Date: Thu, 30 Apr 2026 15:04:18 +0000 From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav <des@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 7c8cafd77171 - stable/13 - caroot: Clean up Message-ID: <69f36f72.3ea44.12a2143b@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/13 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=7c8cafd77171e0792e8c115602ac645c2bdb3def commit 7c8cafd77171e0792e8c115602ac645c2bdb3def Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2026-04-27 09:32:19 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2026-04-30 15:03:23 +0000 caroot: Clean up * Get certdata.txt directly from the NSS Mercurial repository, rather than from the Mozilla Firefox repository which imports it from NSS at irregular intervals. * Instead of always fetching the latest certdata.txt, fetch a specific version. For this commit, we set this to the version that was last imported in May 2025. * Add a refrence to the MPL to the generated files. * Regenerate with latest OpenSSL. This is purely cosmetic; mostly, the certificate names now contain less unnecessary whitespace and some elements are quoted. MFC after: 1 week Reviewed by: michaelo, kevans Differential Revision: https://reviews.freebsd.org/D56620 (cherry picked from commit ce33d6396aadb0613f1e74661bdbec571f836a60) --- secure/caroot/Makefile | 7 ++++++- .../blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem | 10 +++++----- .../blacklisted/Camerfirma_Global_Chambersign_Root.pem | 10 +++++----- secure/caroot/blacklisted/Certum_Root_CA.pem | 9 ++++----- .../caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem | 9 ++++----- secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem | 11 ++++++----- secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem | 11 ++++------- secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem | 11 ++++------- secure/caroot/blacklisted/EC-ACC.pem | 9 ++++----- .../caroot/blacklisted/EE_Certification_Centre_Root_CA.pem | 10 ++++------ .../Entrust_Root_Certification_Authority_-_G4.pem | 11 ++++------- .../GeoTrust_Primary_Certification_Authority.pem | 10 ++++------ .../GeoTrust_Primary_Certification_Authority_-_G2.pem | 9 ++++----- .../GeoTrust_Primary_Certification_Authority_-_G3.pem | 10 ++++------ secure/caroot/blacklisted/GeoTrust_Universal_CA.pem | 10 ++++------ secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem | 10 ++++------ .../caroot/blacklisted/Global_Chambersign_Root_-_2008.pem | 9 ++++----- ...lenic_Academic_and_Research_Institutions_RootCA_2011.pem | 11 ++++------- secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem | 10 ++++------ .../blacklisted/Network_Solutions_Certificate_Authority.pem | 12 +++++------- .../caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem | 9 ++++----- secure/caroot/blacklisted/SecureSign_RootCA11.pem | 11 ++++------- .../caroot/blacklisted/Security_Communication_RootCA3.pem | 11 ++++------- .../blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem | 9 ++++----- secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem | 9 ++++----- secure/caroot/blacklisted/SwissSign_Silver_CA_-_G2.pem | 11 ++++------- ..._Class_1_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------ ..._Class_1_Public_Primary_Certification_Authority_-_G6.pem | 9 ++++----- ..._Class_2_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------ ..._Class_2_Public_Primary_Certification_Authority_-_G6.pem | 9 ++++----- secure/caroot/blacklisted/Taiwan_GRCA.pem | 10 ++++------ secure/caroot/blacklisted/TrustCor_ECA-1.pem | 11 ++++------- secure/caroot/blacklisted/TrustCor_RootCert_CA-1.pem | 11 ++++------- secure/caroot/blacklisted/TrustCor_RootCert_CA-2.pem | 11 ++++------- ..._Class_3_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------ ..._Class_3_Public_Primary_Certification_Authority_-_G5.pem | 10 ++++------ .../VeriSign_Universal_Root_Certification_Authority.pem | 9 ++++----- ..._Class_1_Public_Primary_Certification_Authority_-_G3.pem | 9 ++++----- ..._Class_2_Public_Primary_Certification_Authority_-_G3.pem | 9 ++++----- ..._Class_3_Public_Primary_Certification_Authority_-_G3.pem | 10 ++++------ secure/caroot/blacklisted/thawte_Primary_Root_CA.pem | 10 ++++------ secure/caroot/blacklisted/thawte_Primary_Root_CA_-_G2.pem | 10 ++++------ secure/caroot/blacklisted/thawte_Primary_Root_CA_-_G3.pem | 10 ++++------ secure/caroot/ca-extract.pl | 4 ++-- secure/caroot/trusted/ACCVRAIZ1.pem | 12 +++++------- secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem | 11 ++++------- .../caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem | 11 ++++------- secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem | 11 ++++------- secure/caroot/trusted/Actalis_Authentication_Root_CA.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Commercial.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Networking.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Premium.pem | 11 ++++------- secure/caroot/trusted/AffirmTrust_Premium_ECC.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_1.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_2.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_3.pem | 11 ++++------- secure/caroot/trusted/Amazon_Root_CA_4.pem | 11 ++++------- secure/caroot/trusted/Atos_TrustedRoot_2011.pem | 11 ++++------- .../trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem | 11 ++++------- .../trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem | 11 ++++------- ...idad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem | 11 ++++------- secure/caroot/trusted/BJCA_Global_Root_CA1.pem | 11 ++++------- secure/caroot/trusted/BJCA_Global_Root_CA2.pem | 11 ++++------- secure/caroot/trusted/Baltimore_CyberTrust_Root.pem | 11 ++++------- secure/caroot/trusted/Buypass_Class_2_Root_CA.pem | 11 ++++------- secure/caroot/trusted/Buypass_Class_3_Root_CA.pem | 11 ++++------- secure/caroot/trusted/CA_Disig_Root_R2.pem | 11 ++++------- secure/caroot/trusted/CFCA_EV_ROOT.pem | 11 ++++------- secure/caroot/trusted/COMODO_Certification_Authority.pem | 12 +++++------- .../caroot/trusted/COMODO_ECC_Certification_Authority.pem | 11 ++++------- .../caroot/trusted/COMODO_RSA_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/Certainly_Root_E1.pem | 11 ++++------- secure/caroot/trusted/Certainly_Root_R1.pem | 11 ++++------- secure/caroot/trusted/Certigna.pem | 11 ++++------- secure/caroot/trusted/Certigna_Root_CA.pem | 13 ++++++------- secure/caroot/trusted/Certum_EC-384_CA.pem | 11 ++++------- secure/caroot/trusted/Certum_Trusted_Network_CA.pem | 11 ++++------- secure/caroot/trusted/Certum_Trusted_Network_CA_2.pem | 11 ++++------- secure/caroot/trusted/Certum_Trusted_Root_CA.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem | 11 ++++------- .../caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem | 11 ++++------- secure/caroot/trusted/Comodo_AAA_Services_root.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_BR_Root_CA_1_2020.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem | 12 +++++------- secure/caroot/trusted/D-TRUST_EV_Root_CA_1_2020.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem | 12 +++++------- secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_2009.pem | 13 ++++++------- secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem | 13 ++++++------- secure/caroot/trusted/DigiCert_Assured_ID_Root_CA.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Assured_ID_Root_G2.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Assured_ID_Root_G3.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Global_Root_CA.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Global_Root_G2.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Global_Root_G3.pem | 11 ++++------- .../caroot/trusted/DigiCert_High_Assurance_EV_Root_CA.pem | 11 ++++------- secure/caroot/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem | 11 ++++------- secure/caroot/trusted/DigiCert_TLS_RSA4096_Root_G5.pem | 11 ++++------- secure/caroot/trusted/DigiCert_Trusted_Root_G4.pem | 11 ++++------- .../caroot/trusted/Entrust_Root_Certification_Authority.pem | 11 ++++------- .../trusted/Entrust_Root_Certification_Authority_-_EC1.pem | 11 ++++------- .../trusted/Entrust_Root_Certification_Authority_-_G2.pem | 11 ++++------- .../trusted/Entrust_net_Premium_2048_Secure_Server_CA.pem | 11 ++++------- secure/caroot/trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem | 11 ++++------- secure/caroot/trusted/GDCA_TrustAUTH_R5_ROOT.pem | 11 ++++------- secure/caroot/trusted/GLOBALTRUST_2020.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R1.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R2.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R3.pem | 11 ++++------- secure/caroot/trusted/GTS_Root_R4.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R4.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R5.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_CA.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_CA_-_R3.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_CA_-_R6.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_E46.pem | 11 ++++------- secure/caroot/trusted/GlobalSign_Root_R46.pem | 11 ++++------- secure/caroot/trusted/Go_Daddy_Class_2_CA.pem | 11 ++++------- .../trusted/Go_Daddy_Root_Certificate_Authority_-_G2.pem | 11 ++++------- secure/caroot/trusted/HARICA_TLS_ECC_Root_CA_2021.pem | 11 ++++------- secure/caroot/trusted/HARICA_TLS_RSA_Root_CA_2021.pem | 11 ++++------- ...c_Academic_and_Research_Institutions_ECC_RootCA_2015.pem | 11 ++++------- ...lenic_Academic_and_Research_Institutions_RootCA_2015.pem | 11 ++++------- secure/caroot/trusted/HiPKI_Root_CA_-_G1.pem | 11 ++++------- secure/caroot/trusted/Hongkong_Post_Root_CA_3.pem | 11 ++++------- secure/caroot/trusted/ISRG_Root_X1.pem | 11 ++++------- secure/caroot/trusted/ISRG_Root_X2.pem | 11 ++++------- secure/caroot/trusted/IdenTrust_Commercial_Root_CA_1.pem | 11 ++++------- secure/caroot/trusted/IdenTrust_Public_Sector_Root_CA_1.pem | 11 ++++------- secure/caroot/trusted/Izenpe_com.pem | 11 ++++------- secure/caroot/trusted/Microsec_e-Szigno_Root_CA_2009.pem | 11 ++++------- .../Microsoft_ECC_Root_Certificate_Authority_2017.pem | 11 ++++------- .../Microsoft_RSA_Root_Certificate_Authority_2017.pem | 11 ++++------- .../trusted/NAVER_Global_Root_Certification_Authority.pem | 11 ++++------- .../NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem | 11 ++++------- secure/caroot/trusted/OISTE_WISeKey_Global_Root_GB_CA.pem | 11 ++++------- secure/caroot/trusted/OISTE_WISeKey_Global_Root_GC_CA.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_1_G3.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_2.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_2_G3.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_3.pem | 11 ++++------- secure/caroot/trusted/QuoVadis_Root_CA_3_G3.pem | 11 ++++------- .../trusted/SSL_com_EV_Root_Certification_Authority_ECC.pem | 11 ++++------- .../SSL_com_EV_Root_Certification_Authority_RSA_R2.pem | 11 ++++------- .../trusted/SSL_com_Root_Certification_Authority_ECC.pem | 11 ++++------- .../trusted/SSL_com_Root_Certification_Authority_RSA.pem | 11 ++++------- secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem | 11 ++++------- secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem | 11 ++++------- secure/caroot/trusted/SZAFIR_ROOT_CA2.pem | 11 ++++------- .../Sectigo_Public_Server_Authentication_Root_E46.pem | 11 ++++------- .../Sectigo_Public_Server_Authentication_Root_R46.pem | 11 ++++------- secure/caroot/trusted/SecureSign_Root_CA12.pem | 11 ++++------- secure/caroot/trusted/SecureSign_Root_CA14.pem | 11 ++++------- secure/caroot/trusted/SecureSign_Root_CA15.pem | 11 ++++------- secure/caroot/trusted/SecureTrust_CA.pem | 12 +++++------- secure/caroot/trusted/Secure_Global_CA.pem | 12 +++++------- .../caroot/trusted/Security_Communication_ECC_RootCA1.pem | 11 ++++------- secure/caroot/trusted/Security_Communication_RootCA2.pem | 11 ++++------- secure/caroot/trusted/Starfield_Class_2_CA.pem | 11 ++++------- .../trusted/Starfield_Root_Certificate_Authority_-_G2.pem | 11 ++++------- .../Starfield_Services_Root_Certificate_Authority_-_G2.pem | 11 ++++------- secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem | 11 ++++------- secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_2.pem | 11 ++++------- secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_3.pem | 11 ++++------- .../TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem | 11 ++++------- secure/caroot/trusted/TWCA_CYBER_Root_CA.pem | 11 ++++------- secure/caroot/trusted/TWCA_Global_Root_CA.pem | 11 ++++------- secure/caroot/trusted/TWCA_Root_Certification_Authority.pem | 11 ++++------- .../caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem | 11 ++++------- .../caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem | 11 ++++------- secure/caroot/trusted/TeliaSonera_Root_CA_v1.pem | 11 ++++------- secure/caroot/trusted/Telia_Root_CA_v2.pem | 11 ++++------- secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem | 11 ++++------- secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem | 11 ++++------- .../trusted/Trustwave_Global_Certification_Authority.pem | 11 ++++------- .../Trustwave_Global_ECC_P256_Certification_Authority.pem | 11 ++++------- .../Trustwave_Global_ECC_P384_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/TunTrust_Root_CA.pem | 11 ++++------- secure/caroot/trusted/UCA_Extended_Validation_Root.pem | 11 ++++------- secure/caroot/trusted/UCA_Global_G2_Root.pem | 11 ++++------- .../trusted/USERTrust_ECC_Certification_Authority.pem | 11 ++++------- .../trusted/USERTrust_RSA_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/XRamp_Global_CA_Root.pem | 12 +++++------- secure/caroot/trusted/certSIGN_ROOT_CA.pem | 11 ++++------- secure/caroot/trusted/certSIGN_Root_CA_G2.pem | 11 ++++------- secure/caroot/trusted/e-Szigno_Root_CA_2017.pem | 11 ++++------- secure/caroot/trusted/ePKI_Root_Certification_Authority.pem | 11 ++++------- secure/caroot/trusted/emSign_ECC_Root_CA_-_C3.pem | 11 ++++------- secure/caroot/trusted/emSign_ECC_Root_CA_-_G3.pem | 11 ++++------- secure/caroot/trusted/emSign_Root_CA_-_C1.pem | 11 ++++------- secure/caroot/trusted/emSign_Root_CA_-_G1.pem | 11 ++++------- secure/caroot/trusted/vTrus_ECC_Root_CA.pem | 11 ++++------- secure/caroot/trusted/vTrus_Root_CA.pem | 11 ++++------- 194 files changed, 800 insertions(+), 1300 deletions(-) diff --git a/secure/caroot/Makefile b/secure/caroot/Makefile index 7f4f08991a85..e23384078e9b 100644 --- a/secure/caroot/Makefile +++ b/secure/caroot/Makefile @@ -6,12 +6,17 @@ SUBDIR+= blacklisted .include <bsd.obj.mk> +# Set this to an upstream hash or tag +# https://hg-edge.mozilla.org/projects/nss/tags +HGVER = e71e3de47d4ca7a3efa7c11096ab2e20ae71683e + # To be used by secteam@ to update the trusted certificates fetchcerts: .PHONY - fetch --no-sslv3 --no-tlsv1 -o certdata.txt 'https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt' + fetch --mirror -o certdata.txt 'https://hg-edge.mozilla.org/projects/nss/raw-file/${HGVER}/lib/ckfw/builtins/certdata.txt' cleancerts: .PHONY @${MAKE} -C ${.CURDIR}/trusted ${.TARGET} + @${MAKE} -C ${.CURDIR}/untrusted ${.TARGET} updatecerts: .PHONY cleancerts fetchcerts perl ${.CURDIR}/ca-extract.pl -i certdata.txt \ diff --git a/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem b/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem index 12bb099e2312..5d7577fd66de 100644 --- a/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem +++ b/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -14,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root + Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root Validity Not Before: Sep 30 16:13:43 2003 GMT Not After : Sep 30 16:13:44 2037 GMT - Subject: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root + Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -48,6 +47,7 @@ Certificate: X509v3 CRL Distribution Points: Full Name: URI:http://crl.chambersign.org/chambersroot.crl + X509v3 Subject Key Identifier: E3:94:F5:B1:4D:E9:DB:A1:29:5B:57:8B:4D:76:06:76:E1:D1:A2:8A X509v3 Key Usage: critical diff --git a/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem b/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem index da95297880f6..43fd743fd716 100644 --- a/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem +++ b/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -14,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Global Chambersign Root + Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root Validity Not Before: Sep 30 16:14:18 2003 GMT Not After : Sep 30 16:14:18 2037 GMT - Subject: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Global Chambersign Root + Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -48,6 +47,7 @@ Certificate: X509v3 CRL Distribution Points: Full Name: URI:http://crl.chambersign.org/chambersignroot.crl + X509v3 Subject Key Identifier: 43:9C:36:9F:B0:9E:30:4D:C6:CE:5F:AD:10:AB:E5:03:A5:FA:A9:14 X509v3 Key Usage: critical diff --git a/secure/caroot/blacklisted/Certum_Root_CA.pem b/secure/caroot/blacklisted/Certum_Root_CA.pem index 1df73e0c7336..8efb89ec7a92 100644 --- a/secure/caroot/blacklisted/Certum_Root_CA.pem +++ b/secure/caroot/blacklisted/Certum_Root_CA.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -14,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 65568 (0x10020) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = PL, O = Unizeto Sp. z o.o., CN = Certum CA + Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA Validity Not Before: Jun 11 10:46:39 2002 GMT Not After : Jun 11 10:46:39 2027 GMT - Subject: C = PL, O = Unizeto Sp. z o.o., CN = Certum CA + Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem b/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem index b40288095005..0318e4ee3f43 100644 --- a/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem +++ b/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +14,11 @@ Certificate: Serial Number: a3:da:42:7e:a4:b1:ae:da Signature Algorithm: sha1WithRSAEncryption - Issuer: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008 + Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008 Validity Not Before: Aug 1 12:29:50 2008 GMT Not After : Jul 31 12:29:50 2038 GMT - Subject: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008 + Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem b/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem index 81d66de7a736..81181370d67d 100644 --- a/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem +++ b/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -14,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 1039788 (0xfddac) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013 + Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013 Validity Not Before: Sep 20 08:25:51 2013 GMT Not After : Sep 20 08:25:51 2028 GMT - Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013 + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -52,8 +51,10 @@ Certificate: X509v3 CRL Distribution Points: Full Name: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20CA%203%202013,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + Full Name: URI:http://crl.d-trust.net/crl/d-trust_root_ca_3_2013.crl + Signature Algorithm: sha256WithRSAEncryption Signature Value: 0e:59:0e:58:e4:74:48:23:44:cf:34:21:b5:9c:14:1a:ad:9a: diff --git a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem index 80e67454926a..5c8e87176c7e 100644 --- a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem +++ b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 26:46:19:77:31:e1:4f:6f:28:36:de:39:51:86:e6:d4:97:88:22:c1 Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA ECC v3 + Issuer: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3 Validity Not Before: Mar 18 09:46:58 2020 GMT Not After : Mar 12 09:46:58 2045 GMT - Subject: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA ECC v3 + Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem index fd076cdd2649..ce226f323f43 100644 --- a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem +++ b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 0d:4d:c5:cd:16:22:95:96:08:7e:b8:0b:7f:15:06:34:fb:79:10:34 Signature Algorithm: sha256WithRSAEncryption - Issuer: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA RSA v3 + Issuer: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3 Validity Not Before: Mar 18 09:07:17 2020 GMT Not After : Mar 12 09:07:17 2045 GMT - Subject: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA RSA v3 + Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/EC-ACC.pem b/secure/caroot/blacklisted/EC-ACC.pem index f11ae64d3455..0605493d156e 100644 --- a/secure/caroot/blacklisted/EC-ACC.pem +++ b/secure/caroot/blacklisted/EC-ACC.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +14,11 @@ Certificate: Serial Number: (Negative)11:d4:c2:14:2b:de:21:eb:57:9d:53:fb:0c:22:3b:ff Signature Algorithm: sha1WithRSAEncryption - Issuer: C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC + Issuer: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC Validity Not Before: Jan 7 23:00:00 2003 GMT Not After : Jan 7 22:59:59 2031 GMT - Subject: C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC + Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem b/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem index 30c2b1c5ed73..9f6856fbd0f5 100644 --- a/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem +++ b/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem @@ -3,10 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss -## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +14,11 @@ Certificate: Serial Number: 54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a Signature Algorithm: sha1WithRSAEncryption - Issuer: C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee + Issuer: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, emailAddress=pki@sk.ee Validity Not Before: Oct 30 10:10:30 2010 GMT Not After : Dec 17 23:59:59 2030 GMT - Subject: C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee + Subject: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, emailAddress=pki@sk.ee Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem b/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem index e17aaebf9803..5ba30652aca4 100644 --- a/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem +++ b/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 Signature Algorithm: sha256WithRSAEncryption - Issuer: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4 + Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4 Validity Not Before: May 27 11:11:16 2015 GMT Not After : Dec 27 11:41:16 2037 GMT - Subject: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4 + Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem index 67d394b17f9f..4556c986d502 100644 --- a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem +++ b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem @@ -3,10 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss -## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +14,11 @@ Certificate: Serial Number: 18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 Signature Algorithm: sha1WithRSAEncryption - Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority + Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority Validity Not Before: Nov 27 00:00:00 2006 GMT Not After : Jul 16 23:59:59 2036 GMT - Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem index 94efbdeb124e..a99362a2c2e0 100644 --- a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem +++ b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +14,11 @@ Certificate: Serial Number: 3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2 + Issuer: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 Validity Not Before: Nov 5 00:00:00 2007 GMT Not After : Jan 18 23:59:59 2038 GMT - Subject: C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2 + Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) diff --git a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem index e39265fc0b60..86b2dba7f212 100644 --- a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem +++ b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem @@ -3,10 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss -## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +14,11 @@ Certificate: Serial Number: 15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f Signature Algorithm: sha256WithRSAEncryption - Issuer: C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3 + Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 Validity Not Before: Apr 2 00:00:00 2008 GMT Not After : Dec 1 23:59:59 2037 GMT - Subject: C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3 + Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem b/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem index 5d998cfcedb2..26b4f726c4bc 100644 --- a/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem +++ b/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem @@ -3,10 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss -## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA + Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA Validity Not Before: Mar 4 05:00:00 2004 GMT Not After : Mar 4 05:00:00 2029 GMT - Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem b/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem index 28c426e85fc4..8294fc4871fd 100644 --- a/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem +++ b/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem @@ -3,10 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss -## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2 + Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2 Validity Not Before: Mar 4 05:00:00 2004 GMT Not After : Mar 4 05:00:00 2029 GMT - Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2 + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem b/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem index 463f8370396e..c0a22dbf307e 100644 --- a/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem +++ b/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +14,11 @@ Certificate: Serial Number: c9:cd:d3:e9:d5:7d:23:ce Signature Algorithm: sha1WithRSAEncryption - Issuer: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008 + Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 Validity Not Before: Aug 1 12:31:40 2008 GMT Not After : Jul 31 12:31:40 2038 GMT - Subject: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008 + Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem b/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem index e283f2d4bd85..c8e73bc4d867 100644 --- a/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem +++ b/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011 + Issuer: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 Validity Not Before: Dec 6 13:49:52 2011 GMT Not After : Dec 1 13:49:52 2031 GMT - Subject: C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011 + Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem b/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem index 3c191046534d..fc3a0ccbd503 100644 --- a/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem +++ b/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem @@ -3,10 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss -## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $ +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +14,11 @@ Certificate: Serial Number: 0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 Signature Algorithm: sha256WithRSAEncryption - Issuer: C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2 + Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2 Validity Not Before: Mar 5 13:21:57 2015 GMT Not After : Mar 5 13:21:57 2035 GMT - Subject: C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2 + Subject: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem b/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem index 125b39985a76..9e5578fd21b0 100644 --- a/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem +++ b/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: 57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0 Signature Algorithm: sha1WithRSAEncryption - Issuer: C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority + Issuer: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority Validity Not Before: Dec 1 00:00:00 2006 GMT Not After : Dec 31 23:59:59 2029 GMT - Subject: C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority + Subject: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) @@ -55,6 +52,7 @@ Certificate: X509v3 CRL Distribution Points: Full Name: URI:http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl + Signature Algorithm: sha1WithRSAEncryption Signature Value: bb:ae:4b:e7:b7:57:eb:7f:aa:2d:b7:73:47:85:6a:c1:e4:a5: diff --git a/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem b/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem index 9b4db61fc2e8..3c7f5d613d9b 100644 --- a/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem +++ b/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -15,11 +14,11 @@ Certificate: Serial Number: 41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a Signature Algorithm: sha1WithRSAEncryption - Issuer: C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA + Issuer: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA Validity Not Before: Dec 11 16:03:44 2005 GMT Not After : Dec 11 16:09:51 2037 GMT - Subject: C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA + Subject: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/SecureSign_RootCA11.pem b/secure/caroot/blacklisted/SecureSign_RootCA11.pem index a7787e2814da..7cbbc1b2ccc0 100644 --- a/secure/caroot/blacklisted/SecureSign_RootCA11.pem +++ b/secure/caroot/blacklisted/SecureSign_RootCA11.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -16,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha1WithRSAEncryption - Issuer: C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11 + Issuer: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 Validity Not Before: Apr 8 04:56:47 2009 GMT Not After : Apr 8 04:56:47 2029 GMT - Subject: C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11 + Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) diff --git a/secure/caroot/blacklisted/Security_Communication_RootCA3.pem b/secure/caroot/blacklisted/Security_Communication_RootCA3.pem index 1355dddd6254..2f31e16660ab 100644 --- a/secure/caroot/blacklisted/Security_Communication_RootCA3.pem +++ b/secure/caroot/blacklisted/Security_Communication_RootCA3.pem @@ -3,11 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## It contains a certificate trusted for server authentication. -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -17,11 +14,11 @@ Certificate: Serial Number: e1:7c:37:40:fd:1b:fe:67 Signature Algorithm: sha384WithRSAEncryption - Issuer: C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = Security Communication RootCA3 + Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3 Validity Not Before: Jun 16 06:17:16 2016 GMT Not After : Jan 18 06:17:16 2038 GMT - Subject: C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = Security Communication RootCA3 + Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) diff --git a/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem b/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem index 711c05660312..e5fa6b4b265f 100644 --- a/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem +++ b/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem @@ -3,9 +3,8 @@ ## ## This is a single X.509 certificate for a public Certificate ## Authority (CA). It was automatically extracted from Mozilla's -## root CA list (the file `certdata.txt' in security/nss). -## -## Extracted from nss +## root CA list (the file `certdata.txt' in security/nss) +## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/. ## ## @generated ## @@ -14,11 +13,11 @@ Certificate: Version: 3 (0x2) Serial Number: 10003001 (0x98a239) Signature Algorithm: sha256WithRSAEncryption - Issuer: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3 *** 5540 LINES SKIPPED ***home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f36f72.3ea44.12a2143b>