rpms/ca-certificates
7
0
Fork 0
Code Issues Pull Requests Releases Activity
The Mozilla CA root certificate bundle
162 Commits 7 Branches 28 Tags 6.1 MiB
Python 74.7%
Shell 13.6%
C 11.7%
19f1fee1e6
Go to file
Robert Relyea 19f1fee1e6 Update to CKBI 2.60_v7.0.306 from NSS 3.91 
Removing:
    # Certificate "OpenTrust Root CA G1"
    # Certificate "Swedish Government Root Authority v1"
    # Certificate "DigiNotar Root CA G2"
    # Certificate "Federal Common Policy CA"
    # Certificate "TC TrustCenter Universal CA III"
    # Certificate "CCA India 2007"
    # Certificate "ipsCA Global CA Root"
    # Certificate "ipsCA Main CA Root"
    # Certificate "Macao Post eSignTrust Root Certification Authority"
    # Certificate "InfoNotary CSP Root"
    # Certificate "DigiNotar Root CA"
    # Certificate "Root CA"
    # Certificate "GPKIRootCA"
    # Certificate "D-TRUST Qualified Root CA 1 2007:PN"
    # Certificate "TC TrustCenter Universal CA I"
    # Certificate "TC TrustCenter Universal CA II"
    # Certificate "TC TrustCenter Class 2 CA II"
    # Certificate "TC TrustCenter Class 4 CA II"
    # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
    # Certificate "CertRSA01"
    # Certificate "KISA RootCA 3"
    # Certificate "A-CERT ADVANCED"
    # Certificate "A-Trust-Qual-01"
    # Certificate "A-Trust-nQual-01"
    # Certificate "Serasa Certificate Authority II"
    # Certificate "TDC Internet"
    # Certificate "America Online Root Certification Authority 2"
    # Certificate "RSA Security Inc"
    # Certificate "Public Notary Root"
    # Certificate "Autoridade Certificadora Raiz Brasileira"
    # Certificate "Post.Trust Root CA"
    # Certificate "Entrust.net Secure Server Certification Authority"
    # Certificate "ePKI EV SSL Certification Authority - G1"
   Adding:
    # Certificate "BJCA Global Root CA1"
    # Certificate "BJCA Global Root CA2"
    # Certificate "Symantec Enterprise Mobile Root for Microsoft"
    # Certificate "A-Trust-Root-05"
    # Certificate "ADOCA02"
    # Certificate "StartCom Certification Authority G2"
    # Certificate "ATHEX Root CA"
    # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı"
    # Certificate "GeoTrust Primary Certification Authority"
    # Certificate "thawte Primary Root CA"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
    # Certificate "America Online Root Certification Authority 1"
    # Certificate "Juur-SK"
    # Certificate "ComSign CA"
    # Certificate "ComSign Secured CA"
    # Certificate "ComSign Advanced Security CA"
    # Certificate "Sonera Class2 CA"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
    # Certificate "VeriSign, Inc."
    # Certificate "GTE CyberTrust Global Root"
    # Certificate "Equifax Secure Global eBusiness CA-1"
    # Certificate "Equifax"
    # Certificate "Class 1 Primary CA"
    # Certificate "Swiss Government Root CA III"
    # Certificate "Application CA G4 Root"
    # Certificate "SSC GDL CA Root A"
    # Certificate "GlobalSign Code Signing Root E45"
    # Certificate "GlobalSign Code Signing Root R45"
    # Certificate "Entrust Code Signing Root Certification Authority - CSBR1"
2023-08-01 10:11:53 -07:00
tests Add CI tests using the standard test interface 2017-09-25 11:03:21 +02:00
.gitignore update to r1.78, removing trust from DigiNotar root (#734679) 2011-09-01 14:36:45 +01:00
ca-certificates.spec Update to CKBI 2.60_v7.0.306 from NSS 3.91 2023-08-01 10:11:53 -07:00
ca-legacy Use the force, script! (Which sln did by default). 2018-01-19 13:14:55 +01:00
ca-legacy.8.txt Fixed a typo in the ca-legacy manual page. 2015-05-05 17:27:27 +02:00
ca-legacy.conf rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy 2015-03-31 23:02:57 +02:00
certdata2pem.py certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER 2019-12-04 10:53:31 +01:00
certdata.txt Update to CKBI 2.60_v7.0.306 from NSS 3.91 2023-08-01 10:11:53 -07:00
check_certs.sh Resolves: rhbz#1722213 2019-06-19 10:17:16 -07:00
fetch_objsign.sh Add code to pull in object signing certs from Common CA Database (ccadb.org). 2021-05-25 16:48:57 -07:00
fetch.sh Update tools to pick up code signing certs from the Common CA Database: 2021-05-24 10:49:58 -07:00
mergepem2certdata.py Add code to pull in object signing certs from Common CA Database (ccadb.org). 2021-05-25 16:48:57 -07:00
nssckbi.h Update to CKBI 2.60 from NSS 3.86 2023-01-20 20:06:00 +01:00
README.edk2 Extract certificate bundle in EDK2 format 2018-06-11 14:05:57 +02:00
README.etc - added a manual page and related build requirements 2013-07-09 00:59:15 +02:00
README.etcssl Resolves: rhbz#1053883 rhbz#1396811 2021-12-06 15:49:38 -08:00
README.extr - added a manual page and related build requirements 2013-07-09 00:59:15 +02:00
README.java - added a manual page and related build requirements 2013-07-09 00:59:15 +02:00
README.openssl - added a manual page and related build requirements 2013-07-09 00:59:15 +02:00
README.pem Fix typos in a manual page and in a README file. 2016-04-25 18:58:31 +02:00
README.src - added a manual page and related build requirements 2013-07-09 00:59:15 +02:00
README.usr - added a manual page and related build requirements 2013-07-09 00:59:15 +02:00
sort-blocks.py Ported scripts to python3 2018-06-28 22:36:01 +02:00
sources Setup of module ca-certificates 2008-05-30 20:08:46 +00:00
trust-fixes remove the unnecessary entry in trust-fixes, because we no longer ship the old entrust root (it got replaced with one that contains the basic constraints extension) 2014-11-20 17:22:39 +01:00
update-ca-trust Resolves: rhbz#1053883 rhbz#1396811 2021-12-06 15:49:38 -08:00
update-ca-trust.8.txt remove blacklist directory now that pk11-kit is using blocklist 2021-11-01 16:45:20 -07:00

README.usr 

This directory /usr/share/pki/ca-trust-source/ contains CA certificates and 
trust settings in the PEM file format. The trust settings found here will be
interpreted with a low priority - lower than the ones found in 
/etc/pki/ca-trust/source/ .

=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
            list of CAs trusted on the system:

            Copy it to the
                    /usr/share/pki/ca-trust-source/anchors/
            subdirectory, and run the
                    update-ca-trust
            command.

            If your certificate is in the extended BEGIN TRUSTED file format,
            then place it into the main source/ directory instead.
=============================================================================

Please refer to the update-ca-trust(8) manual page for additional information.