From a27f45644970531365ec75fb7958b8613d99ff3c Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Mon, 20 Mar 2017 12:28:55 -0700 Subject: Remove email-only roots from mozilla trust store These roots are trusted in the Mozilla program only for S/MIME, so should not be included in ca-certificates, which most applications use to validate TLS certificates. Per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721976, the only MUAs that depend on or suggest ca-certificates are Mutt and Sylpheed. Sylpheed doesn't use ca-certificates for S/MIME. Mutt does, but I think it is still safe to remove thes because: (a) S/MIME is relatively uncommon, and (b) The CAs that have both TLS and S/MIME bits will continue to work, and (c) Nearly all of the 12 removed email-only CAs have ceased operation of their email certificate services Verisign Class 1 Public Primary Certification Authority - G3 Verisign Class 2 Public Primary Certification Authority - G3 UTN USERFirst Email Root CA SwissSign Platinum CA - G2 AC Raiz Certicamara S.A. TC TrustCenter Class 3 CA II ComSign CA S-TRUST Universal Root CA Symantec Class 1 Public Primary Certification Authority - G6 Symantec Class 2 Public Primary Certification Authority - G6 Symantec Class 1 Public Primary Certification Authority - G4 Symantec Class 2 Public Primary Certification Authority - G4 --- certdata2pem.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/certdata2pem.py b/certdata2pem.py index f91422b..0b02b2a 100644 --- a/certdata2pem.py +++ b/certdata2pem.py @@ -104,8 +104,6 @@ for obj in objects: print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED': print('!'*74) print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) -- cgit v1.2.3-70-g09d2 From af90437eea53307a02f20ba4b97a64d8d8d15b80 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:14:33 -0500 Subject: Update Mozilla CA bundle to 2.40 (nss 2.53) --- certdata.txt | 2424 ++++++++++++++++++++++++++++------------------------------ 1 file changed, 1153 insertions(+), 1271 deletions(-) diff --git a/certdata.txt b/certdata.txt index 53fddef..ea14926 100644 --- a/certdata.txt +++ b/certdata.txt @@ -13,19 +13,21 @@ # # Certificates # -# -- Attribute -- -- type -- -- value -- -# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -# CKA_TOKEN CK_BBOOL CK_TRUE -# CKA_PRIVATE CK_BBOOL CK_FALSE -# CKA_MODIFIABLE CK_BBOOL CK_FALSE -# CKA_LABEL UTF8 (varies) -# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -# CKA_SUBJECT DER+base64 (varies) -# CKA_ID byte array (varies) -# CKA_ISSUER DER+base64 (varies) -# CKA_SERIAL_NUMBER DER+base64 (varies) -# CKA_VALUE DER+base64 (varies) -# CKA_NSS_EMAIL ASCII7 (unused here) +# -- Attribute -- -- type -- -- value -- +# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +# CKA_TOKEN CK_BBOOL CK_TRUE +# CKA_PRIVATE CK_BBOOL CK_FALSE +# CKA_MODIFIABLE CK_BBOOL CK_FALSE +# CKA_LABEL UTF8 (varies) +# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +# CKA_SUBJECT DER+base64 (varies) +# CKA_ID byte array (varies) +# CKA_ISSUER DER+base64 (varies) +# CKA_SERIAL_NUMBER DER+base64 (varies) +# CKA_VALUE DER+base64 (varies) +# CKA_NSS_EMAIL ASCII7 (unused here) +# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies) +# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies) # # Trust # @@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL \125\342\374\110\311\051\046\151\340 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA" # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE @@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL \152\374\176\102\070\100\144\022\367\236\201\341\223\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA - R2" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2 @@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL \113\336\006\226\161\054\362\333\266\037\244\357\077\356 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL \311\130\020\371\252\357\132\266\317\113\113\337\052 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -784,6 +794,8 @@ CKA_VALUE MULTILINE_OCTAL \153\271\012\172\116\117\113\204\356\113\361\175\335\021 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -1059,6 +1071,8 @@ CKA_VALUE MULTILINE_OCTAL \174\136\232\166\351\131\220\305\174\203\065\021\145\121 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust.net Premium 2048 Secure Server CA" # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net @@ -1197,6 +1211,8 @@ CKA_VALUE MULTILINE_OCTAL \347\201\035\031\303\044\102\352\143\071\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Baltimore CyberTrust Root" # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE @@ -1341,6 +1357,8 @@ CKA_VALUE MULTILINE_OCTAL \065\341\035\026\034\320\274\053\216\326\161\331 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AddTrust Low-Value Services Root" # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE @@ -1490,6 +1508,8 @@ CKA_VALUE MULTILINE_OCTAL \027\132\173\320\274\307\217\116\206\004 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AddTrust External Root" # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE @@ -1654,6 +1674,8 @@ CKA_VALUE MULTILINE_OCTAL \036\177\132\264\074 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Entrust Root Certification Authority" # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US @@ -1788,6 +1810,11 @@ CKA_VALUE MULTILINE_OCTAL \302\005\146\200\241\313\346\063 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Wed Jan 01 00:00:00 2020 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\060\060\061\060\061\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Global CA" # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US @@ -1948,6 +1975,11 @@ CKA_VALUE MULTILINE_OCTAL \244\346\216\330\371\051\110\212\316\163\376\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Sun Sep 30 00:00:00 2018 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\070\060\071\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA" # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US @@ -2108,6 +2140,11 @@ CKA_VALUE MULTILINE_OCTAL \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Wed Jan 01 00:00:00 2020 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\060\060\061\060\061\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Universal CA 2" # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US @@ -2228,6 +2265,8 @@ CKA_VALUE MULTILINE_OCTAL \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certum Root CA" # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL @@ -2374,6 +2413,8 @@ CKA_VALUE MULTILINE_OCTAL \225\351\066\226\230\156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Comodo AAA Services root" # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -2552,6 +2593,8 @@ CKA_VALUE MULTILINE_OCTAL \112\164\066\371 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA" # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM @@ -2721,6 +2764,8 @@ CKA_VALUE MULTILINE_OCTAL \020\005\145\325\202\020\352\302\061\315\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA 2" # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM @@ -2901,6 +2946,8 @@ CKA_VALUE MULTILINE_OCTAL \332 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "QuoVadis Root CA 3" # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM @@ -3030,6 +3077,8 @@ CKA_VALUE MULTILINE_OCTAL \057\317\246\356\311\160\042\024\275\375\276\154\013\003 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Security Communication Root CA" # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP @@ -3153,6 +3202,8 @@ CKA_VALUE MULTILINE_OCTAL \160\254\337\114 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Sonera Class 2 Root CA" # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI @@ -3188,177 +3239,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "UTN USERFirst Email Root CA" -# -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104 -\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201 -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013 -\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006 -\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040 -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124 -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164 -\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150 -\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162 -\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003 -\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055 -\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143 -\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060 -\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132 -\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060 -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025 -\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145 -\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025 -\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145 -\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030 -\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164 -\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004 -\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164 -\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151 -\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154 -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001 -\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301 -\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230 -\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322 -\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275 -\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362 -\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240 -\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245 -\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147 -\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013 -\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346 -\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274 -\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327 -\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214 -\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323 -\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370 -\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054 -\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003 -\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023 -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035 -\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264 -\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037 -\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160 -\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164 -\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162 -\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056 -\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010 -\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007 -\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112 -\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356 -\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040 -\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126 -\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264 -\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327 -\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057 -\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320 -\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233 -\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003 -\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246 -\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254 -\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174 -\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044 -\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266 -\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303 -\005\323\312\003\112\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "UTN USERFirst Email Root CA" -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89 -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US -# Not Valid Before: Fri Jul 09 17:28:50 1999 -# Not Valid After : Tue Jul 09 17:36:58 2019 -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7 -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "UTN USERFirst Email Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152 -\104\143\166\212 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367 -END -CKA_ISSUER MULTILINE_OCTAL -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060 -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153 -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023 -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116 -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023 -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162 -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125 -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163 -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164 -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151 -\154 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147 -\311\211 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Camerfirma Chambers of Commerce Root" # @@ -3481,6 +3361,8 @@ CKA_VALUE MULTILINE_OCTAL \334 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Camerfirma Chambers of Commerce Root" # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3641,6 +3523,8 @@ CKA_VALUE MULTILINE_OCTAL \166\135\165\220\032\365\046\217\360 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Camerfirma Global Chambersign Root" # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU @@ -3794,6 +3678,8 @@ CKA_VALUE MULTILINE_OCTAL \264\003\045\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "XRamp Global CA Root" # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US @@ -3941,6 +3827,8 @@ CKA_VALUE MULTILINE_OCTAL \177\333\275\237 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Go Daddy Class 2 CA" # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US @@ -4086,6 +3974,8 @@ CKA_VALUE MULTILINE_OCTAL \037\027\224 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Class 2 CA" # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US @@ -4250,6 +4140,11 @@ CKA_VALUE MULTILINE_OCTAL \245\206\054\174\364\022 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Thu Sep 19 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\071\061\071\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Taiwan GRCA" # Issuer: O=Government Root Certification Authority,C=TW @@ -4389,6 +4284,8 @@ CKA_VALUE MULTILINE_OCTAL \346\120\262\247\372\012\105\057\242\360\362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert Assured ID Root CA" # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4530,6 +4427,8 @@ CKA_VALUE MULTILINE_OCTAL \225\155\336 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert Global Root CA" # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4672,6 +4571,8 @@ CKA_VALUE MULTILINE_OCTAL \370\351\056\023\243\167\350\037\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DigiCert High Assurance EV Root CA" # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -4711,136 +4612,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certplus Class 2 Primary CA" -# -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000 -\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021 -\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165 -\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163 -\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036 -\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027 -\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075 -\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060 -\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163 -\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163 -\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001 -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000 -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120 -\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317 -\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103 -\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221 -\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154 -\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063 -\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213 -\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171 -\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337 -\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235 -\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140 -\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276 -\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254 -\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162 -\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311 -\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064 -\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003 -\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023 -\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035 -\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026 -\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171 -\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370 -\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037 -\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160 -\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056 -\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143 -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177 -\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104 -\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333 -\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174 -\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076 -\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233 -\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021 -\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006 -\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100 -\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000 -\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157 -\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330 -\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201 -\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366 -\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056 -\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273 -\227\277\242\216\264\124 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Certplus Class 2 Primary CA" -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR -# Not Valid Before: Wed Jul 07 17:05:00 1999 -# Not Valid After : Sat Jul 06 23:59:59 2019 -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certplus Class 2 Primary CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302 -\201\222\342\273 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013 -END -CKA_ISSUER MULTILINE_OCTAL -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154 -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141 -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303 -\245\104\043 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "DST Root CA X3" # @@ -4932,6 +4703,8 @@ CKA_VALUE MULTILINE_OCTAL \013\004\216\007\333\051\266\012\356\235\202\065\065\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "DST Root CA X3" # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. @@ -5099,6 +4872,8 @@ CKA_VALUE MULTILINE_OCTAL \205\206\171\145\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Platinum CA - G2" # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH @@ -5264,6 +5039,8 @@ CKA_VALUE MULTILINE_OCTAL \111\044\133\311\260\320\127\301\372\076\172\341\227\311 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Gold CA - G2" # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH @@ -5430,6 +5207,8 @@ CKA_VALUE MULTILINE_OCTAL \156 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SwissSign Silver CA - G2" # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH @@ -5562,6 +5341,11 @@ CKA_VALUE MULTILINE_OCTAL \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority" # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US @@ -5717,6 +5501,11 @@ CKA_VALUE MULTILINE_OCTAL \215\126\214\150 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA" # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -5892,6 +5681,11 @@ CKA_VALUE MULTILINE_OCTAL \254\021\326\250\355\143\152 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -6035,6 +5829,8 @@ CKA_VALUE MULTILINE_OCTAL \113\035\236\054\302\270\150\274\355\002\356\061 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SecureTrust CA" # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US @@ -6170,6 +5966,8 @@ CKA_VALUE MULTILINE_OCTAL \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Secure Global CA" # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US @@ -6320,6 +6118,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "COMODO Certification Authority" # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6466,6 +6266,8 @@ CKA_VALUE MULTILINE_OCTAL \244\140\114\260\125\240\240\173\127\262 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Network Solutions Certificate Authority" # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US @@ -6592,6 +6394,8 @@ CKA_VALUE MULTILINE_OCTAL \334\335\363\377\035\054\072\026\127\331\222\071\326 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "COMODO ECC Certification Authority" # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -6743,6 +6547,8 @@ CKA_VALUE MULTILINE_OCTAL \374\276\337\012\015 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "OISTE WISeKey Global Root GA CA" # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH @@ -6878,6 +6684,8 @@ CKA_VALUE MULTILINE_OCTAL \300\226\130\057\352\273\106\327\273\344\331\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certigna" # Issuer: CN=Certigna,O=Dhimyotis,C=FR @@ -6913,147 +6721,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Deutsche Telekom Root CA 2" -# -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046 -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060 -\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034 -\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035 -\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143 -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060 -\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145 -\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101 -\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061 -\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060 -\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104 -\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164 -\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061 -\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145 -\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162 -\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163 -\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164 -\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001 -\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024 -\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225 -\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245 -\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102 -\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053 -\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320 -\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053 -\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110 -\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006 -\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122 -\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062 -\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206 -\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034 -\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310 -\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322 -\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007 -\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060 -\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365 -\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017 -\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060 -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202 -\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303 -\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211 -\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051 -\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037 -\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330 -\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132 -\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240 -\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236 -\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345 -\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020 -\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124 -\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376 -\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257 -\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143 -\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224 -\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005 -\126\144\127 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Deutsche Telekom Root CA 2" -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Serial Number: 38 (0x26) -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE -# Not Valid Before: Fri Jul 09 12:11:00 1999 -# Not Valid After : Tue Jul 09 23:59:00 2019 -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08 -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375 -\214\336\067\277 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010 -END -CKA_ISSUER MULTILINE_OCTAL -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061 -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143 -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060 -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145 -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043 -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150 -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103 -\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\046 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Cybertrust Global Root" # @@ -7148,6 +6815,8 @@ CKA_VALUE MULTILINE_OCTAL \246\210\070\316\125 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Cybertrust Global Root" # Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc" @@ -7315,6 +6984,8 @@ CKA_VALUE MULTILINE_OCTAL \201\370\021\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "ePKI Root Certification Authority" # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW @@ -7440,6 +7111,8 @@ CKA_VALUE MULTILINE_OCTAL \366\356\260\132\116\111\104\124\130\137\102\203 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "certSIGN ROOT CA" # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO @@ -7588,6 +7261,11 @@ CKA_VALUE MULTILINE_OCTAL \021\055 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority - G3" # Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US @@ -7717,6 +7395,11 @@ CKA_VALUE MULTILINE_OCTAL \367\130\077\056\162\002\127\243\217\241\024\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Sun Sep 30 00:00:00 2018 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\070\060\071\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA - G2" # Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US @@ -7877,6 +7560,11 @@ CKA_VALUE MULTILINE_OCTAL \061\324\100\032\142\064\066\077\065\001\256\254\143\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "thawte Primary Root CA - G3" # Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US @@ -8013,6 +7701,11 @@ CKA_VALUE MULTILINE_OCTAL \017\212 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Wed Jan 01 00:00:00 2020 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\060\060\061\060\061\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GeoTrust Primary Certification Authority - G2" # Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US @@ -8183,6 +7876,11 @@ CKA_VALUE MULTILINE_OCTAL \354\315\202\141\361\070\346\117\227\230\052\132\215 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Tue Apr 30 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\064\063\060\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Universal Root Certification Authority" # Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -8338,6 +8036,11 @@ CKA_VALUE MULTILINE_OCTAL \055\247\330\206\052\335\056\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Thu Jan 31 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\060\061\063\061\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US @@ -8498,6 +8201,8 @@ CKA_VALUE MULTILINE_OCTAL \330\316\304\143\165\077\131\107\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány" # Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU @@ -8672,6 +8377,8 @@ CKA_VALUE MULTILINE_OCTAL \370\161\012\334\271\374\175\062\140\346\353\257\212\001 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Staat der Nederlanden Root CA - G2" # Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL @@ -8798,6 +8505,8 @@ CKA_VALUE MULTILINE_OCTAL \002\153\331\132 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Hongkong Post Root CA 1" # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK @@ -8929,6 +8638,8 @@ CKA_VALUE MULTILINE_OCTAL \362 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "SecureSign RootCA11" # Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP @@ -9076,6 +8787,8 @@ CKA_VALUE MULTILINE_OCTAL \202\042\055\172\124\253\160\303\175\042\145\202\160\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Microsec e-Szigno Root CA 2009" # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU @@ -9208,6 +8921,8 @@ CKA_VALUE MULTILINE_OCTAL \130\077\137 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "GlobalSign Root CA - R3" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3 @@ -9381,6 +9096,8 @@ CKA_VALUE MULTILINE_OCTAL \156\117\022\176\012\074\235\225 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES @@ -9550,6 +9267,8 @@ CKA_VALUE MULTILINE_OCTAL \333\374\046\210\307 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Izenpe.com" # Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES @@ -9755,6 +9474,8 @@ CKA_VALUE MULTILINE_OCTAL \167\110\320 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Chambers of Commerce Root - 2008" # Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU @@ -9964,6 +9685,8 @@ CKA_VALUE MULTILINE_OCTAL \351\233\256\325\124\300\164\200\321\013\102\237\301 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Global Chambersign Root - 2008" # Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU @@ -10112,6 +9835,8 @@ CKA_VALUE MULTILINE_OCTAL \342\342\104\276\134\367\352\034\365 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Go Daddy Root Certificate Authority - G2" # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10262,6 +9987,8 @@ CKA_VALUE MULTILINE_OCTAL \364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Root Certificate Authority - G2" # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10414,6 +10141,8 @@ CKA_VALUE MULTILINE_OCTAL \261\050\272 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Starfield Services Root Certificate Authority - G2" # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US @@ -10545,6 +10274,8 @@ CKA_VALUE MULTILINE_OCTAL \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Commercial" # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US @@ -10671,6 +10402,8 @@ CKA_VALUE MULTILINE_OCTAL \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Networking" # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US @@ -10829,6 +10562,8 @@ CKA_VALUE MULTILINE_OCTAL \051\340\266\270\011\150\031\034\030\103 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Premium" # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US @@ -10935,6 +10670,8 @@ CKA_VALUE MULTILINE_OCTAL \214\171 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "AffirmTrust Premium ECC" # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US @@ -11074,6 +10811,8 @@ CKA_VALUE MULTILINE_OCTAL \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Certum Trusted Network CA" # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -11210,6 +10949,8 @@ CKA_VALUE MULTILINE_OCTAL \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "TWCA Root Certification Authority" # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW @@ -11693,6 +11434,8 @@ CKA_VALUE MULTILINE_OCTAL \201\050\174\247\175\047\353\000\256\215\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Security Communication RootCA2" # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP @@ -11876,6 +11619,11 @@ CKA_VALUE MULTILINE_OCTAL \371\210\075\176\270\157\156\003\344\102 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Sat Dec 28 00:00:00 2019 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\071\061\062\062\070\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "EC-ACC" # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES @@ -12039,6 +11787,8 @@ CKA_VALUE MULTILINE_OCTAL \113\321\047\327\270 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR @@ -12275,6 +12025,8 @@ CKA_VALUE MULTILINE_OCTAL \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Actalis Authentication Root CA" # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT @@ -12406,6 +12158,8 @@ CKA_VALUE MULTILINE_OCTAL \145\353\127\331\363\127\226\273\110\315\201 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Trustis FPS Root CA" # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB @@ -12566,6 +12320,8 @@ CKA_VALUE MULTILINE_OCTAL \327\201\011\361\311\307\046\015\254\230\026\126\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Buypass Class 2 Root CA" # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO @@ -12725,6 +12481,8 @@ CKA_VALUE MULTILINE_OCTAL \061\356\006\274\163\277\023\142\012\237\307\271\227 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Buypass Class 3 Root CA" # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO @@ -12867,6 +12625,8 @@ CKA_VALUE MULTILINE_OCTAL \116\223\303\244\124\024\133 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "T-TeleSec GlobalRoot Class 3" # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -13016,6 +12776,11 @@ CKA_VALUE MULTILINE_OCTAL \307\314\165\301\226\305\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +# For Server Distrust After: Fri Sep 01 00:00:00 2017 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\061\067\060\071\060\061\060\060\060\060\060\060\132 +END +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "EE Certification Centre Root CA" # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE @@ -13229,6 +12994,8 @@ CKA_VALUE MULTILINE_OCTAL \164\145\327\134\376\243\342 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root Class 3 CA 2 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE @@ -13373,6 +13140,8 @@ CKA_VALUE MULTILINE_OCTAL \352\237\026\361\054\124\265 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root Class 3 CA 2 EV 2009" # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE @@ -13410,181 +13179,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Swisscom Root CA 2" -# -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036 -\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060 -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144 -\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060 -\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155 -\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164 -\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123 -\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003 -\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040 -\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070 -\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063 -\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023 -\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167 -\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023 -\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151 -\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060 -\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155 -\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015 -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 -\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235 -\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053 -\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100 -\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030 -\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253 -\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312 -\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226 -\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137 -\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225 -\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333 -\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117 -\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370 -\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052 -\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205 -\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001 -\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266 -\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300 -\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140 -\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377 -\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113 -\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071 -\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156 -\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364 -\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062 -\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216 -\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013 -\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026 -\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215 -\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141 -\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337 -\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374 -\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020 -\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001 -\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377 -\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060 -\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205 -\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004 -\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016 -\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157 -\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004 -\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241 -\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110 -\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262 -\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021 -\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023 -\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312 -\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357 -\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175 -\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036 -\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110 -\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303 -\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013 -\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161 -\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164 -\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272 -\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357 -\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257 -\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131 -\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023 -\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042 -\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273 -\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147 -\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230 -\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125 -\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126 -\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005 -\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320 -\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215 -\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114 -\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164 -\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166 -\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335 -\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224 -\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071 -\301\053\022\236\246\236\033\305\346\016\331\061\331 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Swisscom Root CA 2" -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6 -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch -# Not Valid Before: Fri Jun 24 08:38:14 2011 -# Not Valid After : Wed Jun 25 07:38:14 2031 -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19 -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Swisscom Root CA 2" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225 -\112\212\101\354 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031 -END -CKA_ISSUER MULTILINE_OCTAL -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061 -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143 -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147 -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145 -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125 -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157 -\164\040\103\101\040\062 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030 -\147\266 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "CA Disig Root R2" # @@ -13711,6 +13305,8 @@ CKA_VALUE MULTILINE_OCTAL \363\154\033\165\106\243\345\112\027\351\244\327\013 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "CA Disig Root R2" # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK @@ -13911,6 +13507,8 @@ CKA_VALUE MULTILINE_OCTAL \125\064\106\052\213\206\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "ACCVRAIZ1" # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1 @@ -14071,6 +13669,8 @@ CKA_VALUE MULTILINE_OCTAL \053\006\320\004\315 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TWCA Global Root CA" # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW @@ -14228,6 +13828,8 @@ CKA_VALUE MULTILINE_OCTAL \245\240\314\277\323\366\165\244\165\226\155\126 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TeliaSonera Root CA v1" # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera @@ -14416,6 +14018,8 @@ CKA_VALUE MULTILINE_OCTAL \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "E-Tugra Certification Authority" # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR @@ -14565,6 +14169,8 @@ CKA_VALUE MULTILINE_OCTAL \005\047\216\023\241\156\302 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "T-TeleSec GlobalRoot Class 2" # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE @@ -14696,6 +14302,8 @@ CKA_VALUE MULTILINE_OCTAL \035\362\376\011\021\260\360\207\173\247\235 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Atos TrustedRoot 2011" # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011 @@ -14856,6 +14464,8 @@ CKA_VALUE MULTILINE_OCTAL \063\140\345\303 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 1 G3" # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM @@ -15018,6 +14628,8 @@ CKA_VALUE MULTILINE_OCTAL \203\336\177\214 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 2 G3" # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM @@ -15180,6 +14792,8 @@ CKA_VALUE MULTILINE_OCTAL \130\371\230\364 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "QuoVadis Root CA 3 G3" # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM @@ -15317,6 +14931,8 @@ CKA_VALUE MULTILINE_OCTAL \042\023\163\154\317\046\365\212\051\347 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Assured ID Root G2" # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15435,6 +15051,8 @@ CKA_VALUE MULTILINE_OCTAL \352\226\143\152\145\105\222\225\001\264 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Assured ID Root G3" # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15574,6 +15192,8 @@ CKA_VALUE MULTILINE_OCTAL \062\266 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Global Root G2" # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15692,6 +15312,8 @@ CKA_VALUE MULTILINE_OCTAL \263\047\027 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Global Root G3" # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -15863,6 +15485,8 @@ CKA_VALUE MULTILINE_OCTAL \317\363\146\176 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "DigiCert Trusted Root G4" # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US @@ -16042,6 +15666,8 @@ CKA_VALUE MULTILINE_OCTAL \065\123\205\006\112\135\237\255\273\033\137\164 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "COMODO RSA Certification Authority" # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB @@ -16224,6 +15850,8 @@ CKA_VALUE MULTILINE_OCTAL \250\375 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "USERTrust RSA Certification Authority" # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -16353,6 +15981,8 @@ CKA_VALUE MULTILINE_OCTAL \127\152\030 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "USERTrust ECC Certification Authority" # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US @@ -16465,6 +16095,8 @@ CKA_VALUE MULTILINE_OCTAL \173\013\370\237\204 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign ECC Root CA - R4" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4 @@ -16578,6 +16210,8 @@ CKA_VALUE MULTILINE_OCTAL \220\067 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign ECC Root CA - R5" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5 @@ -16743,6 +16377,8 @@ CKA_VALUE MULTILINE_OCTAL \367\200\173\041\147\047\060\131 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Staat der Nederlanden Root CA - G3" # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL @@ -16907,6 +16543,8 @@ CKA_VALUE MULTILINE_OCTAL \356\354\327\056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Staat der Nederlanden EV Root CA" # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL @@ -17069,6 +16707,8 @@ CKA_VALUE MULTILINE_OCTAL \272\204\156\207 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "IdenTrust Commercial Root CA 1" # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US @@ -17231,6 +16871,8 @@ CKA_VALUE MULTILINE_OCTAL \267\254\266\255\267\312\076\001\357\234 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "IdenTrust Public Sector Root CA 1" # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US @@ -17390,6 +17032,8 @@ CKA_VALUE MULTILINE_OCTAL \105\366 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust Root Certification Authority - G2" # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -17535,6 +17179,8 @@ CKA_VALUE MULTILINE_OCTAL \231\267\046\101\133\045\140\256\320\110\032\356\006 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Entrust Root Certification Authority - EC1" # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US @@ -17708,6 +17354,8 @@ CKA_VALUE MULTILINE_OCTAL \056 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "CFCA EV ROOT" # Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN @@ -17745,172 +17393,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Certinomis - Root CA" -# -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\005\222\060\202\003\172\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 -\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023 -\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157 -\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060 -\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060\033 -\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155\151 -\163\040\055\040\122\157\157\164\040\103\101\060\036\027\015\061 -\063\061\060\062\061\060\071\061\067\061\070\132\027\015\063\063 -\061\060\062\061\060\071\061\067\061\070\132\060\132\061\013\060 -\011\006\003\125\004\006\023\002\106\122\061\023\060\021\006\003 -\125\004\012\023\012\103\145\162\164\151\156\157\155\151\163\061 -\027\060\025\006\003\125\004\013\023\016\060\060\060\062\040\064 -\063\063\071\071\070\071\060\063\061\035\060\033\006\003\125\004 -\003\023\024\103\145\162\164\151\156\157\155\151\163\040\055\040 -\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052 -\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060 -\202\002\012\002\202\002\001\000\324\314\011\012\054\077\222\366 -\177\024\236\013\234\232\152\035\100\060\144\375\252\337\016\036 -\006\133\237\120\205\352\315\215\253\103\147\336\260\372\176\200 -\226\236\204\170\222\110\326\343\071\356\316\344\131\130\227\345 -\056\047\230\352\223\250\167\233\112\360\357\164\200\055\353\060 -\037\265\331\307\200\234\142\047\221\210\360\112\211\335\334\210 -\346\024\371\325\003\057\377\225\333\275\237\354\054\372\024\025 -\131\225\012\306\107\174\151\030\271\247\003\371\312\166\251\317 -\307\157\264\136\005\376\356\301\122\262\165\062\207\354\355\051 -\146\073\363\112\026\202\366\326\232\333\162\230\351\336\360\305 -\114\245\253\265\352\001\342\214\056\144\177\144\157\375\243\045 -\223\213\310\242\016\111\215\064\360\037\354\130\105\056\064\252 -\204\120\275\347\262\112\023\270\260\017\256\070\135\260\251\033 -\346\163\311\132\241\331\146\100\252\251\115\246\064\002\255\204 -\176\262\043\301\373\052\306\147\364\064\266\260\225\152\063\117 -\161\104\265\255\300\171\063\210\340\277\355\243\240\024\264\234 -\011\260\012\343\140\276\370\370\146\210\315\133\361\167\005\340 -\265\163\156\301\175\106\056\216\113\047\246\315\065\012\375\345 -\115\175\252\052\243\051\307\132\150\004\350\345\326\223\244\142 -\302\305\346\364\117\306\371\237\032\215\202\111\031\212\312\131 -\103\072\350\015\062\301\364\114\023\003\157\156\246\077\221\163 -\313\312\163\157\022\040\213\356\300\202\170\336\113\056\302\111 -\303\035\355\026\366\044\364\047\033\134\127\061\334\125\356\250 -\036\157\154\254\342\105\314\127\127\212\165\127\031\340\265\130 -\231\111\066\061\074\063\001\155\026\112\315\270\052\203\204\206 -\233\371\140\322\037\155\221\003\323\140\246\325\075\232\335\167 -\220\075\065\244\237\017\136\365\122\104\151\271\300\272\334\317 -\175\337\174\331\304\254\206\042\062\274\173\153\221\357\172\370 -\027\150\260\342\123\125\140\055\257\076\302\203\330\331\011\053 -\360\300\144\333\207\213\221\314\221\353\004\375\166\264\225\232 -\346\024\006\033\325\064\035\276\330\377\164\034\123\205\231\340 -\131\122\112\141\355\210\236\153\111\211\106\176\040\132\331\347 -\112\345\152\356\322\145\021\103\002\003\001\000\001\243\143\060 -\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001 -\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 -\001\377\060\035\006\003\125\035\016\004\026\004\024\357\221\114 -\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170\164 -\331\060\037\006\003\125\035\043\004\030\060\026\200\024\357\221 -\114\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170 -\164\331\060\015\006\011\052\206\110\206\367\015\001\001\013\005 -\000\003\202\002\001\000\176\075\124\332\042\135\032\130\076\073 -\124\047\272\272\314\310\343\032\152\352\076\371\022\353\126\137 -\075\120\316\340\352\110\046\046\317\171\126\176\221\034\231\077 -\320\241\221\034\054\017\117\230\225\131\123\275\320\042\330\210 -\135\234\067\374\373\144\301\170\214\213\232\140\011\352\325\372 -\041\137\320\164\145\347\120\305\277\056\271\013\013\255\265\260 -\027\246\022\214\324\142\170\352\126\152\354\012\322\100\303\074 -\005\060\076\115\224\267\237\112\003\323\175\047\113\266\376\104 -\316\372\031\063\032\155\244\102\321\335\314\310\310\327\026\122 -\203\117\065\224\263\022\125\175\345\342\102\353\344\234\223\011 -\300\114\133\007\253\307\155\021\240\120\027\224\043\250\265\012 -\222\017\262\172\301\140\054\070\314\032\246\133\377\362\014\343 -\252\037\034\334\270\240\223\047\336\143\343\177\041\237\072\345 -\236\372\340\023\152\165\353\226\134\142\221\224\216\147\123\266 -\211\370\022\011\313\157\122\133\003\162\206\120\225\010\324\215 -\207\206\025\037\225\044\330\244\157\232\316\244\235\233\155\322 -\262\166\006\206\306\126\010\305\353\011\332\066\302\033\133\101 -\276\141\052\343\160\346\270\246\370\266\132\304\275\041\367\377 -\252\137\241\154\166\071\146\326\352\114\125\341\000\063\233\023 -\230\143\311\157\320\001\040\011\067\122\347\014\117\076\315\274 -\365\137\226\047\247\040\002\225\340\056\350\007\101\005\037\025 -\156\326\260\344\031\340\017\002\223\000\047\162\305\213\321\124 -\037\135\112\303\100\227\176\125\246\174\301\063\004\024\001\035 -\111\040\151\013\031\223\235\156\130\042\367\100\014\106\014\043 -\143\363\071\322\177\166\121\247\364\310\241\361\014\166\042\043 -\106\122\051\055\342\243\101\007\126\151\230\322\005\011\274\151 -\307\132\141\315\217\201\140\025\115\200\335\220\342\175\304\120 -\362\214\073\156\112\307\306\346\200\053\074\201\274\021\200\026 -\020\047\327\360\315\077\171\314\163\052\303\176\123\221\326\156 -\370\365\363\307\320\121\115\216\113\245\133\346\031\027\073\326 -\201\011\334\042\334\356\216\271\304\217\123\341\147\273\063\270 -\210\025\106\317\355\151\065\377\165\015\106\363\316\161\341\305 -\153\206\102\006\271\101 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for "Certinomis - Root CA" -# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Serial Number: 1 (0x1) -# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR -# Not Valid Before: Mon Oct 21 09:17:18 2013 -# Not Valid After : Fri Oct 21 09:17:18 2033 -# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 -# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Certinomis - Root CA" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\235\160\273\001\245\244\240\030\021\056\367\034\001\271\062\305 -\064\347\210\250 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\024\012\375\215\250\050\265\070\151\333\126\176\141\042\003\077 -END -CKA_ISSUER MULTILINE_OCTAL -\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061 -\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156 -\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060 -\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060 -\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155 -\151\163\040\055\040\122\157\157\164\040\103\101 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "OISTE WISeKey Global Root GB CA" # @@ -18013,6 +17495,8 @@ CKA_VALUE MULTILINE_OCTAL \065\255\201\307\116\161\272\210\023 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "OISTE WISeKey Global Root GB CA" # Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH @@ -18148,6 +17632,8 @@ CKA_VALUE MULTILINE_OCTAL \326\040\036\343\163\267 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SZAFIR ROOT CA2" # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL @@ -18326,6 +17812,8 @@ CKA_VALUE MULTILINE_OCTAL \016\265\271\276\044\217 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Certum Trusted Network CA 2" # Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL @@ -18513,6 +18001,8 @@ CKA_VALUE MULTILINE_OCTAL \276\157\152\247\365\054\102\355\062\255\266\041\236\276\274 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Hellenic Academic and Research Institutions RootCA 2015" # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR @@ -18649,6 +18139,8 @@ CKA_VALUE MULTILINE_OCTAL \342\174\352\002\130\042\221 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015" # Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR @@ -18818,6 +18310,8 @@ CKA_VALUE MULTILINE_OCTAL \376\216\036\127\242\315\100\235\176\142\042\332\336\030\047 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "ISRG Root X1" # Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US @@ -18981,6 +18475,8 @@ CKA_VALUE MULTILINE_OCTAL \072\117\110\366\213\266\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "AC RAIZ FNMT-RCM" # Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES @@ -19106,6 +18602,8 @@ CKA_VALUE MULTILINE_OCTAL \304\220\276\361\271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 1" # Issuer: CN=Amazon Root CA 1,O=Amazon,C=US @@ -19263,6 +18761,8 @@ CKA_VALUE MULTILINE_OCTAL \340\373\011\140\154 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 2" # Issuer: CN=Amazon Root CA 2,O=Amazon,C=US @@ -19363,6 +18863,8 @@ CKA_VALUE MULTILINE_OCTAL \143\044\110\034\337\060\175\325\150\073 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 3" # Issuer: CN=Amazon Root CA 3,O=Amazon,C=US @@ -19467,6 +18969,8 @@ CKA_VALUE MULTILINE_OCTAL \012\166\324\245\274\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Amazon Root CA 4" # Issuer: CN=Amazon Root CA 4,O=Amazon,C=US @@ -19634,6 +19138,8 @@ CKA_VALUE MULTILINE_OCTAL \045\307\043\200\203\012\353 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "LuxTrust Global Root 2" # Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU @@ -19783,6 +19289,8 @@ CKA_VALUE MULTILINE_OCTAL \322\063\340\377\275\321\124\071\051\017 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 1 Public Primary Certification Authority - G6" # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -19937,6 +19445,8 @@ CKA_VALUE MULTILINE_OCTAL \157\374\132\344\202\125\131\257\061\251 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 2 Public Primary Certification Authority - G6" # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -20070,6 +19580,8 @@ CKA_VALUE MULTILINE_OCTAL \362\014\105\111\071\277\231\004\034\323\020\240 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 1 Public Primary Certification Authority - G4" # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -20203,6 +19715,8 @@ CKA_VALUE MULTILINE_OCTAL \051\246\330\107\331\240\226\030\333\362\105\263 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Symantec Class 2 Public Primary Certification Authority - G4" # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US @@ -20348,6 +19862,8 @@ CKA_VALUE MULTILINE_OCTAL \137\134 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "D-TRUST Root CA 3 2013" # Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE @@ -20510,6 +20026,8 @@ CKA_VALUE MULTILINE_OCTAL \237\042\136\242\017\241\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" # Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR @@ -20685,6 +20203,8 @@ CKA_VALUE MULTILINE_OCTAL \250\267\101\154\007\335\275\074\206\227\057\322 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GDCA TrustAUTH R5 ROOT" # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN @@ -20840,6 +20360,8 @@ CKA_VALUE MULTILINE_OCTAL \132\171\054\031 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TrustCor RootCert CA-1" # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -21031,6 +20553,8 @@ CKA_VALUE MULTILINE_OCTAL \326\354\011 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TrustCor RootCert CA-2" # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -21187,6 +20711,8 @@ CKA_VALUE MULTILINE_OCTAL \264\237\327\346 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "TrustCor ECA-1" # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -21366,6 +20892,8 @@ CKA_VALUE MULTILINE_OCTAL \271 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com Root Certification Authority RSA" # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21490,6 +21018,8 @@ CKA_VALUE MULTILINE_OCTAL \145 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com Root Certification Authority ECC" # Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21669,6 +21199,8 @@ CKA_VALUE MULTILINE_OCTAL \040\022\215\264\254\127\261\105\143\241\254\166\251\302\373 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com EV Root Certification Authority RSA R2" # Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21796,6 +21328,8 @@ CKA_VALUE MULTILINE_OCTAL \371\007\340\142\232\214\134\112 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "SSL.com EV Root Certification Authority ECC" # Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US @@ -21962,6 +21496,8 @@ CKA_VALUE MULTILINE_OCTAL \147\203\005\132\311\244\020 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GlobalSign Root CA - R6" # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6 @@ -22079,6 +21615,8 @@ CKA_VALUE MULTILINE_OCTAL \242\355\357\173\260\200\117\130\017\113\123\071\275 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "OISTE WISeKey Global Root GC CA" # Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH @@ -22242,6 +21780,8 @@ CKA_VALUE MULTILINE_OCTAL \361\306\143\107\125\034\272\245\010\121\165\246\110\045 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GTS Root R1" # Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US @@ -22403,6 +21943,8 @@ CKA_VALUE MULTILINE_OCTAL \267\375\054\010\122\117\202\335\243\360\324\206\011\002 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GTS Root R2" # Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US @@ -22511,6 +22053,8 @@ CKA_VALUE MULTILINE_OCTAL \232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GTS Root R3" # Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US @@ -22619,6 +22163,8 @@ CKA_VALUE MULTILINE_OCTAL \161\314\362\260\115\326\376\231\310\224\251\165\242\343 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "GTS Root R4" # Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US @@ -22777,6 +22323,8 @@ CKA_VALUE MULTILINE_OCTAL \120\037\212\373\006\365\302\031\360\320 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "UCA Global G2 Root" # Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN @@ -22937,6 +22485,8 @@ CKA_VALUE MULTILINE_OCTAL \177\275\145\040\262\311\301\053\166\030\166\237\126\261 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "UCA Extended Validation Root" # Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN @@ -23116,6 +22666,8 @@ CKA_VALUE MULTILINE_OCTAL \045\124\377\242\332\117\212\141\071\136\256\075\112\214\275 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE # Trust for "Certigna Root CA" # Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR @@ -23155,556 +22707,886 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "CAcert.org Class 1 Root CA" +# Certificate "emSign Root CA - G1" # +# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 +# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CAcert.org Class 1 Root CA" +CKA_LABEL UTF8 "emSign Root CA - G1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -\100\143\141\143\145\162\164\056\157\162\147 +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -\100\143\141\143\145\162\164\056\157\162\147 +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 +\002\012\061\365\344\142\014\154\130\355\326\330 END CKA_VALUE MULTILINE_OCTAL -\060\202\007\075\060\202\005\045\240\003\002\001\002\002\001\000 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 -\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157\164 -\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150\164 -\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164\056 -\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103\101 -\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101\165 -\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206\110 -\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164\100 -\143\141\143\145\162\164\056\157\162\147\060\036\027\015\060\063 -\060\063\063\060\061\062\062\071\064\071\132\027\015\063\063\060 -\063\062\071\061\062\062\071\064\071\132\060\171\061\020\060\016 -\006\003\125\004\012\023\007\122\157\157\164\040\103\101\061\036 -\060\034\006\003\125\004\013\023\025\150\164\164\160\072\057\057 -\167\167\167\056\143\141\143\145\162\164\056\157\162\147\061\042 -\060\040\006\003\125\004\003\023\031\103\101\040\103\145\162\164 -\040\123\151\147\156\151\156\147\040\101\165\164\150\157\162\151 -\164\171\061\041\060\037\006\011\052\206\110\206\367\015\001\011 -\001\026\022\163\165\160\160\157\162\164\100\143\141\143\145\162 -\164\056\157\162\147\060\202\002\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 -\012\002\202\002\001\000\316\042\300\342\106\175\354\066\050\007 -\120\226\362\240\063\100\214\113\361\073\146\077\061\345\153\002 -\066\333\326\174\366\361\210\217\116\167\066\005\101\225\371\011 -\360\022\317\106\206\163\140\267\156\176\350\300\130\144\256\315 -\260\255\105\027\014\143\372\147\012\350\326\322\277\076\347\230 -\304\360\114\372\340\003\273\065\135\154\041\336\236\040\331\272 -\315\146\062\067\162\372\367\010\365\307\315\130\311\216\347\016 -\136\352\076\376\034\241\024\012\025\154\206\204\133\144\146\052 -\172\251\113\123\171\365\210\242\173\356\057\012\141\053\215\262 -\176\115\126\245\023\354\352\332\222\236\254\104\101\036\130\140 -\145\005\146\370\300\104\275\313\224\367\102\176\013\367\145\150 -\230\121\005\360\363\005\221\004\035\033\027\202\354\310\127\273 -\303\153\172\210\361\260\162\314\045\133\040\221\354\026\002\022 -\217\062\351\027\030\110\320\307\005\056\002\060\102\270\045\234 -\005\153\077\252\072\247\353\123\110\367\350\322\266\007\230\334 -\033\306\064\177\177\311\034\202\172\005\130\053\010\133\363\070 -\242\253\027\135\146\311\230\327\236\020\213\242\322\335\164\232 -\367\161\014\162\140\337\315\157\230\063\235\226\064\166\076\044 -\172\222\260\016\225\036\157\346\240\105\070\107\252\327\101\355 -\112\267\022\366\327\033\203\212\017\056\330\011\266\131\327\252 -\004\377\322\223\175\150\056\335\213\113\253\130\272\057\215\352 -\225\247\240\303\124\211\245\373\333\213\121\042\235\262\303\276 -\021\276\054\221\206\213\226\170\255\040\323\212\057\032\077\306 -\320\121\145\207\041\261\031\001\145\177\105\034\207\365\174\320 -\101\114\117\051\230\041\375\063\037\165\014\004\121\372\031\167 -\333\324\024\034\356\201\303\035\365\230\267\151\006\221\042\335 -\000\120\314\201\061\254\022\007\173\070\332\150\133\346\053\324 -\176\311\137\255\350\353\162\114\363\001\345\113\040\277\232\246 -\127\312\221\000\001\213\241\165\041\067\265\143\015\147\076\106 -\117\160\040\147\316\305\326\131\333\002\340\360\322\313\315\272 -\142\267\220\101\350\335\040\344\051\274\144\051\102\310\042\334 -\170\232\377\103\354\230\033\011\121\113\132\132\302\161\361\304 -\313\163\251\345\241\013\002\003\001\000\001\243\202\001\316\060 -\202\001\312\060\035\006\003\125\035\016\004\026\004\024\026\265 -\062\033\324\307\363\340\346\216\363\275\322\260\072\356\262\071 -\030\321\060\201\243\006\003\125\035\043\004\201\233\060\201\230 -\200\024\026\265\062\033\324\307\363\340\346\216\363\275\322\260 -\072\356\262\071\030\321\241\175\244\173\060\171\061\020\060\016 -\006\003\125\004\012\023\007\122\157\157\164\040\103\101\061\036 -\060\034\006\003\125\004\013\023\025\150\164\164\160\072\057\057 -\167\167\167\056\143\141\143\145\162\164\056\157\162\147\061\042 -\060\040\006\003\125\004\003\023\031\103\101\040\103\145\162\164 -\040\123\151\147\156\151\156\147\040\101\165\164\150\157\162\151 -\164\171\061\041\060\037\006\011\052\206\110\206\367\015\001\011 -\001\026\022\163\165\160\160\157\162\164\100\143\141\143\145\162 -\164\056\157\162\147\202\001\000\060\017\006\003\125\035\023\001 -\001\377\004\005\060\003\001\001\377\060\062\006\003\125\035\037 -\004\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160 -\163\072\057\057\167\167\167\056\143\141\143\145\162\164\056\157 -\162\147\057\162\145\166\157\153\145\056\143\162\154\060\060\006 -\011\140\206\110\001\206\370\102\001\004\004\043\026\041\150\164 -\164\160\163\072\057\057\167\167\167\056\143\141\143\145\162\164 -\056\157\162\147\057\162\145\166\157\153\145\056\143\162\154\060 -\064\006\011\140\206\110\001\206\370\102\001\010\004\047\026\045 -\150\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162 -\164\056\157\162\147\057\151\156\144\145\170\056\160\150\160\077 -\151\144\075\061\060\060\126\006\011\140\206\110\001\206\370\102 -\001\015\004\111\026\107\124\157\040\147\145\164\040\171\157\165 -\162\040\157\167\156\040\143\145\162\164\151\146\151\143\141\164 -\145\040\146\157\162\040\106\122\105\105\040\150\145\141\144\040 -\157\166\145\162\040\164\157\040\150\164\164\160\072\057\057\167 -\167\167\056\143\141\143\145\162\164\056\157\162\147\060\015\006 -\011\052\206\110\206\367\015\001\001\004\005\000\003\202\002\001 -\000\050\307\356\234\202\002\272\134\200\022\312\065\012\035\201 -\157\211\152\231\314\362\150\017\177\247\341\215\130\225\076\275 -\362\006\303\220\132\254\265\140\366\231\103\001\243\210\160\234 -\235\142\235\244\207\257\147\130\015\060\066\073\346\255\110\323 -\313\164\002\206\161\076\342\053\003\150\361\064\142\100\106\073 -\123\352\050\364\254\373\146\225\123\212\115\135\375\073\331\140 -\327\312\171\151\073\261\145\222\246\306\201\202\134\234\315\353 -\115\001\212\245\337\021\125\252\025\312\037\067\300\202\230\160 -\141\333\152\174\226\243\216\056\124\076\117\041\251\220\357\334 -\202\277\334\350\105\255\115\220\163\010\074\224\145\260\004\231 -\166\177\342\274\302\152\025\252\227\004\067\044\330\036\224\116 -\155\016\121\276\326\304\217\312\226\155\367\103\337\350\060\145 -\047\073\173\273\103\103\143\304\103\367\262\354\150\314\341\031 -\216\042\373\230\341\173\132\076\001\067\073\213\010\260\242\363 -\225\116\032\313\233\315\232\261\333\262\160\360\055\112\333\330 -\260\343\157\105\110\063\022\377\376\074\062\052\124\367\304\367 -\212\360\210\043\302\107\376\144\172\161\300\321\036\246\143\260 -\007\176\244\057\323\001\217\334\237\053\266\306\010\251\017\223 -\110\045\374\022\375\237\102\334\363\304\076\366\127\260\327\335 -\151\321\006\167\064\012\113\322\312\240\377\034\306\214\311\026 -\276\304\314\062\067\150\163\137\010\373\121\367\111\123\066\005 -\012\225\002\114\362\171\032\020\366\330\072\165\234\363\035\361 -\242\015\160\147\206\033\263\026\365\057\345\244\353\171\206\371 -\075\013\302\163\013\245\231\254\157\374\147\270\345\057\013\246 -\030\044\215\173\321\110\065\051\030\100\254\223\140\341\226\206 -\120\264\172\131\330\217\041\013\237\317\202\221\306\073\277\153 -\334\007\221\271\227\126\043\252\266\154\224\306\110\006\074\344 -\316\116\252\344\366\057\011\334\123\157\056\374\164\353\072\143 -\231\302\246\254\211\274\247\262\104\240\015\212\020\343\154\362 -\044\313\372\233\237\160\107\056\336\024\213\324\262\040\011\226 -\242\144\361\044\034\334\241\065\234\025\262\324\274\125\056\175 -\006\365\234\016\125\364\132\326\223\332\166\255\045\163\114\305 -\103 +\060\202\003\224\060\202\002\174\240\003\002\001\002\002\012\061 +\365\344\142\014\154\130\355\326\330\060\015\006\011\052\206\110 +\206\367\015\001\001\013\005\000\060\147\061\013\060\011\006\003 +\125\004\006\023\002\111\116\061\023\060\021\006\003\125\004\013 +\023\012\145\155\123\151\147\156\040\120\113\111\061\045\060\043 +\006\003\125\004\012\023\034\145\115\165\144\150\162\141\040\124 +\145\143\150\156\157\154\157\147\151\145\163\040\114\151\155\151 +\164\145\144\061\034\060\032\006\003\125\004\003\023\023\145\155 +\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\107 +\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034 +\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157 +\147\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032 +\006\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157 +\157\164\040\103\101\040\055\040\107\061\060\202\001\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001 +\017\000\060\202\001\012\002\202\001\001\000\223\113\273\351\146 +\212\356\235\133\325\064\223\320\033\036\303\347\236\270\144\063 +\177\143\170\150\264\315\056\161\165\327\233\040\306\115\051\274 +\266\150\140\212\367\041\232\126\065\132\363\166\275\330\315\232 +\377\223\126\113\245\131\006\241\223\064\051\335\026\064\165\116 +\362\201\264\307\226\116\255\031\025\122\112\376\074\160\165\160 +\315\257\053\253\025\232\063\074\252\263\213\252\315\103\375\365 +\352\160\377\355\317\021\073\224\316\116\062\026\323\043\100\052 +\167\263\257\074\001\054\154\355\231\054\213\331\116\151\230\262 +\367\217\101\260\062\170\141\326\015\137\303\372\242\100\222\035 +\134\027\346\160\076\065\347\242\267\302\142\342\253\244\070\114 +\265\071\065\157\352\003\151\372\072\124\150\205\155\326\362\057 +\103\125\036\221\015\016\330\325\152\244\226\321\023\074\054\170 +\120\350\072\222\322\027\126\345\065\032\100\034\076\215\054\355 +\071\337\102\340\203\101\164\337\243\315\302\206\140\110\150\343 +\151\013\124\000\213\344\166\151\041\015\171\116\064\010\136\024 +\302\314\261\267\255\327\174\160\212\307\205\002\003\001\000\001 +\243\102\060\100\060\035\006\003\125\035\016\004\026\004\024\373 +\357\015\206\236\260\343\335\251\271\361\041\027\177\076\374\360 +\167\053\032\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060 +\003\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001 +\013\005\000\003\202\001\001\000\131\377\362\214\365\207\175\161 +\075\243\237\033\133\321\332\370\323\234\153\066\275\233\251\141 +\353\336\026\054\164\075\236\346\165\332\327\272\247\274\102\027 +\347\075\221\353\345\175\335\076\234\361\317\222\254\154\110\314 +\302\042\077\151\073\305\266\025\057\243\065\306\150\052\034\127 +\257\071\357\215\320\065\303\030\014\173\000\126\034\315\213\031 +\164\336\276\017\022\340\320\252\241\077\002\064\261\160\316\235 +\030\326\010\003\011\106\356\140\340\176\266\304\111\004\121\175 +\160\140\274\252\262\377\171\162\172\246\035\075\137\052\370\312 +\342\375\071\267\107\271\353\176\337\004\043\257\372\234\006\007 +\351\373\143\223\200\100\265\306\154\012\061\050\316\014\237\317 +\263\043\065\200\101\215\154\304\067\173\201\057\200\241\100\102 +\205\351\331\070\215\350\241\123\315\001\277\151\350\132\006\362 +\105\013\220\372\256\341\277\235\362\256\127\074\245\256\262\126 +\364\213\145\100\351\375\061\201\054\364\071\011\330\356\153\247 +\264\246\035\025\245\230\367\001\201\330\205\175\363\121\134\161 +\210\336\272\314\037\200\176\112 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign Root CA - G1" +# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:31:f5:e4:62:0c:6c:58:ed:d6:d8 +# Subject: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 40:F6:AF:03:46:A9:9A:A1:CD:1D:55:5A:4E:9C:CE:62:C7:F9:63:46:03:EE:40:66:15:83:3D:C8:C8:D0:03:67 +# Fingerprint (SHA1): 8A:C7:AD:8F:73:AC:4E:C1:B5:75:4D:A5:40:F4:FC:CF:7C:B5:8E:8C +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - G1" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\212\307\255\217\163\254\116\301\265\165\115\245\100\364\374\317 +\174\265\216\214 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\234\102\204\127\335\313\013\247\056\225\255\266\363\332\274\254 END +CKA_ISSUER MULTILINE_OCTAL +\060\147\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\107\061 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\061\365\344\142\014\154\130\355\326\330 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# Trust for Certificate "CAcert.org Class 1 Root CA" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST +# +# Certificate "emSign ECC Root CA - G3" +# +# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 +# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CAcert.org Class 1 Root CA" +CKA_LABEL UTF8 "emSign ECC Root CA - G3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\074\366\007\251\150\160\016\332\213\204 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\116\060\202\001\323\240\003\002\001\002\002\012\074 +\366\007\251\150\160\016\332\213\204\060\012\006\010\052\206\110 +\316\075\004\003\003\060\153\061\013\060\011\006\003\125\004\006 +\023\002\111\116\061\023\060\021\006\003\125\004\013\023\012\145 +\155\123\151\147\156\040\120\113\111\061\045\060\043\006\003\125 +\004\012\023\034\145\115\165\144\150\162\141\040\124\145\143\150 +\156\157\154\157\147\151\145\163\040\114\151\155\151\164\145\144 +\061\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147 +\156\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040 +\107\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060 +\060\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060 +\060\132\060\153\061\013\060\011\006\003\125\004\006\023\002\111 +\116\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151 +\147\156\040\120\113\111\061\045\060\043\006\003\125\004\012\023 +\034\145\115\165\144\150\162\141\040\124\145\143\150\156\157\154 +\157\147\151\145\163\040\114\151\155\151\164\145\144\061\040\060 +\036\006\003\125\004\003\023\027\145\155\123\151\147\156\040\105 +\103\103\040\122\157\157\164\040\103\101\040\055\040\107\063\060 +\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201 +\004\000\042\003\142\000\004\043\245\014\270\055\022\365\050\363 +\261\262\335\342\002\022\200\236\071\137\111\115\237\311\045\064 +\131\164\354\273\006\034\347\300\162\257\350\256\057\341\101\124 +\207\024\250\112\262\350\174\202\346\133\152\265\334\263\165\316 +\213\006\320\206\043\277\106\325\216\017\077\004\364\327\034\222 +\176\366\245\143\302\365\137\216\056\117\241\030\031\002\053\062 +\012\202\144\175\026\223\321\243\102\060\100\060\035\006\003\125 +\035\016\004\026\004\024\174\135\002\204\023\324\314\212\233\201 +\316\027\034\056\051\036\234\110\143\102\060\016\006\003\125\035 +\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035 +\023\001\001\377\004\005\060\003\001\001\377\060\012\006\010\052 +\206\110\316\075\004\003\003\003\151\000\060\146\002\061\000\276 +\363\141\317\002\020\035\144\225\007\270\030\156\210\205\005\057 +\203\010\027\220\312\037\212\114\350\015\033\172\261\255\325\201 +\011\107\357\073\254\010\004\174\134\231\261\355\107\007\322\002 +\061\000\235\272\125\374\251\112\350\355\355\346\166\001\102\173 +\310\370\140\331\215\121\213\125\073\373\214\173\353\145\011\303 +\370\226\315\107\250\202\362\026\125\167\044\176\022\020\225\004 +\054\243 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign ECC Root CA - G3" +# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Serial Number:3c:f6:07:a9:68:70:0e:da:8b:84 +# Subject: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 86:A1:EC:BA:08:9C:4A:8D:3B:BE:27:34:C6:12:BA:34:1D:81:3E:04:3C:F9:E8:A8:62:CD:5C:57:A3:6B:BE:6B +# Fingerprint (SHA1): 30:43:FA:4F:F2:57:DC:A0:C3:80:EE:2E:58:EA:78:B2:3F:E6:BB:C1 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - G3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\023\134\354\066\364\234\270\351\073\032\262\160\315\200\210\106 -\166\316\217\063 +\060\103\372\117\362\127\334\240\303\200\356\056\130\352\170\262 +\077\346\273\301 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\246\033\067\136\071\015\234\066\124\356\275\040\061\106\037\153 +\316\013\162\321\237\210\216\320\120\003\350\343\270\213\147\100 END CKA_ISSUER MULTILINE_OCTAL -\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -\100\143\141\143\145\162\164\056\157\162\147 +\060\153\061\013\060\011\006\003\125\004\006\023\002\111\116\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\045\060\043\006\003\125\004\012\023\034\145 +\115\165\144\150\162\141\040\124\145\143\150\156\157\154\157\147 +\151\145\163\040\114\151\155\151\164\145\144\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\107\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\000 +\002\012\074\366\007\251\150\160\016\332\213\204 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "CAcert.org Class 3 Root CA" +# Certificate "emSign Root CA - C1" # +# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 +# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CAcert.org Class 3 Root CA" +CKA_LABEL UTF8 "emSign Root CA - C1" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\124\061\024\060\022\006\003\125\004\012\023\013\103\101\143 -\145\162\164\040\111\156\143\056\061\036\060\034\006\003\125\004 -\013\023\025\150\164\164\160\072\057\057\167\167\167\056\103\101 -\143\145\162\164\056\157\162\147\061\034\060\032\006\003\125\004 -\003\023\023\103\101\143\145\162\164\040\103\154\141\163\163\040 -\063\040\122\157\157\164 +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -\100\143\141\143\145\162\164\056\157\162\147 +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\013\000\256\317\000\272\304\317\062\370\103\262 END CKA_VALUE MULTILINE_OCTAL -\060\202\006\010\060\202\003\360\240\003\002\001\002\002\001\001 -\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060 -\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157\164 -\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150\164 -\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164\056 -\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103\101 -\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101\165 -\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206\110 -\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164\100 -\143\141\143\145\162\164\056\157\162\147\060\036\027\015\060\065 -\061\060\061\064\060\067\063\066\065\065\132\027\015\063\063\060 -\063\062\070\060\067\063\066\065\065\132\060\124\061\024\060\022 -\006\003\125\004\012\023\013\103\101\143\145\162\164\040\111\156 -\143\056\061\036\060\034\006\003\125\004\013\023\025\150\164\164 -\160\072\057\057\167\167\167\056\103\101\143\145\162\164\056\157 -\162\147\061\034\060\032\006\003\125\004\003\023\023\103\101\143 -\145\162\164\040\103\154\141\163\163\040\063\040\122\157\157\164 -\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001 -\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001 -\000\253\111\065\021\110\174\322\046\176\123\224\317\103\251\335 -\050\327\102\052\213\363\207\170\031\130\174\017\236\332\211\175 -\341\373\353\162\220\015\164\241\226\144\253\237\240\044\231\163 -\332\342\125\166\307\027\173\365\004\254\106\270\303\276\177\144 -\215\020\154\044\363\141\234\300\362\220\372\121\346\365\151\001 -\143\303\017\126\342\112\102\317\342\104\214\045\050\250\305\171 -\011\175\106\271\212\363\351\363\064\051\010\105\344\034\237\313 -\224\004\034\201\250\024\263\230\145\304\103\354\116\202\215\011 -\321\275\252\133\215\222\320\354\336\220\305\177\012\302\343\353 -\346\061\132\136\164\076\227\063\131\350\303\003\075\140\063\277 -\367\321\157\107\304\315\356\142\203\122\156\056\010\232\244\331 -\025\030\221\246\205\222\107\260\256\110\353\155\267\041\354\205 -\032\150\162\065\253\377\360\020\135\300\364\224\247\152\325\073 -\222\176\114\220\005\176\223\301\054\213\244\216\142\164\025\161 -\156\013\161\003\352\257\025\070\232\324\322\005\162\157\214\371 -\053\353\132\162\045\371\071\106\343\162\033\076\004\303\144\047 -\042\020\052\212\117\130\247\003\255\276\264\056\023\355\135\252 -\110\327\325\175\324\052\173\134\372\106\004\120\344\314\016\102 -\133\214\355\333\362\317\374\226\223\340\333\021\066\124\142\064 -\070\217\014\140\233\073\227\126\070\255\363\322\133\213\240\133 -\352\116\226\270\174\327\325\240\206\160\100\323\221\051\267\242 -\074\255\365\214\273\317\032\222\212\344\064\173\300\330\154\137 -\351\012\302\303\247\040\232\132\337\054\135\122\134\272\107\325 -\233\357\044\050\160\070\040\057\325\177\051\300\262\101\003\150 -\222\314\340\234\314\227\113\105\357\072\020\012\253\160\072\230 -\225\160\255\065\261\352\205\053\244\034\200\041\061\251\256\140 -\172\200\046\110\000\270\001\300\223\143\125\042\221\074\126\347 -\257\333\072\045\363\217\061\124\352\046\213\201\131\371\241\321 -\123\021\305\173\235\003\366\164\021\340\155\261\054\077\054\206 -\221\231\161\232\246\167\213\064\140\321\024\264\054\254\235\257 -\214\020\323\237\304\152\370\157\023\374\163\131\367\146\102\164 -\036\212\343\370\334\322\157\230\234\313\107\230\225\100\005\373 -\351\002\003\001\000\001\243\201\277\060\201\274\060\017\006\003 -\125\035\023\001\001\377\004\005\060\003\001\001\377\060\135\006 -\010\053\006\001\005\005\007\001\001\004\121\060\117\060\043\006 -\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072 -\057\057\157\143\163\160\056\103\101\143\145\162\164\056\157\162 -\147\057\060\050\006\010\053\006\001\005\005\007\060\002\206\034 -\150\164\164\160\072\057\057\167\167\167\056\103\101\143\145\162 -\164\056\157\162\147\057\143\141\056\143\162\164\060\112\006\003 -\125\035\040\004\103\060\101\060\077\006\010\053\006\001\004\001 -\201\220\112\060\063\060\061\006\010\053\006\001\005\005\007\002 -\001\026\045\150\164\164\160\072\057\057\167\167\167\056\103\101 -\143\145\162\164\056\157\162\147\057\151\156\144\145\170\056\160 -\150\160\077\151\144\075\061\060\060\015\006\011\052\206\110\206 -\367\015\001\001\004\005\000\003\202\002\001\000\177\010\210\241 -\332\032\120\111\332\211\373\241\010\162\363\212\367\036\304\072 -\264\171\133\040\060\261\105\336\302\135\323\145\151\361\302\135 -\124\124\074\205\137\271\173\102\221\302\231\375\033\121\233\253 -\106\245\241\020\123\236\155\210\254\163\156\054\063\246\360\364 -\236\340\165\301\076\210\105\251\341\146\103\376\126\132\321\172 -\101\170\367\100\332\112\072\361\013\133\245\273\026\006\346\302 -\347\223\271\205\115\227\117\261\036\070\103\200\357\233\015\214 -\357\270\247\140\000\207\127\175\036\104\034\313\043\357\233\074 -\231\235\257\265\051\034\105\171\026\226\115\047\155\361\034\154 -\303\302\125\144\263\274\024\342\363\244\037\036\062\374\047\025 -\005\317\335\056\256\076\202\141\173\360\041\020\030\366\104\352 -\123\071\371\334\320\232\040\340\306\273\340\273\132\117\304\231 -\310\007\275\265\275\242\333\056\142\015\102\064\101\274\377\213 -\212\365\121\042\252\210\060\000\342\260\324\274\276\145\272\325 -\003\127\171\233\350\334\310\115\370\120\355\221\245\122\050\242 -\254\373\066\130\076\351\224\053\221\120\207\033\326\136\326\214 -\314\367\017\020\014\122\116\320\026\141\345\345\012\154\277\027 -\307\162\106\127\234\230\365\154\140\143\172\157\136\271\116\057 -\310\271\271\273\152\205\274\230\015\355\371\076\227\204\064\224 -\256\000\257\241\345\347\222\156\116\275\363\342\331\024\213\134 -\322\353\001\154\240\027\245\055\020\353\234\172\112\275\275\356 -\316\375\355\042\100\253\160\070\210\365\012\207\152\302\253\005 -\140\311\110\005\332\123\301\336\104\167\152\263\363\074\074\355 -\200\274\246\070\112\051\044\137\376\131\073\233\045\172\126\143 -\000\144\271\135\244\142\175\127\066\117\255\203\357\037\222\123 -\240\216\167\127\335\345\141\021\075\043\000\220\114\074\372\243 -\140\223\004\243\257\065\366\016\152\217\117\112\140\247\205\005 -\154\106\241\217\364\307\166\343\241\131\127\367\161\262\304\156 -\024\134\155\155\101\146\337\033\223\261\324\000\303\356\313\317 -\074\075\041\200\251\137\143\145\374\335\340\137\244\364\053\360 -\205\161\101\324\147\045\373\032\261\227\256\326\231\202\023\101 -\322\156\245\033\231\047\200\347\013\251\250\000 -END - -# Trust for Certificate "CAcert.org Class 3 Root CA" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "CAcert.org Class 3 Root CA" +\060\202\003\163\060\202\002\133\240\003\002\001\002\002\013\000 +\256\317\000\272\304\317\062\370\103\262\060\015\006\011\052\206 +\110\206\367\015\001\001\013\005\000\060\126\061\013\060\011\006 +\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125\004 +\013\023\012\145\155\123\151\147\156\040\120\113\111\061\024\060 +\022\006\003\125\004\012\023\013\145\115\165\144\150\162\141\040 +\111\156\143\061\034\060\032\006\003\125\004\003\023\023\145\155 +\123\151\147\156\040\122\157\157\164\040\103\101\040\055\040\103 +\061\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 +\145\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006 +\003\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157 +\164\040\103\101\040\055\040\103\061\060\202\001\042\060\015\006 +\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017 +\000\060\202\001\012\002\202\001\001\000\317\353\251\271\361\231 +\005\314\330\050\041\112\363\163\064\121\204\126\020\365\240\117 +\054\022\343\372\023\232\047\320\317\371\171\032\164\137\035\171 +\071\374\133\370\160\216\340\222\122\367\344\045\371\124\203\331 +\035\323\310\132\205\077\136\307\266\007\356\076\300\316\232\257 +\254\126\102\052\071\045\160\326\277\265\173\066\255\254\366\163 +\334\315\327\035\212\203\245\373\053\220\025\067\153\034\046\107 +\334\073\051\126\223\152\263\301\152\072\235\075\365\301\227\070 +\130\005\213\034\021\343\344\264\270\135\205\035\203\376\170\137 +\013\105\150\030\110\245\106\163\064\073\376\017\310\166\273\307 +\030\363\005\321\206\363\205\355\347\271\331\062\255\125\210\316 +\246\266\221\260\117\254\176\025\043\226\366\077\360\040\064\026 +\336\012\306\304\004\105\171\177\247\375\276\322\251\245\257\234 +\305\043\052\367\074\041\154\275\257\217\116\305\072\262\363\064 +\022\374\337\200\032\111\244\324\251\225\367\236\211\136\242\211 +\254\224\313\250\150\233\257\212\145\047\315\211\356\335\214\265 +\153\051\160\103\240\151\013\344\271\017\002\003\001\000\001\243 +\102\060\100\060\035\006\003\125\035\016\004\026\004\024\376\241 +\340\160\036\052\003\071\122\132\102\276\134\221\205\172\030\252 +\115\265\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\003\202\001\001\000\302\112\126\372\025\041\173\050\242 +\351\345\035\373\370\055\304\071\226\101\114\073\047\054\304\154 +\030\025\200\306\254\257\107\131\057\046\013\343\066\260\357\073 +\376\103\227\111\062\231\022\025\133\337\021\051\377\253\123\370 +\273\301\170\017\254\234\123\257\127\275\150\214\075\151\063\360 +\243\240\043\143\073\144\147\042\104\255\325\161\313\126\052\170 +\222\243\117\022\061\066\066\342\336\376\000\304\243\140\017\047 +\255\240\260\212\265\066\172\122\241\275\047\364\040\047\142\350 +\115\224\044\023\344\012\004\351\074\253\056\310\103\011\112\306 +\141\004\345\111\064\176\323\304\310\365\017\300\252\351\272\124 +\136\363\143\053\117\117\120\324\376\271\173\231\214\075\300\056 +\274\002\053\323\304\100\344\212\007\061\036\233\316\046\231\023 +\373\021\352\232\042\014\021\031\307\136\033\201\120\060\310\226 +\022\156\347\313\101\177\221\073\242\107\267\124\200\033\334\000 +\314\232\220\352\303\303\120\006\142\014\060\300\025\110\247\250 +\131\174\341\256\042\242\342\012\172\017\372\142\253\122\114\341 +\361\337\312\276\203\015\102 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign Root CA - C1" +# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:00:ae:cf:00:ba:c4:cf:32:f8:43:b2 +# Subject: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): 12:56:09:AA:30:1D:A0:A2:49:B9:7A:82:39:CB:6A:34:21:6F:44:DC:AC:9F:39:54:B1:42:92:F2:E8:C8:60:8F +# Fingerprint (SHA1): E7:2E:F1:DF:FC:B2:09:28:CF:5D:D4:D5:67:37:B1:51:CB:86:4F:01 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign Root CA - C1" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\333\114\102\151\007\077\351\302\243\175\211\012\134\033\030\304 -\030\116\052\055 +\347\056\361\337\374\262\011\050\317\135\324\325\147\067\261\121 +\313\206\117\001 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\163\077\065\124\035\104\311\351\132\112\357\121\255\003\006\266 +\330\343\135\001\041\372\170\132\260\337\272\322\356\052\137\150 END CKA_ISSUER MULTILINE_OCTAL -\060\171\061\020\060\016\006\003\125\004\012\023\007\122\157\157 -\164\040\103\101\061\036\060\034\006\003\125\004\013\023\025\150 -\164\164\160\072\057\057\167\167\167\056\143\141\143\145\162\164 -\056\157\162\147\061\042\060\040\006\003\125\004\003\023\031\103 -\101\040\103\145\162\164\040\123\151\147\156\151\156\147\040\101 -\165\164\150\157\162\151\164\171\061\041\060\037\006\011\052\206 -\110\206\367\015\001\011\001\026\022\163\165\160\160\157\162\164 -\100\143\141\143\145\162\164\056\157\162\147 +\060\126\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\034\060\032\006\003 +\125\004\003\023\023\145\155\123\151\147\156\040\122\157\157\164 +\040\103\101\040\055\040\103\061 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\001\001 +\002\013\000\256\317\000\272\304\317\062\370\103\262 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE # -# Certificate "Software in the Public Interest, Inc. Root CA (2008)" +# Certificate "emSign ECC Root CA - C3" # +# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 +# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE CKA_TOKEN CK_BBOOL CK_TRUE CKA_PRIVATE CK_BBOOL CK_FALSE CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Software in the Public Interest, Inc. Root CA (2008)" +CKA_LABEL UTF8 "emSign ECC Root CA - C3" CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 CKA_SUBJECT MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\111\156\144\151\141 -\156\141\061\025\060\023\006\003\125\004\007\023\014\111\156\144 -\151\141\156\141\160\157\154\151\163\061\050\060\046\006\003\125 -\004\012\023\037\123\157\146\164\167\141\162\145\040\151\156\040 -\164\150\145\040\120\165\142\154\151\143\040\111\156\164\145\162 -\145\163\164\061\023\060\021\006\003\125\004\013\023\012\150\157 -\163\164\155\141\163\164\145\162\061\036\060\034\006\003\125\004 -\003\023\025\103\145\162\164\151\146\151\143\141\164\145\040\101 -\165\164\150\157\162\151\164\171\061\045\060\043\006\011\052\206 -\110\206\367\015\001\011\001\026\026\150\157\163\164\155\141\163 -\164\145\162\100\163\160\151\055\151\156\143\056\157\162\147 +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 END CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\111\156\144\151\141 -\156\141\061\025\060\023\006\003\125\004\007\023\014\111\156\144 -\151\141\156\141\160\157\154\151\163\061\050\060\046\006\003\125 -\004\012\023\037\123\157\146\164\167\141\162\145\040\151\156\040 -\164\150\145\040\120\165\142\154\151\143\040\111\156\164\145\162 -\145\163\164\061\023\060\021\006\003\125\004\013\023\012\150\157 -\163\164\155\141\163\164\145\162\061\036\060\034\006\003\125\004 -\003\023\025\103\145\162\164\151\146\151\143\141\164\145\040\101 -\165\164\150\157\162\151\164\171\061\045\060\043\006\011\052\206 -\110\206\367\015\001\011\001\026\026\150\157\163\164\155\141\163 -\164\145\162\100\163\160\151\055\151\156\143\056\157\162\147 +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\350\216\266\311\370\052\024\050 +\002\012\173\161\266\202\126\270\022\174\234\250 END CKA_VALUE MULTILINE_OCTAL -\060\202\010\016\060\202\005\366\240\003\002\001\002\002\011\000 -\350\216\266\311\370\052\024\050\060\015\006\011\052\206\110\206 -\367\015\001\001\005\005\000\060\201\274\061\013\060\011\006\003 -\125\004\006\023\002\125\123\061\020\060\016\006\003\125\004\010 -\023\007\111\156\144\151\141\156\141\061\025\060\023\006\003\125 -\004\007\023\014\111\156\144\151\141\156\141\160\157\154\151\163 -\061\050\060\046\006\003\125\004\012\023\037\123\157\146\164\167 -\141\162\145\040\151\156\040\164\150\145\040\120\165\142\154\151 -\143\040\111\156\164\145\162\145\163\164\061\023\060\021\006\003 -\125\004\013\023\012\150\157\163\164\155\141\163\164\145\162\061 -\036\060\034\006\003\125\004\003\023\025\103\145\162\164\151\146 -\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\061 -\045\060\043\006\011\052\206\110\206\367\015\001\011\001\026\026 -\150\157\163\164\155\141\163\164\145\162\100\163\160\151\055\151 -\156\143\056\157\162\147\060\036\027\015\060\070\060\065\061\063 -\060\070\060\067\065\066\132\027\015\061\070\060\065\061\061\060 -\070\060\067\065\066\132\060\201\274\061\013\060\011\006\003\125 -\004\006\023\002\125\123\061\020\060\016\006\003\125\004\010\023 -\007\111\156\144\151\141\156\141\061\025\060\023\006\003\125\004 -\007\023\014\111\156\144\151\141\156\141\160\157\154\151\163\061 -\050\060\046\006\003\125\004\012\023\037\123\157\146\164\167\141 -\162\145\040\151\156\040\164\150\145\040\120\165\142\154\151\143 -\040\111\156\164\145\162\145\163\164\061\023\060\021\006\003\125 -\004\013\023\012\150\157\163\164\155\141\163\164\145\162\061\036 -\060\034\006\003\125\004\003\023\025\103\145\162\164\151\146\151 -\143\141\164\145\040\101\165\164\150\157\162\151\164\171\061\045 -\060\043\006\011\052\206\110\206\367\015\001\011\001\026\026\150 -\157\163\164\155\141\163\164\145\162\100\163\160\151\055\151\156 -\143\056\157\162\147\060\202\002\042\060\015\006\011\052\206\110 -\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002 -\012\002\202\002\001\000\334\066\346\107\102\302\304\121\165\051 -\207\100\303\330\216\041\006\322\030\116\353\357\040\275\220\074 -\205\020\023\214\051\133\224\143\366\364\055\361\006\102\221\271 -\031\304\102\151\010\277\213\066\105\352\050\005\063\111\110\240 -\047\103\223\065\212\101\330\170\263\360\357\263\156\055\335\321 -\313\175\352\364\165\046\323\076\220\072\356\327\347\054\004\265 -\174\341\365\174\305\116\357\167\275\134\242\223\063\222\316\175 -\201\110\317\153\265\042\054\010\203\375\323\325\317\073\055\375 -\265\111\220\133\366\255\115\023\312\336\323\246\235\123\121\161 -\143\106\370\112\026\134\230\356\055\155\232\026\241\166\220\342 -\140\103\231\326\211\326\154\056\172\230\262\013\003\054\343\172 -\117\307\335\343\314\343\112\152\215\171\122\372\364\301\257\056 -\217\052\010\313\033\051\202\222\162\103\274\316\210\251\252\247 -\212\121\103\125\205\232\067\003\170\223\310\360\275\264\101\310 -\007\102\232\313\065\227\172\212\201\145\336\035\124\010\001\361 -\144\134\267\027\032\121\274\036\303\131\207\166\030\026\230\356 -\277\366\147\201\213\006\065\305\113\155\131\031\307\322\306\110 -\276\156\024\050\203\112\020\234\033\365\157\274\251\216\365\151 -\376\262\301\125\314\347\024\311\371\133\024\123\121\007\352\316 -\075\344\117\050\037\074\141\011\327\063\322\156\247\156\324\307 -\023\011\157\153\135\024\356\235\211\033\245\152\362\366\370\320 -\162\216\352\162\037\057\064\152\051\012\305\012\354\034\100\205 -\022\367\246\245\323\117\255\300\205\214\114\174\163\040\314\123 -\030\361\262\130\114\001\365\277\352\144\325\134\071\305\316\154 -\314\123\132\126\272\101\017\045\337\153\120\266\307\212\240\275 -\002\302\305\073\125\245\262\144\042\204\121\050\126\256\061\356 -\136\373\013\026\115\106\005\221\200\104\355\254\155\360\127\250 -\372\353\141\110\240\313\033\263\037\216\315\305\041\167\003\204 -\036\374\254\243\103\010\143\214\355\371\047\357\264\260\135\147 -\326\117\355\320\213\076\135\133\311\221\275\226\002\204\075\305 -\115\274\102\077\164\375\074\135\254\134\110\066\136\207\061\057 -\030\154\304\150\356\241\213\311\131\320\030\343\000\200\263\124 -\047\056\231\360\025\123\002\003\001\000\001\243\202\002\017\060 -\202\002\013\060\035\006\003\125\035\016\004\026\004\024\064\161 -\321\070\327\025\066\203\107\153\327\067\144\102\073\216\215\122 -\235\253\060\201\361\006\003\125\035\043\004\201\351\060\201\346 -\200\024\064\161\321\070\327\025\066\203\107\153\327\067\144\102 -\073\216\215\122\235\253\241\201\302\244\201\277\060\201\274\061 -\013\060\011\006\003\125\004\006\023\002\125\123\061\020\060\016 -\006\003\125\004\010\023\007\111\156\144\151\141\156\141\061\025 -\060\023\006\003\125\004\007\023\014\111\156\144\151\141\156\141 -\160\157\154\151\163\061\050\060\046\006\003\125\004\012\023\037 -\123\157\146\164\167\141\162\145\040\151\156\040\164\150\145\040 -\120\165\142\154\151\143\040\111\156\164\145\162\145\163\164\061 -\023\060\021\006\003\125\004\013\023\012\150\157\163\164\155\141 -\163\164\145\162\061\036\060\034\006\003\125\004\003\023\025\103 -\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157 -\162\151\164\171\061\045\060\043\006\011\052\206\110\206\367\015 -\001\011\001\026\026\150\157\163\164\155\141\163\164\145\162\100 -\163\160\151\055\151\156\143\056\157\162\147\202\011\000\350\216 -\266\311\370\052\024\050\060\017\006\003\125\035\023\001\001\377 -\004\005\060\003\001\001\377\060\021\006\011\140\206\110\001\206 -\370\102\001\001\004\004\003\002\000\007\060\011\006\003\125\035 -\022\004\002\060\000\060\056\006\011\140\206\110\001\206\370\102 -\001\015\004\041\026\037\123\157\146\164\167\141\162\145\040\151 -\156\040\164\150\145\040\120\165\142\154\151\143\040\111\156\164 -\145\162\145\163\164\060\060\006\011\140\206\110\001\206\370\102 -\001\004\004\043\026\041\150\164\164\160\163\072\057\057\143\141 -\056\163\160\151\055\151\156\143\056\157\162\147\057\143\141\055 -\143\162\154\056\160\145\155\060\062\006\011\140\206\110\001\206 -\370\102\001\003\004\045\026\043\150\164\164\160\163\072\057\057 -\143\141\056\163\160\151\055\151\156\143\056\157\162\147\057\143 -\145\162\164\055\143\162\154\056\160\145\155\060\041\006\003\125 -\035\021\004\032\060\030\201\026\150\157\163\164\155\141\163\164 -\145\162\100\163\160\151\055\151\156\143\056\157\162\147\060\016 -\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\015 -\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002 -\001\000\264\315\275\340\271\352\262\003\053\176\062\351\336\162 -\077\311\113\202\136\235\342\257\125\011\242\014\124\350\317\030 -\074\050\040\035\251\273\003\002\057\122\071\042\371\027\317\255 -\147\220\263\003\177\330\025\343\153\176\273\233\126\001\257\065 -\324\332\271\307\147\027\233\324\325\016\067\263\040\101\056\014 -\001\304\133\371\145\076\302\141\350\322\360\152\225\160\303\306 -\157\325\065\244\254\131\162\341\211\337\241\240\235\044\275\051 -\171\351\141\052\331\323\036\311\106\244\010\170\101\222\162\017 -\253\024\165\355\011\360\242\360\134\357\303\012\142\040\267\302 -\050\146\256\114\057\056\217\105\143\046\226\360\356\061\346\213 -\125\233\252\072\371\202\071\035\210\074\342\007\165\032\341\017 -\261\060\274\161\062\322\072\376\372\241\211\363\103\054\326\162 -\304\171\247\025\110\005\300\330\055\162\002\343\313\075\026\152 -\272\311\270\021\020\342\111\205\314\226\107\140\005\045\056\357 -\165\131\063\365\107\031\026\357\332\154\137\007\310\246\120\266 -\035\313\146\064\045\374\146\203\353\305\266\060\101\370\106\104 -\142\250\301\014\124\346\352\114\132\050\346\256\306\267\376\177 -\073\226\250\056\356\307\150\076\335\000\075\051\257\052\143\253 -\137\356\111\052\055\305\334\373\321\306\323\321\227\126\122\206 -\266\224\353\324\140\121\267\374\036\233\314\002\233\324\037\217 -\371\112\217\266\056\050\073\027\314\305\246\005\343\322\323\265 -\306\003\311\341\110\102\233\313\077\344\027\340\376\015\001\225 -\011\272\270\015\161\344\011\160\167\102\330\115\341\102\251\140 -\203\327\027\211\103\322\324\335\247\030\266\253\324\044\045\207 -\265\324\342\374\056\042\151\275\255\150\054\377\162\265\230\252 -\006\234\347\052\152\270\241\223\166\316\260\363\177\234\341\340 -\117\270\330\206\106\245\063\002\054\045\141\067\052\222\310\254 -\201\164\150\143\207\063\166\275\005\177\136\325\325\002\155\275 -\257\377\052\132\252\111\354\230\171\107\123\221\366\016\064\132 -\311\245\306\353\262\343\305\254\266\240\160\065\273\310\121\151 -\320\362\265\242\062\156\274\077\240\067\071\174\161\066\246\005 -\337\014\022\344\026\247\305\326\313\143\243\225\160\077\346\004 -\243\140 -END - -# Trust for Certificate "Software in the Public Interest, Inc. Root CA (2008)" -CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Software in the Public Interest, Inc. Root CA (2008)" +\060\202\002\053\060\202\001\261\240\003\002\001\002\002\012\173 +\161\266\202\126\270\022\174\234\250\060\012\006\010\052\206\110 +\316\075\004\003\003\060\132\061\013\060\011\006\003\125\004\006 +\023\002\125\123\061\023\060\021\006\003\125\004\013\023\012\145 +\155\123\151\147\156\040\120\113\111\061\024\060\022\006\003\125 +\004\012\023\013\145\115\165\144\150\162\141\040\111\156\143\061 +\040\060\036\006\003\125\004\003\023\027\145\155\123\151\147\156 +\040\105\103\103\040\122\157\157\164\040\103\101\040\055\040\103 +\063\060\036\027\015\061\070\060\062\061\070\061\070\063\060\060 +\060\132\027\015\064\063\060\062\061\070\061\070\063\060\060\060 +\132\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147 +\156\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013 +\145\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006 +\003\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103 +\040\122\157\157\164\040\103\101\040\055\040\103\063\060\166\060 +\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000 +\042\003\142\000\004\375\245\141\256\173\046\020\035\351\267\042 +\060\256\006\364\201\263\261\102\161\225\071\274\323\122\343\257 +\257\371\362\227\065\222\066\106\016\207\225\215\271\071\132\351 +\273\337\320\376\310\007\101\074\273\125\157\203\243\152\373\142 +\260\201\211\002\160\175\110\305\112\343\351\042\124\042\115\223 +\273\102\014\257\167\234\043\246\175\327\141\021\316\145\307\370 +\177\376\365\362\251\243\102\060\100\060\035\006\003\125\035\016 +\004\026\004\024\373\132\110\320\200\040\100\362\250\351\000\007 +\151\031\167\247\346\303\364\317\060\016\006\003\125\035\017\001 +\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001 +\001\377\004\005\060\003\001\001\377\060\012\006\010\052\206\110 +\316\075\004\003\003\003\150\000\060\145\002\061\000\264\330\057 +\002\211\375\266\114\142\272\103\116\023\204\162\265\256\335\034 +\336\326\265\334\126\217\130\100\132\055\336\040\114\042\203\312 +\223\250\176\356\022\100\307\326\207\117\370\337\205\002\060\034 +\024\144\344\174\226\203\021\234\260\321\132\141\113\246\017\111 +\323\000\374\241\374\344\245\377\177\255\327\060\320\307\167\177 +\276\201\007\125\060\120\040\024\365\127\070\012\250\061\121 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "emSign ECC Root CA - C3" +# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Serial Number:7b:71:b6:82:56:b8:12:7c:9c:a8 +# Subject: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US +# Not Valid Before: Sun Feb 18 18:30:00 2018 +# Not Valid After : Wed Feb 18 18:30:00 2043 +# Fingerprint (SHA-256): BC:4D:80:9B:15:18:9D:78:DB:3E:1D:8C:F4:F9:72:6A:79:5D:A1:64:3C:A5:F1:35:8E:1D:DB:0E:DC:0D:7E:B3 +# Fingerprint (SHA1): B6:AF:43:C2:9B:81:53:7D:F6:EF:6B:C3:1F:1F:60:15:0C:EE:48:66 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "emSign ECC Root CA - C3" CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\257\160\210\103\203\202\002\025\315\141\306\274\354\375\067\044 -\251\220\103\034 +\266\257\103\302\233\201\123\175\366\357\153\303\037\037\140\025 +\014\356\110\146 END CKA_CERT_MD5_HASH MULTILINE_OCTAL -\052\107\237\140\273\203\164\157\001\003\327\013\015\366\015\170 +\076\123\263\243\201\356\327\020\370\323\260\035\027\222\365\325 +END +CKA_ISSUER MULTILINE_OCTAL +\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\023\060\021\006\003\125\004\013\023\012\145\155\123\151\147\156 +\040\120\113\111\061\024\060\022\006\003\125\004\012\023\013\145 +\115\165\144\150\162\141\040\111\156\143\061\040\060\036\006\003 +\125\004\003\023\027\145\155\123\151\147\156\040\105\103\103\040 +\122\157\157\164\040\103\101\040\055\040\103\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\012\173\161\266\202\126\270\022\174\234\250 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Hongkong Post Root CA 3" +# +# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 +# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Not Valid Before: Sat Jun 03 02:29:46 2017 +# Not Valid After : Tue Jun 03 02:29:46 2042 +# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hongkong Post Root CA 3" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 END +CKA_ID UTF8 "0" CKA_ISSUER MULTILINE_OCTAL -\060\201\274\061\013\060\011\006\003\125\004\006\023\002\125\123 -\061\020\060\016\006\003\125\004\010\023\007\111\156\144\151\141 -\156\141\061\025\060\023\006\003\125\004\007\023\014\111\156\144 -\151\141\156\141\160\157\154\151\163\061\050\060\046\006\003\125 -\004\012\023\037\123\157\146\164\167\141\162\145\040\151\156\040 -\164\150\145\040\120\165\142\154\151\143\040\111\156\164\145\162 -\145\163\164\061\023\060\021\006\003\125\004\013\023\012\150\157 -\163\164\155\141\163\164\145\162\061\036\060\034\006\003\125\004 -\003\023\025\103\145\162\164\151\146\151\143\141\164\145\040\101 -\165\164\150\157\162\151\164\171\061\045\060\043\006\011\052\206 -\110\206\367\015\001\011\001\026\026\150\157\163\164\155\141\163 -\164\145\162\100\163\160\151\055\151\156\143\056\157\162\147 +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 END CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\011\000\350\216\266\311\370\052\024\050 +\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 +\256\043\270\034\132\244 END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR +CKA_VALUE MULTILINE_OCTAL +\060\202\005\317\060\202\003\267\240\003\002\001\002\002\024\010 +\026\137\212\114\245\354\000\311\223\100\337\304\306\256\043\270 +\034\132\244\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\157\061\013\060\011\006\003\125\004\006\023\002\110 +\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156\147 +\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023\011 +\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003\125 +\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163 +\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147 +\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103 +\101\040\063\060\036\027\015\061\067\060\066\060\063\060\062\062 +\071\064\066\132\027\015\064\062\060\066\060\063\060\062\062\071 +\064\066\132\060\157\061\013\060\011\006\003\125\004\006\023\002 +\110\113\061\022\060\020\006\003\125\004\010\023\011\110\157\156 +\147\040\113\157\156\147\061\022\060\020\006\003\125\004\007\023 +\011\110\157\156\147\040\113\157\156\147\061\026\060\024\006\003 +\125\004\012\023\015\110\157\156\147\153\157\156\147\040\120\157 +\163\164\061\040\060\036\006\003\125\004\003\023\027\110\157\156 +\147\153\157\156\147\040\120\157\163\164\040\122\157\157\164\040 +\103\101\040\063\060\202\002\042\060\015\006\011\052\206\110\206 +\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012 +\002\202\002\001\000\263\210\327\352\316\017\040\116\276\346\326 +\003\155\356\131\374\302\127\337\051\150\241\203\016\076\150\307 +\150\130\234\034\140\113\211\103\014\271\324\025\262\356\301\116 +\165\351\265\247\357\345\351\065\231\344\314\034\347\113\137\215 +\063\060\040\063\123\331\246\273\325\076\023\216\351\037\207\111 +\255\120\055\120\312\030\276\001\130\242\023\160\226\273\211\210 +\126\200\134\370\275\054\074\341\114\127\210\273\323\271\225\357 +\313\307\366\332\061\164\050\246\346\124\211\365\101\061\312\345 +\046\032\315\202\340\160\332\073\051\273\325\003\365\231\272\125 +\365\144\321\140\016\263\211\111\270\212\057\005\322\204\105\050 +\174\217\150\120\022\170\374\013\265\123\313\302\230\034\204\243 +\236\260\276\043\244\332\334\310\053\036\332\156\105\036\211\230 +\332\371\000\056\006\351\014\073\160\325\120\045\210\231\313\315 +\163\140\367\325\377\065\147\305\241\274\136\253\315\112\270\105 +\353\310\150\036\015\015\024\106\022\343\322\144\142\212\102\230 +\274\264\306\010\010\370\375\250\114\144\234\166\001\275\057\251 +\154\063\017\330\077\050\270\074\151\001\102\206\176\151\301\311 +\006\312\345\172\106\145\351\302\326\120\101\056\077\267\344\355 +\154\327\277\046\001\021\242\026\051\112\153\064\006\220\354\023 +\322\266\373\152\166\322\074\355\360\326\055\335\341\025\354\243 +\233\057\054\311\076\053\344\151\073\377\162\045\261\066\206\133 +\307\177\153\213\125\033\112\305\040\141\075\256\313\120\341\010 +\072\276\260\217\143\101\123\060\010\131\074\230\035\167\272\143 +\221\172\312\020\120\140\277\360\327\274\225\207\217\227\305\376 +\227\152\001\224\243\174\133\205\035\052\071\072\320\124\241\321 +\071\161\235\375\041\371\265\173\360\342\340\002\217\156\226\044 +\045\054\240\036\054\250\304\211\247\357\355\231\006\057\266\012 +\114\117\333\242\314\067\032\257\107\205\055\212\137\304\064\064 +\114\000\375\030\223\147\023\321\067\346\110\264\213\006\305\127 +\173\031\206\012\171\313\000\311\122\257\102\377\067\217\341\243 +\036\172\075\120\253\143\006\347\025\265\077\266\105\067\224\067 +\261\176\362\110\303\177\305\165\376\227\215\105\217\032\247\032 +\162\050\032\100\017\002\003\001\000\001\243\143\060\141\060\017 +\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060 +\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060 +\037\006\003\125\035\043\004\030\060\026\200\024\027\235\315\036 +\213\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141 +\060\035\006\003\125\035\016\004\026\004\024\027\235\315\036\213 +\326\071\053\160\323\134\324\240\270\037\260\000\374\305\141\060 +\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202 +\002\001\000\126\325\173\156\346\042\001\322\102\233\030\325\016 +\327\146\043\134\343\376\240\307\222\322\351\224\255\113\242\306 +\354\022\174\164\325\110\322\131\024\231\300\353\271\321\353\364 +\110\060\133\255\247\127\163\231\251\323\345\267\321\056\131\044 +\130\334\150\056\056\142\330\152\344\160\013\055\040\120\040\244 +\062\225\321\000\230\273\323\375\367\062\362\111\256\306\172\340 +\107\276\156\316\313\243\162\072\055\151\135\313\310\350\105\071 +\324\372\102\301\021\114\167\135\222\373\152\377\130\104\345\353 +\201\236\257\240\231\255\276\251\001\146\313\070\035\074\337\103 +\037\364\115\156\264\272\027\106\374\175\375\207\201\171\152\015 +\063\017\372\057\370\024\271\200\263\135\115\252\227\341\371\344 +\030\305\370\325\070\214\046\074\375\362\050\342\356\132\111\210 +\054\337\171\075\216\236\220\074\275\101\112\072\335\133\366\232 +\264\316\077\045\060\177\062\175\242\003\224\320\334\172\241\122 +\336\156\223\215\030\046\375\125\254\275\217\233\322\317\257\347 +\206\054\313\037\011\157\243\157\251\204\324\163\277\115\241\164 +\033\116\043\140\362\314\016\252\177\244\234\114\045\250\262\146 +\073\070\377\331\224\060\366\162\204\276\150\125\020\017\306\163 +\054\026\151\223\007\376\261\105\355\273\242\125\152\260\332\265 +\112\002\045\047\205\327\267\267\206\104\026\211\154\200\053\076 +\227\251\234\325\176\125\114\306\336\105\020\034\352\351\073\237 +\003\123\356\356\172\001\002\026\170\324\350\302\276\106\166\210 +\023\077\042\273\110\022\035\122\000\264\002\176\041\032\036\234 +\045\364\363\075\136\036\322\034\371\263\055\266\367\067\134\306 +\313\041\116\260\367\231\107\030\205\301\053\272\125\256\006\352 +\320\007\262\334\253\320\202\226\165\316\322\120\376\231\347\317 +\057\237\347\166\321\141\052\373\041\273\061\320\252\237\107\244 +\262\042\312\026\072\120\127\304\133\103\147\305\145\142\003\111 +\001\353\103\331\330\370\236\255\317\261\143\016\105\364\240\132 +\054\233\055\305\246\300\255\250\107\364\047\114\070\015\056\033 +\111\073\122\364\350\210\203\053\124\050\324\362\065\122\264\062 +\203\142\151\144\014\221\234\237\227\352\164\026\375\037\021\006 +\232\233\364 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "Hongkong Post Root CA 3" +# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Serial Number:08:16:5f:8a:4c:a5:ec:00:c9:93:40:df:c4:c6:ae:23:b8:1c:5a:a4 +# Subject: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK +# Not Valid Before: Sat Jun 03 02:29:46 2017 +# Not Valid After : Tue Jun 03 02:29:46 2042 +# Fingerprint (SHA-256): 5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 +# Fingerprint (SHA1): 58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Hongkong Post Root CA 3" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\130\242\320\354\040\122\201\133\301\363\370\144\002\044\116\302 +\216\002\113\002 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\021\374\237\275\163\060\002\212\375\077\363\130\271\313\040\360 +END +CKA_ISSUER MULTILINE_OCTAL +\060\157\061\013\060\011\006\003\125\004\006\023\002\110\113\061 +\022\060\020\006\003\125\004\010\023\011\110\157\156\147\040\113 +\157\156\147\061\022\060\020\006\003\125\004\007\023\011\110\157 +\156\147\040\113\157\156\147\061\026\060\024\006\003\125\004\012 +\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164\061 +\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153\157 +\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101\040 +\063 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\010\026\137\212\114\245\354\000\311\223\100\337\304\306 +\256\043\270\034\132\244 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "Entrust Root Certification Authority - G4" +# +# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 +# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Wed May 27 11:11:16 2015 +# Not Valid After : Sun Dec 27 11:41:16 2037 +# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 +\145\255\130 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000 +\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130 +\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060 +\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061 +\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163 +\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013 +\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163 +\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155 +\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040 +\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156 +\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151 +\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060 +\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122 +\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157 +\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064 +\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066 +\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132 +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001 +\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002 +\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055 +\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031 +\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037 +\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274 +\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304 +\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020 +\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004 +\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043 +\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336 +\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065 +\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014 +\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132 +\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047 +\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323 +\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351 +\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252 +\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127 +\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152 +\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323 +\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000 +\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141 +\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361 +\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146 +\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005 +\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334 +\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374 +\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332 +\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362 +\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045 +\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332 +\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067 +\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143 +\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125 +\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003 +\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240 +\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052 +\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022 +\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045 +\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363 +\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322 +\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364 +\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211 +\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253 +\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377 +\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344 +\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177 +\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056 +\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234 +\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210 +\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216 +\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207 +\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360 +\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307 +\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136 +\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176 +\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330 +\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002 +\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244 +\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166 +\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062 +\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245 +\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072 +\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101 +\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244 +\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273 +\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061 +\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230 +\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332 +\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE + +# Trust for "Entrust Root Certification Authority - G4" +# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58 +# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US +# Not Valid Before: Wed May 27 11:11:16 2015 +# Not Valid After : Sun Dec 27 11:41:16 2037 +# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 +# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "Entrust Root Certification Authority - G4" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065 +\051\272\226\001 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210 +END +CKA_ISSUER MULTILINE_OCTAL +\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123 +\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165 +\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004 +\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165 +\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162 +\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051 +\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111 +\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162 +\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060 +\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040 +\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151 +\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107 +\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125 +\145\255\130 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -- cgit v1.2.3-70-g09d2 From 4bf076391245450e2667eb60510b94faeb686a7f Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Mon, 24 Sep 2018 17:18:26 +0200 Subject: update-ca: fix build with newer musl musl removed SYMLINK_MAX define[1]. Use PATH_MAX instead for symlink target. [1]: http://git.musl-libc.org/cgit/musl/commit/?id=767f7a1091af3a3dcee2f7a49d0713359a81961c --- update-ca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-ca.c b/update-ca.c index 641fd64..7bb4f1b 100644 --- a/update-ca.c +++ b/update-ca.c @@ -196,7 +196,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil static void proc_etccertsdir(const char* fullpath, struct hash* h, int tmpfile_fd) { - char linktarget[SYMLINK_MAX]; + char linktarget[PATH_MAX]; ssize_t linklen; linklen = readlink(fullpath, linktarget, sizeof(linktarget)-1); -- cgit v1.2.3-70-g09d2 From 4d132ee3b898448df42a206156f0f0e0f75bef44 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 5 Feb 2020 14:42:38 +0100 Subject: update-ca: fix compiler warning --- update-ca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update-ca.c b/update-ca.c index 7bb4f1b..2b3195b 100644 --- a/update-ca.c +++ b/update-ca.c @@ -330,7 +330,7 @@ int main(int a, char **v) free(tmpfile); /* Execute run-parts */ - static const char *run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 }; + static char *const run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 }; execve("/usr/bin/run-parts", run_parts_args, NULL); execve("/bin/run-parts", run_parts_args, NULL); perror("run-parts"); -- cgit v1.2.3-70-g09d2 From b0da9ea5446226f799dcd91fc473f1c3d332852a Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 5 Feb 2020 17:40:57 +0100 Subject: update-ca: insert newline between certs There may be certificates that lack a trailing newline, which is allowed in the certificate format. We work around that by inject a newline after each cert. see https://gitlab.alpinelinux.org/alpine/aports/issues/8379 --- update-ca.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/update-ca.c b/update-ca.c index 2b3195b..0260f83 100644 --- a/update-ca.c +++ b/update-ca.c @@ -191,6 +191,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil fprintf(stderr, "Warning! Cannot hash: %s\n", fullpath); if (!copyfile(fullpath, tmpfile_fd)) fprintf(stderr, "Warning! Cannot copy to bundle: %s\n", fullpath); + write(tmpfile_fd, "\n", 1); free(actual_file); } @@ -260,7 +261,7 @@ static bool dir_readfiles(struct hash* d, const char* path, DIR *dp = opendir(path); if (!dp) return false; - + struct dirent *dirp; while ((dirp = readdir(dp)) != NULL) { if (str_begins(dirp->d_name, ".")) -- cgit v1.2.3-70-g09d2 From 9bcd058a90a0d3ce07f8b5aaf74495a94fd74bda Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:41:54 -0500 Subject: update-ca-certificates.8: remove unsupported options --- update-ca-certificates.8 | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/update-ca-certificates.8 b/update-ca-certificates.8 index b149b1d..6de5e00 100644 --- a/update-ca-certificates.8 +++ b/update-ca-certificates.8 @@ -41,17 +41,6 @@ Furthermore all certificates with a .crt extension found below .PP Before terminating, \fBupdate-ca-certificates\fP invokes \fBrun-parts\fP on /etc/ca-certificates/update.d. -.SH OPTIONS -A summary of options is included below. -.TP -.B \-h, \-\-help -Show summary of options. -.TP -.B \-v, \-\-verbose -Be verbose. Output \fBc_rehash\fP. -.TP -.B \-f, \-\-fresh -Fresh updates. Remove symlinks in /etc/ssl/certs directory. .SH FILES .TP .I /etc/ca-certificates.conf -- cgit v1.2.3-70-g09d2 From 11bdc29edb6e810e3ef29292e16ea70340881be2 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:44:31 -0500 Subject: blacklist: remove old DigiNotar entry This certificate no longer exists in certdata.txt. --- blacklist.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/blacklist.txt b/blacklist.txt index 9401d41..70ed0d5 100644 --- a/blacklist.txt +++ b/blacklist.txt @@ -1,4 +1,2 @@ # One blacklist entry per line, corresponding to the label in certdata.txt. -# DigiNotar Root CA (see debbug#639744) -"DigiNotar Root CA" -- cgit v1.2.3-70-g09d2 From a4c6115d9202e1d1ecdec25fa1a665fe8d857cc5 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:45:09 -0500 Subject: blacklist: silence untrusted errors When certdata2pem is run, it checks whether certificates are marked as untrusted. If they are, it excludes them but emits a loud warning that they were not explicitly blacklisted. Silence this warning by explicitly blacklisting them. --- blacklist.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/blacklist.txt b/blacklist.txt index 70ed0d5..88940c0 100644 --- a/blacklist.txt +++ b/blacklist.txt @@ -1,2 +1,14 @@ # One blacklist entry per line, corresponding to the label in certdata.txt. +# Blacklist explicitly distrusted certificates +# They were already to-be-excluded since they are distrusted, but this +# silences the loud warning they produce. +"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" +"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" +"Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" +"Explicitly Distrust DigiNotar Root CA" +"Explicitly Distrusted DigiNotar PKIoverheid G2" +"MITM subCA 1 issued by Trustwave" +"MITM subCA 2 issued by Trustwave" +"TURKTRUST Mis-issued Intermediate CA 1" +"TURKTRUST Mis-issued Intermediate CA 2" -- cgit v1.2.3-70-g09d2 From 4023193aac8706830d99720de6628cc0d8eabd84 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:47:03 -0500 Subject: blacklist: distrust Symantec Root CAs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289 --- blacklist.txt | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/blacklist.txt b/blacklist.txt index 88940c0..6ddc6b9 100644 --- a/blacklist.txt +++ b/blacklist.txt @@ -12,3 +12,27 @@ "MITM subCA 2 issued by Trustwave" "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" + +# Distrusted Symantec Root CAs: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289 +"GeoTrust Global CA" +"GeoTrust Primary Certification Authority" +"GeoTrust Primary Certification Authority - G2" +"GeoTrust Primary Certification Authority - G3" +"GeoTrust Universal CA" +"Thawte Premium Server CA" +"thawte Primary Root CA" +"thawte Primary Root CA - G2" +"thawte Primary Root CA - G3" +"Symantec Class 1 Public Primary Certification Authority - G4" +"Symantec Class 1 Public Primary Certification Authority - G6" +"Symantec Class 2 Public Primary Certification Authority - G4" +"Symantec Class 2 Public Primary Certification Authority - G6" +"Symantec Class 3 Public Primary Certification Authority - G4" +"Symantec Class 3 Public Primary Certification Authority - G6" +"VeriSign Class 1 Public Primary Certification Authority - G3" +"VeriSign Class 2 Public Primary Certification Authority - G3" +"VeriSign Class 3 Public Primary Certification Authority - G3" +"VeriSign Class 3 Public Primary Certification Authority - G4" +"VeriSign Class 3 Public Primary Certification Authority - G5" +"VeriSign Universal Root Certification Authority" -- cgit v1.2.3-70-g09d2 From 8608030429e674ac33afc4c85fb80bba6d68bd91 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:50:54 -0500 Subject: Add machinery to detect expired certificates --- blacklist.txt | 8 ++++++++ certdata2pem.py | 36 +++++++++++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 5 deletions(-) diff --git a/blacklist.txt b/blacklist.txt index 6ddc6b9..9c0b4fd 100644 --- a/blacklist.txt +++ b/blacklist.txt @@ -36,3 +36,11 @@ "VeriSign Class 3 Public Primary Certification Authority - G4" "VeriSign Class 3 Public Primary Certification Authority - G5" "VeriSign Universal Root Certification Authority" + +# Expired certificates +# Not Valid Before: Tue May 30 10:48:38 2000 +# Not Valid After : Sat May 30 10:48:38 2020 +"AddTrust External Root" +# Not Valid Before: Wed Mar 26 11:18:17 2008 +# Not Valid After : Wed Mar 25 11:03:10 2020 +"Staat der Nederlanden Root CA - G2" diff --git a/certdata2pem.py b/certdata2pem.py index 0b02b2a..5af0def 100644 --- a/certdata2pem.py +++ b/certdata2pem.py @@ -21,11 +21,17 @@ # USA. import base64 +import datetime +import io import os.path +import pathlib import re import sys import textwrap -import io + +DATE_FMT = "%a %b %d %H:%M:%S %Y" +VERSION = pathlib.Path(__file__).parent / "VERSION" +VERSION = datetime.datetime.strptime(VERSION.read_text().strip(), "%Y%m%d") objects = [] @@ -43,9 +49,6 @@ for line in io.open('certdata.txt', 'rt', encoding='utf8'): if line.startswith('BEGINDATA'): in_data = True continue - # Ignore comment lines. - if line.startswith('#'): - continue # Empty lines are significant if we are inside an object. if in_obj and len(line.strip()) == 0: objects.append(obj) @@ -54,6 +57,17 @@ for line in io.open('certdata.txt', 'rt', encoding='utf8'): continue if len(line.strip()) == 0: continue + if line.startswith("# Not Valid Before: "): + line = line.replace("# Not Valid Before: ", "", 1).strip() + obj["before"] = datetime.datetime.strptime(line, DATE_FMT) + continue + if line.startswith("# Not Valid After : "): + line = line.replace("# Not Valid After : ", "", 1).strip() + obj["after"] = datetime.datetime.strptime(line, DATE_FMT) + continue + # Ignore comment lines. + if line.startswith('#'): + continue if in_multiline: if not line.startswith('END'): if type == 'MULTILINE_OCTAL': @@ -97,13 +111,23 @@ if os.path.exists('blacklist.txt'): # Build up trust database. trust = dict() +next_expiring = None for obj in objects: if obj['CKA_CLASS'] != 'CKO_NSS_TRUST': continue if obj['CKA_LABEL'] in blacklist: print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True + if VERSION < obj["before"] or VERSION > obj["after"]: + print('!'*74) + print("EXPIRED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) + print('!'*74) + else: + if not next_expiring: + next_expiring = obj + elif obj['after'] < next_expiring['after']: + next_expiring = obj + trust[obj['CKA_LABEL']] = True elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED': print('!'*74) print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) @@ -113,6 +137,8 @@ for obj in objects: (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], obj['CKA_TRUST_EMAIL_PROTECTION'])) +print('Next expiring certificate:', next_expiring['CKA_LABEL'], next_expiring['after']) + for obj in objects: if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: -- cgit v1.2.3-70-g09d2 From 1fcd3d9efdc6ecd2bfad391628479f5f41532a96 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 18:51:27 -0500 Subject: Bump version to 20200603 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index bf07f0f..2850e54 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -20180411 +20200603 -- cgit v1.2.3-70-g09d2 From bbe1168204f3224a7c992aefbb6de08208d0148c Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 19:30:20 -0500 Subject: update-ca-certificates.8: further fixes * Remove [ options ] * There is no c_rehash manpage yet, so don't mention it. --- update-ca-certificates.8 | 3 --- 1 file changed, 3 deletions(-) diff --git a/update-ca-certificates.8 b/update-ca-certificates.8 index 6de5e00..464d2da 100644 --- a/update-ca-certificates.8 +++ b/update-ca-certificates.8 @@ -19,7 +19,6 @@ update-ca-certificates \- update /etc/ssl/certs and ca-certificates.crt .SH SYNOPSIS .B update-ca-certificates -.RI [ options ] .SH DESCRIPTION This manual page documents briefly the .B update-ca-certificates @@ -55,8 +54,6 @@ Directory of CA certificates. .TP .I /usr/local/share/ca-certificates Directory of local CA certificates (with .crt extension). -.SH SEE ALSO -.BR c_rehash (1) .SH AUTHOR This manual page was written by Fumitoshi UKAI , for the Debian project (but may be used by others). -- cgit v1.2.3-70-g09d2 From 1bb1c32dd6dce336b036c4f3bef43fd1cce99a77 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 2 Jun 2020 23:31:26 -0500 Subject: Revert "blacklist: distrust Symantec Root CAs" As of this writing there are still large service providers still using GeoTrust-based certificates, such as Apple Mail: Certificate chain 0 s:CN = imap.mail.me.com, OU = management:idms.group.859635, O = Apple Inc., ST = California, C = US i:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US 1 s:CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA 2 s:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA i:C = US, O = GeoTrust Inc., CN = GeoTrust Global CA This reverts commit 4023193aac8706830d99720de6628cc0d8eabd84. --- blacklist.txt | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/blacklist.txt b/blacklist.txt index 9c0b4fd..1fc904b 100644 --- a/blacklist.txt +++ b/blacklist.txt @@ -13,30 +13,6 @@ "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" -# Distrusted Symantec Root CAs: -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289 -"GeoTrust Global CA" -"GeoTrust Primary Certification Authority" -"GeoTrust Primary Certification Authority - G2" -"GeoTrust Primary Certification Authority - G3" -"GeoTrust Universal CA" -"Thawte Premium Server CA" -"thawte Primary Root CA" -"thawte Primary Root CA - G2" -"thawte Primary Root CA - G3" -"Symantec Class 1 Public Primary Certification Authority - G4" -"Symantec Class 1 Public Primary Certification Authority - G6" -"Symantec Class 2 Public Primary Certification Authority - G4" -"Symantec Class 2 Public Primary Certification Authority - G6" -"Symantec Class 3 Public Primary Certification Authority - G4" -"Symantec Class 3 Public Primary Certification Authority - G6" -"VeriSign Class 1 Public Primary Certification Authority - G3" -"VeriSign Class 2 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G3" -"VeriSign Class 3 Public Primary Certification Authority - G4" -"VeriSign Class 3 Public Primary Certification Authority - G5" -"VeriSign Universal Root Certification Authority" - # Expired certificates # Not Valid Before: Tue May 30 10:48:38 2000 # Not Valid After : Sat May 30 10:48:38 2020 -- cgit v1.2.3-70-g09d2