ca-certificates

The Mozilla CA root certificate bundle

Go to file

Bob Relyea c4c1a32e95 Add code to pull in object signing certs from Common CA Database (ccadb.org). Fix the updated merge scripts to handle this. Prune Expired certificates from certdata.txt and the object signing cert list Update to CKBI 2.48 from NSS 3.64 Removing: # Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root CA" # Certificate "Sonera Class 2 Root CA" # Certificate "Taiwan GRCA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "EE Certification Centre Root CA" # Certificate "LuxTrust Global Root 2" # Certificate "Symantec Class 1 Public Primary Certification Authority - G4" # Certificate "Symantec Class 2 Public Primary Certification Authority - G4" Adding: # Certificate "Microsoft ECC Root Certificate Authority 2017" # Certificate "Microsoft RSA Root Certificate Authority 2017" # Certificate "e-Szigno Root CA 2017" # Certificate "certSIGN Root CA G2" # Certificate "Trustwave Global Certification Authority" # Certificate "Trustwave Global ECC P256 Certification Authority" # Certificate "Trustwave Global ECC P384 Certification Authority" # Certificate "NAVER Global Root Certification Authority" # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" # Certificate "GlobalSign Secure Mail Root R45" # Certificate "GlobalSign Secure Mail Root E45" # Certificate "GlobalSign Root R46" # Certificate "GlobalSign Root E46" # Certificate "Certum EC-384 CA" # Certificate "Certum Trusted Root CA" # Certificate "GlobalSign Code Signing Root R45" # Certificate "GlobalSign Code Signing Root E45" # Certificate "Halcom Root Certificate Authority" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "GLOBALTRUST" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Verizon Global Root CA" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "CAEDICOM Root" # Certificate "COMODO Certification Authority" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "AC RAIZ DNIE" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "GLOBALTRUST 2015" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2"		2021-05-25 16:48:57 -07:00
tests	Add CI tests using the standard test interface	2017-09-25 11:03:21 +02:00
.gitignore	update to r1.78, removing trust from DigiNotar root (#734679 )	2011-09-01 14:36:45 +01:00
ca-certificates.spec	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
ca-legacy	Use the force, script! (Which sln did by default).	2018-01-19 13:14:55 +01:00
ca-legacy.8.txt	Fixed a typo in the ca-legacy manual page.	2015-05-05 17:27:27 +02:00
ca-legacy.conf	rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy	2015-03-31 23:02:57 +02:00
certdata2pem.py	certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER	2019-12-04 10:53:31 +01:00
certdata.txt	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
check_certs.sh	Resolves: rhbz#1722213	2019-06-19 10:17:16 -07:00
fetch_objsign.sh	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
fetch.sh	Update tools to pick up code signing certs from the Common CA Database:	2021-05-24 10:49:58 -07:00
mergepem2certdata.py	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
nssckbi.h	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
README.edk2	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00
README.etc	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.extr	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.java	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.openssl	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.pem	Fix typos in a manual page and in a README file.	2016-04-25 18:58:31 +02:00
README.src	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.usr	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
sort-blocks.py	Ported scripts to python3	2018-06-28 22:36:01 +02:00
sources	Setup of module ca-certificates	2008-05-30 20:08:46 +00:00
trust-fixes	remove the unnecessary entry in trust-fixes, because we no longer ship the old entrust root (it got replaced with one that contains the basic constraints extension)	2014-11-20 17:22:39 +01:00
update-ca-trust	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00
update-ca-trust.8.txt	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00

README.usr

This directory /usr/share/pki/ca-trust-source/ contains CA certificates and 
trust settings in the PEM file format. The trust settings found here will be
interpreted with a low priority - lower than the ones found in 
/etc/pki/ca-trust/source/ .

=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
            list of CAs trusted on the system:

            Copy it to the
                    /usr/share/pki/ca-trust-source/anchors/
            subdirectory, and run the
                    update-ca-trust
            command.

            If your certificate is in the extended BEGIN TRUSTED file format,
            then place it into the main source/ directory instead.
=============================================================================

Please refer to the update-ca-trust(8) manual page for additional information.