git: 7c8cafd77171 - stable/13 - caroot: Clean up
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 30 Apr 2026 15:04:18 UTC
The branch stable/13 has been updated by des:
URL: https://cgit.FreeBSD.org/src/commit/?id=7c8cafd77171e0792e8c115602ac645c2bdb3def
commit 7c8cafd77171e0792e8c115602ac645c2bdb3def
Author: Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2026-04-27 09:32:19 +0000
Commit: Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2026-04-30 15:03:23 +0000
caroot: Clean up
* Get certdata.txt directly from the NSS Mercurial repository, rather
than from the Mozilla Firefox repository which imports it from NSS at
irregular intervals.
* Instead of always fetching the latest certdata.txt, fetch a specific
version. For this commit, we set this to the version that was last
imported in May 2025.
* Add a refrence to the MPL to the generated files.
* Regenerate with latest OpenSSL. This is purely cosmetic; mostly, the
certificate names now contain less unnecessary whitespace and some
elements are quoted.
MFC after: 1 week
Reviewed by: michaelo, kevans
Differential Revision: https://reviews.freebsd.org/D56620
(cherry picked from commit ce33d6396aadb0613f1e74661bdbec571f836a60)
---
secure/caroot/Makefile | 7 ++++++-
.../blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem | 10 +++++-----
.../blacklisted/Camerfirma_Global_Chambersign_Root.pem | 10 +++++-----
secure/caroot/blacklisted/Certum_Root_CA.pem | 9 ++++-----
.../caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem | 9 ++++-----
secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem | 11 ++++++-----
secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem | 11 ++++-------
secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem | 11 ++++-------
secure/caroot/blacklisted/EC-ACC.pem | 9 ++++-----
.../caroot/blacklisted/EE_Certification_Centre_Root_CA.pem | 10 ++++------
.../Entrust_Root_Certification_Authority_-_G4.pem | 11 ++++-------
.../GeoTrust_Primary_Certification_Authority.pem | 10 ++++------
.../GeoTrust_Primary_Certification_Authority_-_G2.pem | 9 ++++-----
.../GeoTrust_Primary_Certification_Authority_-_G3.pem | 10 ++++------
secure/caroot/blacklisted/GeoTrust_Universal_CA.pem | 10 ++++------
secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem | 10 ++++------
.../caroot/blacklisted/Global_Chambersign_Root_-_2008.pem | 9 ++++-----
...lenic_Academic_and_Research_Institutions_RootCA_2011.pem | 11 ++++-------
secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem | 10 ++++------
.../blacklisted/Network_Solutions_Certificate_Authority.pem | 12 +++++-------
.../caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem | 9 ++++-----
secure/caroot/blacklisted/SecureSign_RootCA11.pem | 11 ++++-------
.../caroot/blacklisted/Security_Communication_RootCA3.pem | 11 ++++-------
.../blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem | 9 ++++-----
secure/caroot/blacklisted/SwissSign_Platinum_CA_-_G2.pem | 9 ++++-----
secure/caroot/blacklisted/SwissSign_Silver_CA_-_G2.pem | 11 ++++-------
..._Class_1_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------
..._Class_1_Public_Primary_Certification_Authority_-_G6.pem | 9 ++++-----
..._Class_2_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------
..._Class_2_Public_Primary_Certification_Authority_-_G6.pem | 9 ++++-----
secure/caroot/blacklisted/Taiwan_GRCA.pem | 10 ++++------
secure/caroot/blacklisted/TrustCor_ECA-1.pem | 11 ++++-------
secure/caroot/blacklisted/TrustCor_RootCert_CA-1.pem | 11 ++++-------
secure/caroot/blacklisted/TrustCor_RootCert_CA-2.pem | 11 ++++-------
..._Class_3_Public_Primary_Certification_Authority_-_G4.pem | 10 ++++------
..._Class_3_Public_Primary_Certification_Authority_-_G5.pem | 10 ++++------
.../VeriSign_Universal_Root_Certification_Authority.pem | 9 ++++-----
..._Class_1_Public_Primary_Certification_Authority_-_G3.pem | 9 ++++-----
..._Class_2_Public_Primary_Certification_Authority_-_G3.pem | 9 ++++-----
..._Class_3_Public_Primary_Certification_Authority_-_G3.pem | 10 ++++------
secure/caroot/blacklisted/thawte_Primary_Root_CA.pem | 10 ++++------
secure/caroot/blacklisted/thawte_Primary_Root_CA_-_G2.pem | 10 ++++------
secure/caroot/blacklisted/thawte_Primary_Root_CA_-_G3.pem | 10 ++++------
secure/caroot/ca-extract.pl | 4 ++--
secure/caroot/trusted/ACCVRAIZ1.pem | 12 +++++-------
secure/caroot/trusted/AC_RAIZ_FNMT-RCM.pem | 11 ++++-------
.../caroot/trusted/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem | 11 ++++-------
secure/caroot/trusted/ANF_Secure_Server_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/Actalis_Authentication_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/AffirmTrust_Commercial.pem | 11 ++++-------
secure/caroot/trusted/AffirmTrust_Networking.pem | 11 ++++-------
secure/caroot/trusted/AffirmTrust_Premium.pem | 11 ++++-------
secure/caroot/trusted/AffirmTrust_Premium_ECC.pem | 11 ++++-------
secure/caroot/trusted/Amazon_Root_CA_1.pem | 11 ++++-------
secure/caroot/trusted/Amazon_Root_CA_2.pem | 11 ++++-------
secure/caroot/trusted/Amazon_Root_CA_3.pem | 11 ++++-------
secure/caroot/trusted/Amazon_Root_CA_4.pem | 11 ++++-------
secure/caroot/trusted/Atos_TrustedRoot_2011.pem | 11 ++++-------
.../trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem | 11 ++++-------
.../trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem | 11 ++++-------
...idad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem | 11 ++++-------
secure/caroot/trusted/BJCA_Global_Root_CA1.pem | 11 ++++-------
secure/caroot/trusted/BJCA_Global_Root_CA2.pem | 11 ++++-------
secure/caroot/trusted/Baltimore_CyberTrust_Root.pem | 11 ++++-------
secure/caroot/trusted/Buypass_Class_2_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/Buypass_Class_3_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/CA_Disig_Root_R2.pem | 11 ++++-------
secure/caroot/trusted/CFCA_EV_ROOT.pem | 11 ++++-------
secure/caroot/trusted/COMODO_Certification_Authority.pem | 12 +++++-------
.../caroot/trusted/COMODO_ECC_Certification_Authority.pem | 11 ++++-------
.../caroot/trusted/COMODO_RSA_Certification_Authority.pem | 11 ++++-------
secure/caroot/trusted/Certainly_Root_E1.pem | 11 ++++-------
secure/caroot/trusted/Certainly_Root_R1.pem | 11 ++++-------
secure/caroot/trusted/Certigna.pem | 11 ++++-------
secure/caroot/trusted/Certigna_Root_CA.pem | 13 ++++++-------
secure/caroot/trusted/Certum_EC-384_CA.pem | 11 ++++-------
secure/caroot/trusted/Certum_Trusted_Network_CA.pem | 11 ++++-------
secure/caroot/trusted/Certum_Trusted_Network_CA_2.pem | 11 ++++-------
secure/caroot/trusted/Certum_Trusted_Root_CA.pem | 11 ++++-------
.../caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem | 11 ++++-------
.../caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem | 11 ++++-------
.../caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem | 11 ++++-------
.../caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem | 11 ++++-------
secure/caroot/trusted/Comodo_AAA_Services_root.pem | 13 ++++++-------
secure/caroot/trusted/D-TRUST_BR_Root_CA_1_2020.pem | 13 ++++++-------
secure/caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem | 12 +++++-------
secure/caroot/trusted/D-TRUST_EV_Root_CA_1_2020.pem | 13 ++++++-------
secure/caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem | 12 +++++-------
secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_2009.pem | 13 ++++++-------
secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem | 13 ++++++-------
secure/caroot/trusted/DigiCert_Assured_ID_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_Assured_ID_Root_G2.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_Assured_ID_Root_G3.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_Global_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_Global_Root_G2.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_Global_Root_G3.pem | 11 ++++-------
.../caroot/trusted/DigiCert_High_Assurance_EV_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_TLS_RSA4096_Root_G5.pem | 11 ++++-------
secure/caroot/trusted/DigiCert_Trusted_Root_G4.pem | 11 ++++-------
.../caroot/trusted/Entrust_Root_Certification_Authority.pem | 11 ++++-------
.../trusted/Entrust_Root_Certification_Authority_-_EC1.pem | 11 ++++-------
.../trusted/Entrust_Root_Certification_Authority_-_G2.pem | 11 ++++-------
.../trusted/Entrust_net_Premium_2048_Secure_Server_CA.pem | 11 ++++-------
secure/caroot/trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem | 11 ++++-------
secure/caroot/trusted/GDCA_TrustAUTH_R5_ROOT.pem | 11 ++++-------
secure/caroot/trusted/GLOBALTRUST_2020.pem | 11 ++++-------
secure/caroot/trusted/GTS_Root_R1.pem | 11 ++++-------
secure/caroot/trusted/GTS_Root_R2.pem | 11 ++++-------
secure/caroot/trusted/GTS_Root_R3.pem | 11 ++++-------
secure/caroot/trusted/GTS_Root_R4.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R4.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_ECC_Root_CA_-_R5.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_Root_CA_-_R3.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_Root_CA_-_R6.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_Root_E46.pem | 11 ++++-------
secure/caroot/trusted/GlobalSign_Root_R46.pem | 11 ++++-------
secure/caroot/trusted/Go_Daddy_Class_2_CA.pem | 11 ++++-------
.../trusted/Go_Daddy_Root_Certificate_Authority_-_G2.pem | 11 ++++-------
secure/caroot/trusted/HARICA_TLS_ECC_Root_CA_2021.pem | 11 ++++-------
secure/caroot/trusted/HARICA_TLS_RSA_Root_CA_2021.pem | 11 ++++-------
...c_Academic_and_Research_Institutions_ECC_RootCA_2015.pem | 11 ++++-------
...lenic_Academic_and_Research_Institutions_RootCA_2015.pem | 11 ++++-------
secure/caroot/trusted/HiPKI_Root_CA_-_G1.pem | 11 ++++-------
secure/caroot/trusted/Hongkong_Post_Root_CA_3.pem | 11 ++++-------
secure/caroot/trusted/ISRG_Root_X1.pem | 11 ++++-------
secure/caroot/trusted/ISRG_Root_X2.pem | 11 ++++-------
secure/caroot/trusted/IdenTrust_Commercial_Root_CA_1.pem | 11 ++++-------
secure/caroot/trusted/IdenTrust_Public_Sector_Root_CA_1.pem | 11 ++++-------
secure/caroot/trusted/Izenpe_com.pem | 11 ++++-------
secure/caroot/trusted/Microsec_e-Szigno_Root_CA_2009.pem | 11 ++++-------
.../Microsoft_ECC_Root_Certificate_Authority_2017.pem | 11 ++++-------
.../Microsoft_RSA_Root_Certificate_Authority_2017.pem | 11 ++++-------
.../trusted/NAVER_Global_Root_Certification_Authority.pem | 11 ++++-------
.../NetLock_Arany__Class_Gold__F__tan__s__tv__ny.pem | 11 ++++-------
secure/caroot/trusted/OISTE_WISeKey_Global_Root_GB_CA.pem | 11 ++++-------
secure/caroot/trusted/OISTE_WISeKey_Global_Root_GC_CA.pem | 11 ++++-------
secure/caroot/trusted/QuoVadis_Root_CA_1_G3.pem | 11 ++++-------
secure/caroot/trusted/QuoVadis_Root_CA_2.pem | 11 ++++-------
secure/caroot/trusted/QuoVadis_Root_CA_2_G3.pem | 11 ++++-------
secure/caroot/trusted/QuoVadis_Root_CA_3.pem | 11 ++++-------
secure/caroot/trusted/QuoVadis_Root_CA_3_G3.pem | 11 ++++-------
.../trusted/SSL_com_EV_Root_Certification_Authority_ECC.pem | 11 ++++-------
.../SSL_com_EV_Root_Certification_Authority_RSA_R2.pem | 11 ++++-------
.../trusted/SSL_com_Root_Certification_Authority_ECC.pem | 11 ++++-------
.../trusted/SSL_com_Root_Certification_Authority_RSA.pem | 11 ++++-------
secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem | 11 ++++-------
secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem | 11 ++++-------
secure/caroot/trusted/SZAFIR_ROOT_CA2.pem | 11 ++++-------
.../Sectigo_Public_Server_Authentication_Root_E46.pem | 11 ++++-------
.../Sectigo_Public_Server_Authentication_Root_R46.pem | 11 ++++-------
secure/caroot/trusted/SecureSign_Root_CA12.pem | 11 ++++-------
secure/caroot/trusted/SecureSign_Root_CA14.pem | 11 ++++-------
secure/caroot/trusted/SecureSign_Root_CA15.pem | 11 ++++-------
secure/caroot/trusted/SecureTrust_CA.pem | 12 +++++-------
secure/caroot/trusted/Secure_Global_CA.pem | 12 +++++-------
.../caroot/trusted/Security_Communication_ECC_RootCA1.pem | 11 ++++-------
secure/caroot/trusted/Security_Communication_RootCA2.pem | 11 ++++-------
secure/caroot/trusted/Starfield_Class_2_CA.pem | 11 ++++-------
.../trusted/Starfield_Root_Certificate_Authority_-_G2.pem | 11 ++++-------
.../Starfield_Services_Root_Certificate_Authority_-_G2.pem | 11 ++++-------
secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem | 11 ++++-------
secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_2.pem | 11 ++++-------
secure/caroot/trusted/T-TeleSec_GlobalRoot_Class_3.pem | 11 ++++-------
.../TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem | 11 ++++-------
secure/caroot/trusted/TWCA_CYBER_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/TWCA_Global_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/TWCA_Root_Certification_Authority.pem | 11 ++++-------
.../caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem | 11 ++++-------
.../caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem | 11 ++++-------
secure/caroot/trusted/TeliaSonera_Root_CA_v1.pem | 11 ++++-------
secure/caroot/trusted/Telia_Root_CA_v2.pem | 11 ++++-------
secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem | 11 ++++-------
secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem | 11 ++++-------
.../trusted/Trustwave_Global_Certification_Authority.pem | 11 ++++-------
.../Trustwave_Global_ECC_P256_Certification_Authority.pem | 11 ++++-------
.../Trustwave_Global_ECC_P384_Certification_Authority.pem | 11 ++++-------
secure/caroot/trusted/TunTrust_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/UCA_Extended_Validation_Root.pem | 11 ++++-------
secure/caroot/trusted/UCA_Global_G2_Root.pem | 11 ++++-------
.../trusted/USERTrust_ECC_Certification_Authority.pem | 11 ++++-------
.../trusted/USERTrust_RSA_Certification_Authority.pem | 11 ++++-------
secure/caroot/trusted/XRamp_Global_CA_Root.pem | 12 +++++-------
secure/caroot/trusted/certSIGN_ROOT_CA.pem | 11 ++++-------
secure/caroot/trusted/certSIGN_Root_CA_G2.pem | 11 ++++-------
secure/caroot/trusted/e-Szigno_Root_CA_2017.pem | 11 ++++-------
secure/caroot/trusted/ePKI_Root_Certification_Authority.pem | 11 ++++-------
secure/caroot/trusted/emSign_ECC_Root_CA_-_C3.pem | 11 ++++-------
secure/caroot/trusted/emSign_ECC_Root_CA_-_G3.pem | 11 ++++-------
secure/caroot/trusted/emSign_Root_CA_-_C1.pem | 11 ++++-------
secure/caroot/trusted/emSign_Root_CA_-_G1.pem | 11 ++++-------
secure/caroot/trusted/vTrus_ECC_Root_CA.pem | 11 ++++-------
secure/caroot/trusted/vTrus_Root_CA.pem | 11 ++++-------
194 files changed, 800 insertions(+), 1300 deletions(-)
diff --git a/secure/caroot/Makefile b/secure/caroot/Makefile
index 7f4f08991a85..e23384078e9b 100644
--- a/secure/caroot/Makefile
+++ b/secure/caroot/Makefile
@@ -6,12 +6,17 @@ SUBDIR+= blacklisted
.include <bsd.obj.mk>
+# Set this to an upstream hash or tag
+# https://hg-edge.mozilla.org/projects/nss/tags
+HGVER = e71e3de47d4ca7a3efa7c11096ab2e20ae71683e
+
# To be used by secteam@ to update the trusted certificates
fetchcerts: .PHONY
- fetch --no-sslv3 --no-tlsv1 -o certdata.txt 'https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt'
+ fetch --mirror -o certdata.txt 'https://hg-edge.mozilla.org/projects/nss/raw-file/${HGVER}/lib/ckfw/builtins/certdata.txt'
cleancerts: .PHONY
@${MAKE} -C ${.CURDIR}/trusted ${.TARGET}
+ @${MAKE} -C ${.CURDIR}/untrusted ${.TARGET}
updatecerts: .PHONY cleancerts fetchcerts
perl ${.CURDIR}/ca-extract.pl -i certdata.txt \
diff --git a/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem b/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem
index 12bb099e2312..5d7577fd66de 100644
--- a/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem
+++ b/secure/caroot/blacklisted/Camerfirma_Chambers_of_Commerce_Root.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -14,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root
+ Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
Validity
Not Before: Sep 30 16:13:43 2003 GMT
Not After : Sep 30 16:13:44 2037 GMT
- Subject: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root
+ Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
@@ -48,6 +47,7 @@ Certificate:
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.chambersign.org/chambersroot.crl
+
X509v3 Subject Key Identifier:
E3:94:F5:B1:4D:E9:DB:A1:29:5B:57:8B:4D:76:06:76:E1:D1:A2:8A
X509v3 Key Usage: critical
diff --git a/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem b/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem
index da95297880f6..43fd743fd716 100644
--- a/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem
+++ b/secure/caroot/blacklisted/Camerfirma_Global_Chambersign_Root.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -14,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Global Chambersign Root
+ Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
Validity
Not Before: Sep 30 16:14:18 2003 GMT
Not After : Sep 30 16:14:18 2037 GMT
- Subject: C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Global Chambersign Root
+ Subject: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
@@ -48,6 +47,7 @@ Certificate:
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.chambersign.org/chambersignroot.crl
+
X509v3 Subject Key Identifier:
43:9C:36:9F:B0:9E:30:4D:C6:CE:5F:AD:10:AB:E5:03:A5:FA:A9:14
X509v3 Key Usage: critical
diff --git a/secure/caroot/blacklisted/Certum_Root_CA.pem b/secure/caroot/blacklisted/Certum_Root_CA.pem
index 1df73e0c7336..8efb89ec7a92 100644
--- a/secure/caroot/blacklisted/Certum_Root_CA.pem
+++ b/secure/caroot/blacklisted/Certum_Root_CA.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -14,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 65568 (0x10020)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
+ Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
Validity
Not Before: Jun 11 10:46:39 2002 GMT
Not After : Jun 11 10:46:39 2027 GMT
- Subject: C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
+ Subject: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem b/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem
index b40288095005..0318e4ee3f43 100644
--- a/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem
+++ b/secure/caroot/blacklisted/Chambers_of_Commerce_Root_-_2008.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +14,11 @@ Certificate:
Serial Number:
a3:da:42:7e:a4:b1:ae:da
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
+ Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
Validity
Not Before: Aug 1 12:29:50 2008 GMT
Not After : Jul 31 12:29:50 2038 GMT
- Subject: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
+ Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem b/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem
index 81d66de7a736..81181370d67d 100644
--- a/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem
+++ b/secure/caroot/blacklisted/D-TRUST_Root_CA_3_2013.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -14,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1039788 (0xfddac)
Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
+ Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013
Validity
Not Before: Sep 20 08:25:51 2013 GMT
Not After : Sep 20 08:25:51 2028 GMT
- Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
+ Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
@@ -52,8 +51,10 @@ Certificate:
X509v3 CRL Distribution Points:
Full Name:
URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20CA%203%202013,O=D-Trust%20GmbH,C=DE?certificaterevocationlist
+
Full Name:
URI:http://crl.d-trust.net/crl/d-trust_root_ca_3_2013.crl
+
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0e:59:0e:58:e4:74:48:23:44:cf:34:21:b5:9c:14:1a:ad:9a:
diff --git a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem
index 80e67454926a..5c8e87176c7e 100644
--- a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem
+++ b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_ECC_v3.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -17,11 +14,11 @@ Certificate:
Serial Number:
26:46:19:77:31:e1:4f:6f:28:36:de:39:51:86:e6:d4:97:88:22:c1
Signature Algorithm: ecdsa-with-SHA384
- Issuer: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA ECC v3
+ Issuer: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3
Validity
Not Before: Mar 18 09:46:58 2020 GMT
Not After : Mar 12 09:46:58 2045 GMT
- Subject: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA ECC v3
+ Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
diff --git a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem
index fd076cdd2649..ce226f323f43 100644
--- a/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem
+++ b/secure/caroot/blacklisted/E-Tugra_Global_Root_CA_RSA_v3.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -17,11 +14,11 @@ Certificate:
Serial Number:
0d:4d:c5:cd:16:22:95:96:08:7e:b8:0b:7f:15:06:34:fb:79:10:34
Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA RSA v3
+ Issuer: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3
Validity
Not Before: Mar 18 09:07:17 2020 GMT
Not After : Mar 12 09:07:17 2045 GMT
- Subject: C = TR, L = Ankara, O = E-Tugra EBG A.S., OU = E-Tugra Trust Center, CN = E-Tugra Global Root CA RSA v3
+ Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/EC-ACC.pem b/secure/caroot/blacklisted/EC-ACC.pem
index f11ae64d3455..0605493d156e 100644
--- a/secure/caroot/blacklisted/EC-ACC.pem
+++ b/secure/caroot/blacklisted/EC-ACC.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +14,11 @@ Certificate:
Serial Number:
(Negative)11:d4:c2:14:2b:de:21:eb:57:9d:53:fb:0c:22:3b:ff
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC
+ Issuer: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
Validity
Not Before: Jan 7 23:00:00 2003 GMT
Not After : Jan 7 22:59:59 2031 GMT
- Subject: C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC
+ Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem b/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem
index 30c2b1c5ed73..9f6856fbd0f5 100644
--- a/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem
+++ b/secure/caroot/blacklisted/EE_Certification_Centre_Root_CA.pem
@@ -3,10 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -16,11 +14,11 @@ Certificate:
Serial Number:
54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee
+ Issuer: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, emailAddress=pki@sk.ee
Validity
Not Before: Oct 30 10:10:30 2010 GMT
Not After : Dec 17 23:59:59 2030 GMT
- Subject: C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee
+ Subject: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, emailAddress=pki@sk.ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem b/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem
index e17aaebf9803..5ba30652aca4 100644
--- a/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem
+++ b/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -17,11 +14,11 @@ Certificate:
Serial Number:
d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4
+ Issuer: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4
Validity
Not Before: May 27 11:11:16 2015 GMT
Not After : Dec 27 11:41:16 2037 GMT
- Subject: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4
+ Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2015 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem
index 67d394b17f9f..4556c986d502 100644
--- a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem
+++ b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority.pem
@@ -3,10 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -16,11 +14,11 @@ Certificate:
Serial Number:
18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
+ Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
Validity
Not Before: Nov 27 00:00:00 2006 GMT
Not After : Jul 16 23:59:59 2036 GMT
- Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
+ Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem
index 94efbdeb124e..a99362a2c2e0 100644
--- a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem
+++ b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G2.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +14,11 @@ Certificate:
Serial Number:
3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
Signature Algorithm: ecdsa-with-SHA384
- Issuer: C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
+ Issuer: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
Validity
Not Before: Nov 5 00:00:00 2007 GMT
Not After : Jan 18 23:59:59 2038 GMT
- Subject: C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
+ Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
diff --git a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem
index e39265fc0b60..86b2dba7f212 100644
--- a/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem
+++ b/secure/caroot/blacklisted/GeoTrust_Primary_Certification_Authority_-_G3.pem
@@ -3,10 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -16,11 +14,11 @@ Certificate:
Serial Number:
15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
+ Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
Validity
Not Before: Apr 2 00:00:00 2008 GMT
Not After : Dec 1 23:59:59 2037 GMT
- Subject: C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
+ Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem b/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem
index 5d998cfcedb2..26b4f726c4bc 100644
--- a/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem
+++ b/secure/caroot/blacklisted/GeoTrust_Universal_CA.pem
@@ -3,10 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
+ Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
Validity
Not Before: Mar 4 05:00:00 2004 GMT
Not After : Mar 4 05:00:00 2029 GMT
- Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
+ Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem b/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem
index 28c426e85fc4..8294fc4871fd 100644
--- a/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem
+++ b/secure/caroot/blacklisted/GeoTrust_Universal_CA_2.pem
@@ -3,10 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2
+ Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
Validity
Not Before: Mar 4 05:00:00 2004 GMT
Not After : Mar 4 05:00:00 2029 GMT
- Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2
+ Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem b/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem
index 463f8370396e..c0a22dbf307e 100644
--- a/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem
+++ b/secure/caroot/blacklisted/Global_Chambersign_Root_-_2008.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +14,11 @@ Certificate:
Serial Number:
c9:cd:d3:e9:d5:7d:23:ce
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
+ Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
Validity
Not Before: Aug 1 12:31:40 2008 GMT
Not After : Jul 31 12:31:40 2038 GMT
- Subject: C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
+ Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address), serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem b/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
index e283f2d4bd85..c8e73bc4d867 100644
--- a/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
+++ b/secure/caroot/blacklisted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -16,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011
+ Issuer: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
Validity
Not Before: Dec 6 13:49:52 2011 GMT
Not After : Dec 1 13:49:52 2031 GMT
- Subject: C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011
+ Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem b/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem
index 3c191046534d..fc3a0ccbd503 100644
--- a/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem
+++ b/secure/caroot/blacklisted/LuxTrust_Global_Root_2.pem
@@ -3,10 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -16,11 +14,11 @@ Certificate:
Serial Number:
0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2
+ Issuer: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2
Validity
Not Before: Mar 5 13:21:57 2015 GMT
Not After : Mar 5 13:21:57 2035 GMT
- Subject: C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2
+ Subject: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem b/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem
index 125b39985a76..9e5578fd21b0 100644
--- a/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem
+++ b/secure/caroot/blacklisted/Network_Solutions_Certificate_Authority.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -17,11 +14,11 @@ Certificate:
Serial Number:
57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority
+ Issuer: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Validity
Not Before: Dec 1 00:00:00 2006 GMT
Not After : Dec 31 23:59:59 2029 GMT
- Subject: C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority
+ Subject: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
@@ -55,6 +52,7 @@ Certificate:
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
+
Signature Algorithm: sha1WithRSAEncryption
Signature Value:
bb:ae:4b:e7:b7:57:eb:7f:aa:2d:b7:73:47:85:6a:c1:e4:a5:
diff --git a/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem b/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem
index 9b4db61fc2e8..3c7f5d613d9b 100644
--- a/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem
+++ b/secure/caroot/blacklisted/OISTE_WISeKey_Global_Root_GA_CA.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -15,11 +14,11 @@ Certificate:
Serial Number:
41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA
+ Issuer: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
Validity
Not Before: Dec 11 16:03:44 2005 GMT
Not After : Dec 11 16:09:51 2037 GMT
- Subject: C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA
+ Subject: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/SecureSign_RootCA11.pem b/secure/caroot/blacklisted/SecureSign_RootCA11.pem
index a7787e2814da..7cbbc1b2ccc0 100644
--- a/secure/caroot/blacklisted/SecureSign_RootCA11.pem
+++ b/secure/caroot/blacklisted/SecureSign_RootCA11.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -16,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
+ Issuer: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
Validity
Not Before: Apr 8 04:56:47 2009 GMT
Not After : Apr 8 04:56:47 2029 GMT
- Subject: C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
+ Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
diff --git a/secure/caroot/blacklisted/Security_Communication_RootCA3.pem b/secure/caroot/blacklisted/Security_Communication_RootCA3.pem
index 1355dddd6254..2f31e16660ab 100644
--- a/secure/caroot/blacklisted/Security_Communication_RootCA3.pem
+++ b/secure/caroot/blacklisted/Security_Communication_RootCA3.pem
@@ -3,11 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -17,11 +14,11 @@ Certificate:
Serial Number:
e1:7c:37:40:fd:1b:fe:67
Signature Algorithm: sha384WithRSAEncryption
- Issuer: C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = Security Communication RootCA3
+ Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3
Validity
Not Before: Jun 16 06:17:16 2016 GMT
Not After : Jan 18 06:17:16 2038 GMT
- Subject: C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = Security Communication RootCA3
+ Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
diff --git a/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem b/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem
index 711c05660312..e5fa6b4b265f 100644
--- a/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem
+++ b/secure/caroot/blacklisted/Staat_der_Nederlanden_Root_CA_-_G3.pem
@@ -3,9 +3,8 @@
##
## This is a single X.509 certificate for a public Certificate
## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
+## root CA list (the file `certdata.txt' in security/nss)
+## licensed under the MPL 2.0, http://mozilla.org/MPL/2.0/.
##
## @generated
##
@@ -14,11 +13,11 @@ Certificate:
Version: 3 (0x2)
Serial Number: 10003001 (0x98a239)
Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3
*** 5540 LINES SKIPPED ***