:e7:e7:d6:56:ff:23:92:2e:50:0b:a9:b5:07:33:f4:38:5f:
+        a4:49:a6:cb:65:70:76:e8:0a:85:80:4b:36:3d:33:f7:95:54:
+        75:25:da:ac:c4:73:82:65:e9:52:f5:5c:fd:38:95:02:6a:69:
+        30:c5:1c:0a:57:07:ae:22:a4:2c:f9:c5:41:b7:b8:ec:9f:4f:
+        48:00:f9:01:04:55:cc:ac:f9:32:31:c4:75:95:06:a0:7f:d1:
+        8d:27:dd:b3:a9:a4:72:87:fe:59:8b:9a:7a:74:16:dd:16:a5:
+        62:29:eb:3a:96:dc:8b:a7:68:59:d3:eb:77:91:39:f8:d7:cb:
+        d9:8f:5f:5a:27:01:7d:5d:68:19:62:d8:c8:cd:f4:b7:72:47:
+        be:5b:97:ce:f2:ad:a2:99:93:ad:94:cb:93:f6:12:09:95:b6:
+        ab:d7:3b:d0:3f:11:cb:30:16:2e:79:80:e4:67:81:2d:5d:ed:
+        70:78:b6:60:59:ac:e1:5d:45:63:8f:c8:df:72:68:5b:ea:1d:
+        b8:01:f1:7e:fb:e7:8a:b3:e3:54:a0:38:09:e0:3c:de:42:f2:
+        c2:ed:2e:9b:f3:1f:35:b6:36:d8:e3:80:a1:8b:cd:99:64:0f:
+        c2:aa:ab:b1:ca:f5:6f:9e:43:8d:84:54:99:b3:6e:c0:12:66:
+        d8:70:10:f1:06:35:33:43:a8:9c:2e:ba:14:31:ce:10:7f:1c:
+        86:e3:8f:d2:d5:f8:77:ec:9b:ab:f1:2f:63:d9:42:5f:e0:67:
+        81:64:91:f1:97:2f:fc:6e:26:f6:33:f8:d3:b5:f8:c4:62:ab:
+        31:51:25:02:7a:f8:dd:6b:65:d5:6d:4d:30:c8:65:ba:68:14:
+        65:ac:27:0b:74:8a:f2:87
+SHA1 Fingerprint=63:CF:B6:C1:27:2B:56:E4:88:8E:1C:23:9A:B6:2E:81:47:24:C3:C7
+-----BEGIN CERTIFICATE-----
+MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEM
+BQAwWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dp
+ZXMsIEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAe
+Fw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEwMTlaMFoxCzAJBgNVBAYTAkNOMSUw
+IwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtU
+cnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNS
+T1QY4SxzlZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqK
+AtCWHwDNBSHvBm3dIZwZQ0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1
+nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/VP68czH5GX6zfZBCK70bwkPAPLfSIC7Ep
+qq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1AgdB4SQXMeJNnKziyhWTXA
+yB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm9WAPzJMs
+hH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gX
+zhqcD0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAv
+kV34PmVACxmZySYgWmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msT
+f9FkPz2ccEblooV7WIQn3MSAPmeamseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jA
+uPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCFTIcQcf+eQxuulXUtgQIDAQAB
+o2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj7zjKsK5Xf/Ih
+MBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E
+BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4
+wM8zAQLpw6o1D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2
+XFNFV1pF1AWZLy4jVe5jaN/TG3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1
+JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNjduMNhXJEIlU/HHzp/LgV6FL6qj6j
+ITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstlcHboCoWASzY9M/eV
*** 84 LINES SKIPPED ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402132034.41DKYFVf025040>