ca-certificates

The Mozilla CA root certificate bundle

Go to file

Bob Relyea 6d164aedd7 Update tools to pick up code signing certs from the Common CA Database: https://www.ccadb.org/resources Our normal root certs come from mozilla, but mozilla does not evaluate code signing. Currently code signing is only used my Microsoft .net, so we need to get code signing certs from Microsoft's code signing list. The certs in this list will only show up in the code signing lists or in the general list with only code signing set.		2021-05-24 10:49:58 -07:00
tests	Add CI tests using the standard test interface	2017-09-25 11:03:21 +02:00
.gitignore	update to r1.78, removing trust from DigiNotar root (#734679 )	2011-09-01 14:36:45 +01:00
ca-certificates.spec	- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild	2021-01-26 01:32:44 +00:00
ca-legacy	Use the force, script! (Which sln did by default).	2018-01-19 13:14:55 +01:00
ca-legacy.8.txt	Fixed a typo in the ca-legacy manual page.	2015-05-05 17:27:27 +02:00
ca-legacy.conf	rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy	2015-03-31 23:02:57 +02:00
certdata2pem.py	certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER	2019-12-04 10:53:31 +01:00
certdata.txt	Update to CKBI 2.41 from NSS 3.53.0	2020-06-10 12:45:49 -07:00
check_certs.sh	Resolves: rhbz#1722213	2019-06-19 10:17:16 -07:00
fetch_objsign.sh	Update tools to pick up code signing certs from the Common CA Database:	2021-05-24 10:49:58 -07:00
fetch.sh	Update tools to pick up code signing certs from the Common CA Database:	2021-05-24 10:49:58 -07:00
mergepem2certdata.py	Update tools to pick up code signing certs from the Common CA Database:	2021-05-24 10:49:58 -07:00
nssckbi.h	Update to CKBI 2.41 from NSS 3.53.0	2020-06-10 12:45:49 -07:00
README.edk2	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00
README.etc	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.extr	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.java	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.openssl	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.pem	Fix typos in a manual page and in a README file.	2016-04-25 18:58:31 +02:00
README.src	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.usr	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
sort-blocks.py	Ported scripts to python3	2018-06-28 22:36:01 +02:00
sources	Setup of module ca-certificates	2008-05-30 20:08:46 +00:00
trust-fixes	remove the unnecessary entry in trust-fixes, because we no longer ship the old entrust root (it got replaced with one that contains the basic constraints extension)	2014-11-20 17:22:39 +01:00
update-ca-trust	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00
update-ca-trust.8.txt	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00

README.usr

This directory /usr/share/pki/ca-trust-source/ contains CA certificates and 
trust settings in the PEM file format. The trust settings found here will be
interpreted with a low priority - lower than the ones found in 
/etc/pki/ca-trust/source/ .

=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
            list of CAs trusted on the system:

            Copy it to the
                    /usr/share/pki/ca-trust-source/anchors/
            subdirectory, and run the
                    update-ca-trust
            command.

            If your certificate is in the extended BEGIN TRUSTED file format,
            then place it into the main source/ directory instead.
=============================================================================

Please refer to the update-ca-trust(8) manual page for additional information.