path: root/blacklist.txt


                                                                           
# One blacklist entry per line, corresponding to the label in certdata.txt.

# Blacklist explicitly distrusted certificates
# They were already to-be-excluded since they are distrusted, but this
# silences the loud warning they produce.
"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
"Explicitly Distrust DigiNotar Root CA"
"Explicitly Distrusted DigiNotar PKIoverheid G2"
"MITM subCA 1 issued by Trustwave"
"MITM subCA 2 issued by Trustwave"
"TURKTRUST Mis-issued Intermediate CA 1"
"TURKTRUST Mis-issued Intermediate CA 2"

# Distrusted Symantec Root CAs:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289
"GeoTrust Global CA"
"GeoTrust Primary Certification Authority"
"GeoTrust Primary Certification Authority - G2"
"GeoTrust Primary Certification Authority - G3"
"GeoTrust Universal CA"
"Thawte Premium Server CA"
"thawte Primary Root CA"
"thawte Primary Root CA - G2"
"thawte Primary Root CA - G3"
"Symantec Class 1 Public Primary Certification Authority - G4"
"Symantec Class 1 Public Primary Certification Authority - G6"
"Symantec Class 2 Public Primary Certification Authority - G4"
"Symantec Class 2 Public Primary Certification Authority - G6"
"Symantec Class 3 Public Primary Certification Authority - G4"
"Symantec Class 3 Public Primary Certification Authority - G6"
"VeriSign Class 1 Public Primary Certification Authority - G3"
"VeriSign Class 2 Public Primary Certification Authority - G3"
"VeriSign Class 3 Public Primary Certification Authority - G3"
"VeriSign Class 3 Public Primary Certification Authority - G4"
"VeriSign Class 3 Public Primary Certification Authority - G5"
"VeriSign Universal Root Certification Authority"
# One blacklist entry per line, corresponding to the label in certdata.txt.

# Blacklist explicitly distrusted certificates
# They were already to-be-excluded since they are distrusted, but this
# silences the loud warning they produce.
"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
"Explicitly Distrust DigiNotar Root CA"
"Explicitly Distrusted DigiNotar PKIoverheid G2"
"MITM subCA 1 issued by Trustwave"
"MITM subCA 2 issued by Trustwave"
"TURKTRUST Mis-issued Intermediate CA 1"
"TURKTRUST Mis-issued Intermediate CA 2"

# Distrusted Symantec Root CAs:
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289
"GeoTrust Global CA"
"GeoTrust Primary Certification Authority"
"GeoTrust Primary Certification Authority - G2"
"GeoTrust Primary Certification Authority - G3"
"GeoTrust Universal CA"
"Thawte Premium Server CA"
"thawte Primary Root CA"
"thawte Primary Root CA - G2"
"thawte Primary Root CA - G3"
"Symantec Class 1 Public Primary Certification Authority - G4"
"Symantec Class 1 Public Primary Certification Authority - G6"
"Symantec Class 2 Public Primary Certification Authority - G4"
"Symantec Class 2 Public Primary Certification Authority - G6"
"Symantec Class 3 Public Primary Certification Authority - G4"
"Symantec Class 3 Public Primary Certification Authority - G6"
"VeriSign Class 1 Public Primary Certification Authority - G3"
"VeriSign Class 2 Public Primary Certification Authority - G3"
"VeriSign Class 3 Public Primary Certification Authority - G3"
"VeriSign Class 3 Public Primary Certification Authority - G4"
"VeriSign Class 3 Public Primary Certification Authority - G5"
"VeriSign Universal Root Certification Authority"