# One blacklist entry per line, corresponding to the label in certdata.txt. # Blacklist explicitly distrusted certificates # They were already to-be-excluded since they are distrusted, but this # silences the loud warning they produce. "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)" "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)" "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)" "Explicitly Distrust DigiNotar Root CA" "Explicitly Distrusted DigiNotar PKIoverheid G2" "MITM subCA 1 issued by Trustwave" "MITM subCA 2 issued by Trustwave" "TURKTRUST Mis-issued Intermediate CA 1" "TURKTRUST Mis-issued Intermediate CA 2" # Distrusted Symantec Root CAs: # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911289 "GeoTrust Global CA" "GeoTrust Primary Certification Authority" "GeoTrust Primary Certification Authority - G2" "GeoTrust Primary Certification Authority - G3" "GeoTrust Universal CA" "Thawte Premium Server CA" "thawte Primary Root CA" "thawte Primary Root CA - G2" "thawte Primary Root CA - G3" "Symantec Class 1 Public Primary Certification Authority - G4" "Symantec Class 1 Public Primary Certification Authority - G6" "Symantec Class 2 Public Primary Certification Authority - G4" "Symantec Class 2 Public Primary Certification Authority - G6" "Symantec Class 3 Public Primary Certification Authority - G4" "Symantec Class 3 Public Primary Certification Authority - G6" "VeriSign Class 1 Public Primary Certification Authority - G3" "VeriSign Class 2 Public Primary Certification Authority - G3" "VeriSign Class 3 Public Primary Certification Authority - G3" "VeriSign Class 3 Public Primary Certification Authority - G4" "VeriSign Class 3 Public Primary Certification Authority - G5" "VeriSign Universal Root Certification Authority"