ca-certificates

The Mozilla CA root certificate bundle

Go to file

Bob Relyea f6b8f45e83 Update to CKBI 2.54 from NSS 3.79 Removing: # Certificate "GlobalSign Root CA - R2" # Certificate "DST Root CA X3" # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" Adding: # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "vTrus ECC Root CA" # Certificate "vTrus Root CA" # Certificate "ISRG Root X2" # Certificate "HiPKI Root CA - G1" # Certificate "Telia Root CA v2" # Certificate "D-TRUST BR Root CA 1 2020" # Certificate "D-TRUST EV Root CA 1 2020" # Certificate "CAEDICOM Root" # Certificate "I.CA Root CA/RSA" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Certification Authority of WoSign G2" # Certificate "CA WoSign ECC Root" # Certificate "CCA India 2015 SPL" # Certificate "Swedish Government Root Authority v3" # Certificate "Swedish Government Root Authority v2" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "OpenTrust Root CA G1" # Certificate "OpenTrust Root CA G2" # Certificate "OpenTrust Root CA G3" # Certificate "Certplus Root CA G1" # Certificate "Certplus Root CA G2" # Certificate "Government Root Certification Authority" # Certificate "A-Trust-Qual-02" # Certificate "Thailand National Root Certification Authority - G1" # Certificate "TrustCor ECA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor RootCert CA-1" # Certificate "Certification Authority of WoSign" # Certificate "CA 沃通根证书" # Certificate "SSC GDL CA Root B" # Certificate "SAPO Class 2 Root CA" # Certificate "SAPO Class 3 Root CA" # Certificate "SAPO Class 4 Root CA" # Certificate "CA Disig Root R1" # Certificate "Autoridad Certificadora Raíz Nacional de Uruguay" # Certificate "ApplicationCA2 Root" # Certificate "GlobalSign" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "Symantec Class 3 Public Primary Certification Authority - G4" # Certificate "Halcom Root CA" # Certificate "Swisscom Root EV CA 2" # Certificate "CFCA GT CA" # Certificate "Digidentity L3 Root CA - G2" # Certificate "SITHS Root CA v1" # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" # Certificate "Autoridade Certificadora Raiz Brasileira v2" # Certificate "Swisscom Root CA 2" # Certificate "IGC/A AC racine Etat francais" # Certificate "PersonalID Trustworthy RootCA 2011" # Certificate "Swedish Government Root Authority v1" # Certificate "Swiss Government Root CA II" # Certificate "Swiss Government Root CA I" # Certificate "Network Solutions Certificate Authority" # Certificate "COMODO Certification Authority" # Certificate "LuxTrust Global Root" # Certificate "AC1 RAIZ MTIN" # Certificate "Microsoft Root Certificate Authority 2011" # Certificate "CCA India 2011" # Certificate "ANCERT Certificados Notariales V2" # Certificate "ANCERT Certificados CGN V2" # Certificate "EE Certification Centre Root CA" # Certificate "DigiNotar Root CA G2" # Certificate "Federal Common Policy CA" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "China Internet Network Information Center EV Certificates Root" # Certificate "Verizon Global Root CA" # Certificate "SwissSign Silver Root CA - G3" # Certificate "SwissSign Platinum Root CA - G3" # Certificate "SwissSign Gold Root CA - G3" # Certificate "Microsec e-Szigno Root CA 2009" # Certificate "SITHS CA v3" # Certificate "Certinomis - Autorité Racine" # Certificate "ANF Server CA" # Certificate "Thawte Premium Server CA" # Certificate "Thawte Server CA" # Certificate "TC TrustCenter Universal CA III" # Certificate "KEYNECTIS ROOT CA" # Certificate "I.CA - Standard Certification Authority, 09/2009" # Certificate "I.CA - Qualified Certification Authority, 09/2009" # Certificate "VI Registru Centras RCSC (RootCA)" # Certificate "CCA India 2007" # Certificate "Autoridade Certificadora Raiz Brasileira v1" # Certificate "ipsCA Global CA Root" # Certificate "ipsCA Main CA Root" # Certificate "Actalis Authentication CA G1" # Certificate "A-Trust-Qual-03" # Certificate "AddTrust External CA Root" # Certificate "ECRaizEstado" # Certificate "Configuration" # Certificate "FNMT-RCM" # Certificate "StartCom Certification Authority" # Certificate "TWCA Root Certification Authority" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "thawte Primary Root CA - G2" # Certificate "GeoTrust Primary Certification Authority - G2" # Certificate "VeriSign Universal Root Certification Authority" # Certificate "thawte Primary Root CA - G3" # Certificate "GeoTrust Primary Certification Authority - G3" # Certificate "E-ME SSI (RCA)" # Certificate "ACEDICOM Root" # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" # Certificate "Correo Uruguayo - Root CA" # Certificate "CNNIC ROOT" # Certificate "Common Policy" # Certificate "Macao Post eSignTrust Root Certification Authority" # Certificate "Staat der Nederlanden Root CA - G2" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "AC Raíz Certicámara S.A." # Certificate "Cisco Root CA 2048" # Certificate "CA Disig" # Certificate "InfoNotary CSP Root" # Certificate "UCA Global Root" # Certificate "UCA Root" # Certificate "DigiNotar Root CA" # Certificate "Starfield Services Root Certificate Authority" # Certificate "I.CA - Qualified root certificate" # Certificate "I.CA - Standard root certificate" # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" # Certificate "Japanese Government" # Certificate "AdminCA-CD-T01" # Certificate "Admin-Root-CA" # Certificate "Izenpe.com" # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" # Certificate "Halcom CA FO" # Certificate "Halcom CA PO 2" # Certificate "Root CA" # Certificate "GPKIRootCA" # Certificate "ACNLB" # Certificate "state-institutions" # Certificate "state-institutions" # Certificate "SECOM Trust Systems CO.,LTD." # Certificate "D-TRUST Qualified Root CA 1 2007:PN" # Certificate "D-TRUST Root Class 2 CA 2007" # Certificate "D-TRUST Root Class 3 CA 2007" # Certificate "SSC Root CA A" # Certificate "SSC Root CA B" # Certificate "SSC Root CA C" # Certificate "Autoridad de Certificacion de la Abogacia" # Certificate "Root CA Generalitat Valenciana" # Certificate "VAS Latvijas Pasts SSI(RCA)" # Certificate "ANCERT Certificados CGN" # Certificate "ANCERT Certificados Notariales" # Certificate "ANCERT Corporaciones de Derecho Publico" # Certificate "GLOBALTRUST" # Certificate "Certipost E-Trust TOP Root CA" # Certificate "Certipost E-Trust Primary Qualified CA" # Certificate "Certipost E-Trust Primary Normalised CA" # Certificate "GlobalSign" # Certificate "IGC/A" # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN" # Certificate "TC TrustCenter Universal CA I" # Certificate "TC TrustCenter Universal CA II" # Certificate "TC TrustCenter Class 2 CA II" # Certificate "TC TrustCenter Class 4 CA II" # Certificate "Swisscom Root CA 1" # Certificate "Microsec e-Szigno Root CA" # Certificate "LGPKI" # Certificate "AC RAIZ DNIE" # Certificate "Common Policy" # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "A-Trust-nQual-03" # Certificate "A-Trust-nQual-03" # Certificate "CertRSA01" # Certificate "KISA RootCA 1" # Certificate "KISA RootCA 3" # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" # Certificate "A-CERT ADVANCED" # Certificate "A-Trust-Qual-01" # Certificate "A-Trust-nQual-01" # Certificate "A-Trust-Qual-02" # Certificate "Staat der Nederlanden Root CA" # Certificate "Serasa Certificate Authority II" # Certificate "TDC Internet" # Certificate "America Online Root Certification Authority 2" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Government Root Certification Authority" # Certificate "RSA Security Inc" # Certificate "Public Notary Root" # Certificate "GeoTrust Global CA" # Certificate "GeoTrust Global CA 2" # Certificate "GeoTrust Universal CA" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root Certification Authority" # Certificate "Autoridade Certificadora Raiz Brasileira" # Certificate "Post.Trust Root CA" # Certificate "Microsoft Root Authority" # Certificate "Microsoft Root Certificate Authority" # Certificate "Microsoft Root Certificate Authority 2010" # Certificate "Entrust.net Secure Server Certification Authority" # Certificate "UTN-USERFirst-Object" # Certificate "BYTE Root Certification Authority 001" # Certificate "CISRCA1" # Certificate "ePKI Root Certification Authority - G2" # Certificate "ePKI EV SSL Certification Authority - G1" # Certificate "AC Raíz Certicámara S.A." # Certificate "SSL.com EV Root Certification Authority RSA" # Certificate "LuxTrust Global Root 2" # Certificate "ACA ROOT" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" # Certificate "Network Solutions RSA Certificate Authority" # Certificate "Network Solutions ECC Certificate Authority" # Certificate "Australian Defence Public Root CA" # Certificate "SI-TRUST Root" # Certificate "Halcom Root Certificate Authority" # Certificate "Application CA G3 Root" # Certificate "GLOBALTRUST 2015" # Certificate "Microsoft ECC Product Root Certificate Authority 2018" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2" # Certificate "Microsoft ECC TS Root Certificate Authority 2018" # Certificate "DigiCert CS ECC P384 Root G5" # Certificate "DigiCert CS RSA4096 Root G5" # Certificate "DigiCert RSA4096 Root G5" # Certificate "DigiCert ECC P384 Root G5" # Certificate "HARICA Code Signing RSA Root CA 2021" # Certificate "HARICA Code Signing ECC Root CA 2021" # Certificate "Microsoft Identity Verification Root Certificate Authority 2020"		2022-07-15 10:08:43 -07:00
tests	Add CI tests using the standard test interface	2017-09-25 11:03:21 +02:00
.gitignore	update to r1.78, removing trust from DigiNotar root (#734679 )	2011-09-01 14:36:45 +01:00
ca-certificates.spec	Update to CKBI 2.54 from NSS 3.79	2022-07-15 10:08:43 -07:00
ca-legacy	Use the force, script! (Which sln did by default).	2018-01-19 13:14:55 +01:00
ca-legacy.8.txt	Fixed a typo in the ca-legacy manual page.	2015-05-05 17:27:27 +02:00
ca-legacy.conf	rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy	2015-03-31 23:02:57 +02:00
certdata2pem.py	certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER	2019-12-04 10:53:31 +01:00
certdata.txt	Update to CKBI 2.54 from NSS 3.79	2022-07-15 10:08:43 -07:00
check_certs.sh	Resolves: rhbz#1722213	2019-06-19 10:17:16 -07:00
fetch_objsign.sh	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
fetch.sh	Update tools to pick up code signing certs from the Common CA Database:	2021-05-24 10:49:58 -07:00
mergepem2certdata.py	Add code to pull in object signing certs from Common CA Database (ccadb.org).	2021-05-25 16:48:57 -07:00
nssckbi.h	Update to CKBI 2.54 from NSS 3.79	2022-07-15 10:08:43 -07:00
README.edk2	Extract certificate bundle in EDK2 format	2018-06-11 14:05:57 +02:00
README.etc	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.etcssl	Resolves: rhbz#1053883 rhbz#1396811	2021-12-06 15:49:38 -08:00
README.extr	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.java	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.openssl	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.pem	Fix typos in a manual page and in a README file.	2016-04-25 18:58:31 +02:00
README.src	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
README.usr	- added a manual page and related build requirements	2013-07-09 00:59:15 +02:00
sort-blocks.py	Ported scripts to python3	2018-06-28 22:36:01 +02:00
sources	Setup of module ca-certificates	2008-05-30 20:08:46 +00:00
trust-fixes	remove the unnecessary entry in trust-fixes, because we no longer ship the old entrust root (it got replaced with one that contains the basic constraints extension)	2014-11-20 17:22:39 +01:00
update-ca-trust	Resolves: rhbz#1053883 rhbz#1396811	2021-12-06 15:49:38 -08:00
update-ca-trust.8.txt	remove blacklist directory now that pk11-kit is using blocklist	2021-11-01 16:45:20 -07:00

README.usr

This directory /usr/share/pki/ca-trust-source/ contains CA certificates and 
trust settings in the PEM file format. The trust settings found here will be
interpreted with a low priority - lower than the ones found in 
/etc/pki/ca-trust/source/ .

=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
            list of CAs trusted on the system:

            Copy it to the
                    /usr/share/pki/ca-trust-source/anchors/
            subdirectory, and run the
                    update-ca-trust
            command.

            If your certificate is in the extended BEGIN TRUSTED file format,
            then place it into the main source/ directory instead.
=============================================================================

Please refer to the update-ca-trust(8) manual page for additional information.