git: 65fd80909e19 - main - caroot: update the root bundle

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Sat, 26 Aug 2023 01:17:11 UTC
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=65fd80909e196c8be2ce5e948775e9cbda2ef069

commit 65fd80909e196c8be2ce5e948775e9cbda2ef069
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2023-08-26 01:01:47 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2023-08-26 01:16:36 +0000

    caroot: update the root bundle
    
    Summary:
    - Six (6) new roots
    - Four (4) distrusted roots
    
    Note that this was intentionally generated with OpenSSL 1.1.1 to avoid
    mixing updates and non-functional changes -- there will be some churn
    with OpenSSL 3.  The next commit will update the current batch of
    trusted certs with the format OpenSSL 3 produces, which I've tested
    against OpenSSL 1.1.1 to be sure that that doesn't hurt us in older
    branches.
---
 ObsoleteFiles.inc                                  |   6 +
 .../Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem      |  66 ++++++++++
 .../Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem      | 133 ++++++++++++++++++++
 .../trusted/SSL_com_TLS_ECC_Root_CA_2022.pem       |  69 +++++++++++
 .../trusted/SSL_com_TLS_RSA_Root_CA_2022.pem       | 137 +++++++++++++++++++++
 ...ctigo_Public_Server_Authentication_Root_E46.pem |  66 ++++++++++
 ...ctigo_Public_Server_Authentication_Root_R46.pem | 134 ++++++++++++++++++++
 .../E-Tugra_Certification_Authority.pem            |   0
 .../E-Tugra_Global_Root_CA_ECC_v3.pem              |   0
 .../E-Tugra_Global_Root_CA_RSA_v3.pem              |   0
 .../Hongkong_Post_Root_CA_1.pem                    |   0
 11 files changed, 611 insertions(+)

diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index 655a81cd900f..47709c00667d 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -51,6 +51,12 @@
 #   xargs -n1 | sort | uniq -d;
 # done
 
+# 20230825: caroot bundle updated
+OLD_FILES+=usr/share/certs/trusted/E-Tugra_Certification_Authority.pem
+OLD_FILES+=usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem
+OLD_FILES+=usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem
+OLD_FILES+=usr/share/certs/trusted/Hongkong_Post_Root_CA_1.pem
+
 # 20230807: GoogleTest 1.14.0 upgrade.
 OLD_FILES+=usr/include/private/gmock/gmock-generated-actions.h
 OLD_FILES+=usr/include/private/gmock/gmock-generated-function-mockers.h
diff --git a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
new file mode 100644
index 000000000000..af7f2e061651
--- /dev/null
+++ b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem
@@ -0,0 +1,66 @@
+##
+##  Atos TrustedRoot Root CA ECC TLS 2021
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            3d:98:3b:a6:66:3d:90:63:f7:7e:26:57:38:04:ef:00
+        Signature Algorithm: ecdsa-with-SHA384
+        Issuer: CN = Atos TrustedRoot Root CA ECC TLS 2021, O = Atos, C = DE
+        Validity
+            Not Before: Apr 22 09:26:23 2021 GMT
+            Not After : Apr 17 09:26:22 2041 GMT
+        Subject: CN = Atos TrustedRoot Root CA ECC TLS 2021, O = Atos, C = DE
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:96:86:58:28:37:0a:67:d0:a0:de:24:19:19:e1:
+                    e4:05:07:1f:97:ed:e8:64:82:b9:f6:c4:71:50:ce:
+                    8a:0c:ff:d7:b5:76:bb:a1:6c:93:6c:83:a2:68:6e:
+                    a5:d9:be:2c:88:95:41:cd:5d:dd:b1:ca:83:63:83:
+                    cc:c0:be:74:d9:e0:9d:a4:ee:4a:4e:56:e0:98:29:
+                    41:93:52:10:d5:24:38:02:32:67:f1:94:12:6f:ef:
+                    d7:c5:de:2e:fd:19:80
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                76:28:25:D6:7D:E0:66:9A:7A:09:B2:6A:3B:8E:33:D7:36:D3:4F:A2
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA384
+         30:65:02:30:5b:99:29:f3:9c:31:b6:89:6b:6c:d6:bd:77:e1:
+         7c:e7:51:7e:b8:3a:cd:a3:36:5f:7c:f7:3c:77:3e:e4:50:ad:
+         a8:e7:d2:59:0c:26:8e:30:3b:6e:08:2a:c2:a7:5a:c8:02:31:
+         00:99:e3:0c:e7:a3:c3:af:d3:49:2e:46:82:23:66:5d:c9:00:
+         14:12:fd:38:f4:e1:98:6b:77:29:7a:db:24:cf:65:40:bf:d2:
+         dc:8c:11:e8:f4:7d:7f:20:84:a9:42:e4:28
+SHA1 Fingerprint=9E:BC:75:10:42:B3:02:F3:81:F4:F7:30:62:D4:8F:C3:A7:51:B2:DD
+-----BEGIN CERTIFICATE-----
+MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w
+LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w
+CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0
+MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF
+Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X
+tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4
+AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2
+KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD
+aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu
+CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo
+9H1/IISpQuQo
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
new file mode 100644
index 000000000000..7c6033b46658
--- /dev/null
+++ b/secure/caroot/trusted/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem
@@ -0,0 +1,133 @@
+##
+##  Atos TrustedRoot Root CA RSA TLS 2021
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            53:d5:cf:e6:19:93:0b:fb:2b:05:12:d8:c2:2a:a2:a4
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: CN = Atos TrustedRoot Root CA RSA TLS 2021, O = Atos, C = DE
+        Validity
+            Not Before: Apr 22 09:21:10 2021 GMT
+            Not After : Apr 17 09:21:09 2041 GMT
+        Subject: CN = Atos TrustedRoot Root CA RSA TLS 2021, O = Atos, C = DE
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (4096 bit)
+                Modulus:
+                    00:b6:80:0e:c4:79:bd:05:8c:7d:b0:a3:9d:4d:22:
+                    4d:cb:f0:41:97:4d:59:e0:d1:fe:56:8c:97:f2:d7:
+                    bd:8f:6c:b7:23:8f:5f:d5:c4:d8:41:cb:f2:02:1e:
+                    71:e5:e9:f6:5e:cb:08:2a:5e:30:f2:2d:66:c7:84:
+                    1b:64:57:38:9d:75:2d:56:c6:2f:61:ef:96:fc:20:
+                    46:bd:eb:d4:7b:3f:3f:7c:47:38:04:a9:1b:aa:52:
+                    df:13:37:d3:15:15:4e:bd:5f:7c:af:ad:63:c7:79:
+                    dc:08:7b:d5:a0:e5:f7:5b:75:ac:80:55:99:92:61:
+                    9b:cd:2a:17:7d:db:8f:f4:b5:6a:ea:17:4a:64:28:
+                    66:15:29:6c:02:f1:6b:d5:ba:a3:33:dc:5a:67:a7:
+                    05:e2:bf:65:b6:16:b0:10:ed:cd:50:33:c9:70:50:
+                    ec:19:8e:b0:c7:f2:74:5b:6b:44:c6:7d:96:b9:98:
+                    08:59:66:de:29:01:9b:f4:2a:6d:d3:15:3a:90:6a:
+                    67:f1:b4:6b:66:d9:21:eb:ca:d9:62:7c:46:10:5c:
+                    de:75:49:67:9e:42:f9:fe:75:a9:a3:ad:ff:76:0a:
+                    67:40:e3:c5:f7:8d:c7:85:9a:59:9e:62:9a:6a:ed:
+                    45:87:98:67:b2:d5:4a:3c:d7:b4:3b:00:0d:c0:8f:
+                    1f:e1:40:c4:ae:6c:21:dc:49:7e:7e:ca:b2:8d:6d:
+                    b6:bf:93:2f:a1:5c:3e:8f:ca:ed:80:8e:58:e1:db:
+                    57:cf:85:36:38:b2:71:a4:09:8c:92:89:08:88:48:
+                    f1:40:63:18:b2:5b:8c:5a:e3:c3:d3:17:aa:ab:19:
+                    a3:2c:1b:e4:d5:c6:e2:66:7a:d7:82:19:a6:3b:16:
+                    2c:2f:71:87:5f:45:9e:95:73:93:c2:42:81:21:13:
+                    96:d7:9d:bb:93:68:15:fa:9d:a4:1d:8c:f2:81:e0:
+                    58:06:bd:c9:b6:e3:f6:89:5d:89:f9:ac:44:a1:cb:
+                    6b:fa:16:f1:c7:50:3d:24:da:f7:c3:e4:87:d5:56:
+                    f1:4f:90:30:fa:45:09:59:da:34:ce:e0:13:1c:04:
+                    7c:00:d4:9b:86:a4:40:bc:d9:dc:4c:57:7e:ae:b7:
+                    33:b6:5e:76:e1:65:8b:66:df:8d:ca:d7:98:af:ce:
+                    36:98:8c:9c:83:99:03:70:f3:af:74:ed:c6:0e:36:
+                    e7:bd:ec:c1:73:a7:94:5a:cb:92:64:82:a6:00:c1:
+                    70:a1:6e:2c:29:e1:58:57:ec:5a:7c:99:6b:25:a4:
+                    90:3a:80:f4:20:9d:9a:ce:c7:2d:f9:b2:4b:29:95:
+                    83:e9:35:8d:a7:49:48:a7:0f:4c:19:91:d0:f5:bf:
+                    10:e0:71
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                74:49:99:D1:FF:B4:7A:68:45:75:C3:7E:B4:DC:CC:CE:39:33:DA:08
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha384WithRSAEncryption
+         23:43:53:24:62:5c:6d:fd:3e:c2:cf:55:00:6c:c5:56:88:b9:
+         0e:dd:3a:e2:25:0d:95:4a:97:ca:80:89:ee:2a:cd:65:f8:db:
+         16:e0:09:92:e0:18:c7:78:98:bb:f3:ec:42:52:fb:a9:a4:82:
+         d7:4d:d8:8a:fc:e4:4e:fd:ab:90:c4:38:75:32:84:9f:ff:b3:
+         b0:2b:02:33:36:c0:10:90:6f:1d:9c:af:e1:69:93:ec:a3:45:
+         2f:14:9f:f5:4c:2a:65:43:72:0c:f7:c3:f8:95:8b:14:f3:85:
+         20:62:dd:54:53:dd:2c:dc:18:95:69:4f:83:47:70:40:33:58:
+         77:12:0c:a2:eb:52:31:1e:4c:c9:a8:ce:c5:ef:c3:d1:ad:e0:
+         6b:03:00:34:26:b4:54:21:35:97:01:dc:5f:1b:f1:7c:e7:55:
+         fa:2d:68:77:7b:d3:69:cc:d3:0e:6b:ba:4d:76:44:d6:c2:15:
+         9a:26:ec:b0:c5:f5:bb:d1:7a:74:c2:6c:cd:c5:b5:5e:f6:4c:
+         e6:5b:2d:81:db:b3:b7:3a:97:9e:ed:cf:46:b2:50:3d:84:60:
+         99:71:b5:33:b5:57:45:e6:42:47:75:6a:0e:b0:08:0c:ae:bd:
+         de:f7:bb:0f:58:3d:8f:03:31:e8:3d:82:50:ca:2f:5e:0c:5d:
+         b4:97:be:20:34:07:f4:c4:12:e1:ee:d7:b0:d9:59:2d:69:f7:
+         31:04:f4:f2:f9:ab:f9:13:31:f8:01:77:0e:3d:42:23:26:cc:
+         9a:72:67:51:21:7a:cc:3c:85:a8:ea:21:6a:3b:db:5a:3c:a5:
+         34:9e:9a:c0:2c:df:80:9c:29:e0:df:77:94:d1:a2:80:42:ff:
+         6a:4c:5b:11:d0:f5:cd:a2:be:ae:cc:51:5c:c3:d5:54:7b:0c:
+         ae:d6:b9:06:77:80:e2:ef:07:1a:68:cc:59:51:ad:7e:5c:67:
+         6b:b9:db:e2:07:42:5b:b8:01:05:58:39:4d:e4:bb:98:a3:b1:
+         32:ec:d9:a3:d6:6f:94:23:ff:3b:b7:29:65:e6:07:e9:ef:b6:
+         19:ea:e7:c2:38:1d:32:88:90:3c:13:2b:6e:cc:ef:ab:77:06:
+         34:77:84:4f:72:e4:81:84:f9:b9:74:34:de:76:4f:92:2a:53:
+         b1:25:39:db:3c:ff:e5:3e:a6:0e:e5:6b:9e:ff:db:ec:2f:74:
+         83:df:8e:b4:b3:a9:de:14:4d:ff:31:a3:45:73:24:fa:95:29:
+         cc:12:97:04:a2:38:b6:8d:b0:f0:37:fc:c8:21:7f:3f:b3:24:
+         1b:3d:8b:6e:cc:4d:b0:16:0d:96:1d:83:1f:46:c0:9b:bd:43:
+         99:e7:c4:96:2e:ce:5f:c9
+SHA1 Fingerprint=18:52:3B:0D:06:37:E4:D6:3A:DF:23:E4:98:FB:5B:16:FB:86:74:48
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM
+MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx
+MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00
+MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD
+QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z
+4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv
+Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ
+kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs
+GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln
+nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh
+3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD
+0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy
+geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8
+ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB
+c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI
+pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS
+4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs
+o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ
+qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw
+xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM
+rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4
+AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR
+0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY
+o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5
+dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE
+oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem b/secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem
new file mode 100644
index 000000000000..1a1f829cd2ef
--- /dev/null
+++ b/secure/caroot/trusted/SSL_com_TLS_ECC_Root_CA_2022.pem
@@ -0,0 +1,69 @@
+##
+##  SSL.com TLS ECC Root CA 2022
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            14:03:f5:ab:fb:37:8b:17:40:5b:e2:43:b2:a5:d1:c4
+        Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C = US, O = SSL Corporation, CN = SSL.com TLS ECC Root CA 2022
+        Validity
+            Not Before: Aug 25 16:33:48 2022 GMT
+            Not After : Aug 19 16:33:47 2046 GMT
+        Subject: C = US, O = SSL Corporation, CN = SSL.com TLS ECC Root CA 2022
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:45:29:35:73:fa:c2:b8:23:ce:14:7d:a8:b1:4d:
+                    a0:5b:36:ee:2a:2c:53:c3:60:09:35:b2:24:66:26:
+                    69:c0:b3:95:d6:5d:92:40:19:0e:c6:a5:13:70:f4:
+                    ef:12:51:28:5d:e7:cc:bd:f9:3c:85:c1:cf:94:90:
+                    c9:2b:ce:92:42:58:59:67:fd:94:27:10:64:8c:4f:
+                    04:b1:4d:49:e4:7b:4f:9b:f5:e7:08:f8:03:88:f7:
+                    a7:c3:92:4b:19:54:81
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0
+
+            X509v3 Subject Key Identifier: 
+                89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: ecdsa-with-SHA384
+         30:65:02:30:55:e3:22:56:e9:d7:92:24:58:4f:1e:94:32:0f:
+         0c:02:36:c2:fd:ac:74:32:4e:e1:fb:1c:80:88:a3:cc:fb:d7:
+         eb:2b:ff:37:7d:f0:ed:d7:9e:75:6a:35:76:52:45:e0:02:31:
+         00:c7:8d:6f:42:20:8f:be:b6:4d:59:ed:77:4d:29:c4:20:20:
+         45:64:86:3a:50:c6:c4:ad:2d:93:f5:18:7d:72:ed:a9:cf:c4:
+         ac:57:36:28:08:65:df:3c:79:66:7e:a0:ea
+SHA1 Fingerprint=9F:5F:D9:1A:54:6D:F5:0C:71:F0:EE:7A:BD:17:49:98:84:73:E2:39
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw
+CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT
+U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2
+MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh
+dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm
+acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN
+SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
+GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW
+uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp
+15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN
+b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem b/secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem
new file mode 100644
index 000000000000..090019495424
--- /dev/null
+++ b/secure/caroot/trusted/SSL_com_TLS_RSA_Root_CA_2022.pem
@@ -0,0 +1,137 @@
+##
+##  SSL.com TLS RSA Root CA 2022
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            6f:be:da:ad:73:bd:08:40:e2:8b:4d:be:d4:f7:5b:91
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, O = SSL Corporation, CN = SSL.com TLS RSA Root CA 2022
+        Validity
+            Not Before: Aug 25 16:34:22 2022 GMT
+            Not After : Aug 19 16:34:21 2046 GMT
+        Subject: C = US, O = SSL Corporation, CN = SSL.com TLS RSA Root CA 2022
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (4096 bit)
+                Modulus:
+                    00:d0:a4:09:72:4f:40:88:12:61:3e:35:23:9e:ee:
+                    f6:74:cf:2f:7b:58:3d:ce:3c:0d:10:28:90:2f:97:
+                    f7:8c:48:d8:a0:d8:25:b1:4c:b0:11:4c:17:73:50:
+                    d0:22:4a:63:bb:81:d3:29:6e:d5:b5:09:3e:26:18:
+                    7f:b2:12:7f:93:98:b7:af:f0:36:bf:f2:ee:18:9e:
+                    9c:3b:52:c5:47:19:5d:74:f3:64:66:d5:5d:c7:68:
+                    b4:bf:1b:1c:06:a3:bc:8f:40:23:b6:1e:c6:84:bd:
+                    51:c4:1b:39:c1:95:d2:29:ec:4b:ae:7b:2d:bf:39:
+                    fd:b4:62:de:96:7b:41:c6:9c:a0:e0:06:72:fb:f0:
+                    07:97:09:39:81:74:af:f7:34:59:11:57:0a:c2:5b:
+                    c1:24:f4:31:73:30:82:c6:9d:ba:02:f7:3e:7c:44:
+                    5f:83:0d:f3:f1:dd:20:69:16:09:50:e2:d4:55:b6:
+                    e0:80:72:76:6e:4c:47:b7:75:55:59:b4:53:74:d9:
+                    94:c6:41:ad:58:8a:31:66:0f:1e:a2:1b:29:40:4e:
+                    2f:df:7b:e6:16:2c:2d:fc:bf:ec:f3:b4:fa:be:18:
+                    f6:9b:49:d4:ee:05:6e:d9:34:f3:9c:f1:ec:01:8b:
+                    d1:20:c6:0f:a0:b5:bc:17:4e:48:7b:51:c2:fc:e9:
+                    5c:69:37:47:66:b3:68:f8:15:28:f0:b9:d3:a4:15:
+                    cc:5a:4f:ba:52:70:a3:12:45:dd:c6:ba:4e:fb:c2:
+                    d0:f7:a8:52:27:6d:6e:79:b5:8c:fc:7b:8c:c1:16:
+                    4c:ee:80:7f:be:f0:76:be:41:53:12:33:ae:5a:38:
+                    42:ab:d7:0f:3e:41:8d:76:07:32:d5:ab:89:f6:4e:
+                    67:d9:b1:42:75:23:6e:f3:cd:42:b2:fc:55:f5:53:
+                    87:17:3b:c0:33:58:f1:52:d2:f9:80:a4:f0:e8:f0:
+                    3b:8b:38:cc:a4:c6:90:7f:0f:9c:fd:8b:d1:a3:cf:
+                    da:83:a7:69:c9:50:36:d5:5c:05:d2:0a:41:74:db:
+                    63:11:37:c1:a5:a0:96:4b:1e:8c:16:12:77:ae:94:
+                    34:7b:1e:7f:c2:66:00:e4:aa:83:ea:8a:90:ad:ce:
+                    36:44:4d:d1:51:e9:bc:1f:f3:6a:05:fd:c0:74:1f:
+                    25:19:40:51:6e:ea:82:51:40:df:9b:b9:08:2a:06:
+                    02:d5:23:1c:13:d6:e9:db:db:c6:b0:7a:cb:7b:27:
+                    9b:fb:e0:d5:46:24:ed:10:4b:63:4b:a5:05:8f:ba:
+                    b8:1d:2b:a6:fa:91:e2:92:52:bd:ec:eb:67:97:6d:
+                    9a:2d:9f:81:32:05:67:32:fb:48:08:3f:d9:25:b8:
+                    04:25:2f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9
+
+            X509v3 Subject Key Identifier: 
+                FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+         8d:89:6d:84:45:18:f1:4f:b3:a0:ef:68:a4:c0:1d:ac:30:bc:
+         67:66:b0:9a:cd:b6:ab:22:19:66:d3:3b:41:b5:10:9d:10:ba:
+         72:6e:29:24:20:1c:01:99:62:d3:96:e0:e2:fb:0c:42:d7:e1:
+         5a:c4:96:4d:54:cd:8f:ca:43:53:fd:2a:b8:ea:f8:65:ca:01:
+         c2:ad:60:68:06:9f:39:1a:51:d9:e0:8d:26:f9:0b:4e:a5:53:
+         25:7a:23:a4:1c:ce:08:1b:df:47:88:b2:ad:3e:e0:27:87:8b:
+         49:8c:1f:a9:47:58:7b:96:f2:88:1d:18:ae:b3:d1:a6:0a:94:
+         fa:db:d3:e5:38:0a:6b:79:12:33:fb:4a:59:37:16:40:0e:bb:
+         de:f5:89:0c:f1:6c:d3:f7:51:6b:5e:35:f5:db:c0:26:ea:12:
+         73:4e:a9:91:90:a6:17:c3:6c:2f:38:d4:a3:72:94:43:2c:62:
+         e1:4e:5c:32:3d:bd:4c:7d:19:47:a2:c3:49:e7:96:3f:8f:9a:
+         d3:3b:e4:11:d8:8b:03:dc:f6:b6:60:55:18:a6:81:51:f3:e1:
+         a8:15:6a:eb:e0:0b:f0:14:31:d6:b9:8c:45:3a:a8:10:d8:f0:
+         b9:27:eb:f7:cb:7a:ef:05:72:96:b5:c4:8f:96:73:c4:e8:56:
+         73:9c:bc:69:51:63:bc:ef:67:1c:43:1a:5f:77:19:1f:18:f8:
+         1c:25:29:f9:49:99:29:b6:92:3d:a2:83:37:b1:20:91:a8:9b:
+         30:e9:6a:6c:b4:23:93:65:04:ab:11:f3:0e:1d:53:24:49:53:
+         1d:a1:3f:9d:48:92:11:e2:7d:0d:4f:f5:d7:bd:a2:58:3e:78:
+         9d:1e:1f:2b:fe:21:bb:1a:13:b6:b1:28:64:fd:b0:02:00:c7:
+         6c:80:a2:bd:16:50:20:0f:72:81:5f:cc:94:ff:bb:99:e6:ba:
+         90:cb:ea:f9:c6:0c:c2:ae:c5:19:ce:33:a1:6b:5c:bb:7e:7c:
+         34:57:17:ad:f0:3f:ae:cd:ea:af:99:ec:2c:54:7e:8c:ce:2e:
+         12:56:48:ef:17:3b:3f:4a:5e:60:d2:dc:74:36:bc:a5:43:63:
+         cb:0f:5b:a3:02:56:09:9e:24:2c:e1:86:81:8c:fe:ab:17:2c:
+         fa:c8:e2:32:1a:3a:ff:85:08:c9:83:9f:f2:4a:48:10:54:77:
+         37:ed:a2:bc:40:be:e4:10:74:f7:e4:5b:bb:b9:f3:89:f9:8f:
+         41:d8:c7:e4:50:90:35:80:3e:1c:b8:4d:90:d3:d4:f7:c3:b0:
+         a1:7e:84:ca:77:92:31:2c:b8:90:b1:82:7a:74:4e:9b:13:26:
+         b4:d5:50:66:54:78:ae:60
+SHA1 Fingerprint=EC:2C:83:40:72:AF:26:95:10:FF:0E:F2:03:EE:31:70:F6:78:9D:CA
+-----BEGIN CERTIFICATE-----
+MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO
+MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD
+DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX
+DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw
+b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP
+L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY
+t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins
+S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3
+PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO
+L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3
+R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w
+dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS
++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS
+d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG
+AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f
+gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j
+BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z
+NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
+hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM
+QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf
+R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ
+DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW
+P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy
+lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq
+bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w
+AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q
+r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji
+Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU
+98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_E46.pem b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_E46.pem
new file mode 100644
index 000000000000..964350854b3a
--- /dev/null
+++ b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_E46.pem
@@ -0,0 +1,66 @@
+##
+##  Sectigo Public Server Authentication Root E46
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            42:f2:cc:da:1b:69:37:44:5f:15:fe:75:28:10:b8:f4
+        Signature Algorithm: ecdsa-with-SHA384
+        Issuer: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root E46
+        Validity
+            Not Before: Mar 22 00:00:00 2021 GMT
+            Not After : Mar 21 23:59:59 2046 GMT
+        Subject: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root E46
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:76:fa:99:a9:6e:20:ed:f9:d7:77:e3:07:3b:a8:
+                    db:3d:5f:38:e8:ab:55:a6:56:4f:d6:48:ea:ec:7f:
+                    2d:aa:c3:b2:c5:79:ec:99:61:7f:10:79:c7:02:5a:
+                    f9:04:37:f5:34:35:2b:77:ce:7f:20:8f:52:a3:00:
+                    89:ec:d5:a7:a2:6d:5b:e3:4b:92:93:a0:80:f5:01:
+                    94:dc:f0:68:07:1e:cd:ee:fe:25:52:b5:20:43:1c:
+                    1b:fe:eb:19:ce:43:a3
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D1:22:DA:4C:59:F1:4B:5F:26:38:AA:9D:D6:EE:EB:0D:C3:FB:A9:61
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: ecdsa-with-SHA384
+         30:64:02:30:27:ee:a4:5a:a8:21:bb:e9:47:97:94:89:a5:74:
+         20:6d:79:4f:c8:bd:93:5e:58:18:fb:2d:1a:00:6a:c9:b8:3d:
+         d0:a4:4f:44:47:94:01:56:a2:f8:33:25:0c:42:df:aa:02:30:
+         1d:ea:e1:2e:88:2e:e1:f9:a7:1d:02:32:4e:f2:9f:6c:55:74:
+         e3:ae:ae:fb:a5:1a:ee:ed:d2:fc:c2:03:11:eb:45:5c:60:10:
+         3d:5c:7f:99:03:5b:6d:54:48:01:8a:73
+SHA1 Fingerprint=EC:8A:39:6C:40:F0:2E:BC:42:75:D4:9F:AB:1C:1A:5B:67:BE:D2:9A
+-----BEGIN CERTIFICATE-----
+MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw
+CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T
+ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN
+MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG
+A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT
+ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC
+WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+
+6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B
+Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa
+qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q
+4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_R46.pem b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_R46.pem
new file mode 100644
index 000000000000..e51aef002852
--- /dev/null
+++ b/secure/caroot/trusted/Sectigo_Public_Server_Authentication_Root_R46.pem
@@ -0,0 +1,134 @@
+##
+##  Sectigo Public Server Authentication Root R46
+##
+##  This is a single X.509 certificate for a public Certificate
+##  Authority (CA). It was automatically extracted from Mozilla's
+##  root CA list (the file `certdata.txt' in security/nss).
+##
+##  It contains a certificate trusted for server authentication.
+##
+##  Extracted from nss
+##
+##  @generated
+##
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            75:8d:fd:8b:ae:7c:07:00:fa:a9:25:a7:e1:c7:ad:14
+        Signature Algorithm: sha384WithRSAEncryption
+        Issuer: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46
+        Validity
+            Not Before: Mar 22 00:00:00 2021 GMT
+            Not After : Mar 21 23:59:59 2046 GMT
+        Subject: C = GB, O = Sectigo Limited, CN = Sectigo Public Server Authentication Root R46
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (4096 bit)
+                Modulus:
+                    00:93:be:d5:36:52:75:d8:01:23:a0:1c:47:42:49:
+                    ee:63:b6:b7:21:fd:c4:95:d5:48:2b:26:7c:14:53:
+                    10:da:79:fd:2b:b7:2d:a4:d4:2c:fa:ea:32:dd:49:
+                    c2:b9:bd:0f:48:3d:7b:5a:98:54:af:9e:5d:31:74:
+                    4f:07:fc:50:21:dd:a4:cf:68:4f:1b:12:63:6d:25:
+                    99:4c:2a:99:f3:48:30:61:fa:81:7c:1e:a7:08:4a:
+                    dc:3e:2b:1c:1f:18:4c:71:aa:35:8c:ad:f8:6e:e8:
+                    3b:4a:d9:e5:94:02:d6:89:84:13:aa:6d:c8:4f:33:
+                    cc:50:96:37:92:33:dc:5f:88:e7:9f:54:d9:48:f0:
+                    98:43:d6:66:fd:9f:17:38:43:c5:01:51:0b:d7:e3:
+                    23:0f:14:5d:5b:14:e7:4b:be:dd:f4:c8:da:03:37:
+                    d1:d6:39:a1:21:51:30:83:b0:6d:d7:30:4e:96:5b:
+                    91:f0:70:24:ab:bf:45:81:64:43:0d:bd:21:3a:2f:
+                    3c:e9:9e:0d:cb:20:b5:42:27:cc:da:6f:9b:ee:64:
+                    30:90:39:cd:93:65:81:21:31:b5:23:50:33:37:22:
+                    e3:38:ed:f8:31:30:cc:45:fe:62:f9:d1:5d:32:79:
+                    42:87:df:6a:cc:56:19:40:4d:ce:aa:bb:f9:b5:76:
+                    49:94:f1:27:f8:91:a5:83:e5:06:b3:63:0e:80:dc:
+                    e0:12:55:80:a6:3b:66:b4:39:87:2d:c8:f0:d0:d1:
+                    14:e9:e4:0d:4d:0e:f6:5d:57:72:c5:3b:1c:47:56:
+                    9d:e2:d5:fb:81:61:8c:cc:4d:80:90:34:5b:b7:d7:
+                    14:75:dc:d8:04:48:9f:c0:c1:28:88:b4:e9:1c:ca:
+                    a7:b1:f1:56:b7:7b:49:4c:59:e5:20:15:a8:84:02:
+                    29:fa:38:94:69:9a:49:06:8f:cd:1f:79:14:17:12:
+                    0c:83:7a:de:1f:b1:97:ee:f9:97:78:28:a4:c8:44:
+                    92:e9:7d:26:05:a6:58:72:9b:79:13:d8:11:5f:ae:
+                    c5:38:62:34:68:b2:86:30:8e:f8:90:61:9e:32:6c:
+                    f5:07:36:cd:a2:4c:6e:ec:8a:36:ed:f2:e6:99:15:
+                    44:70:c3:7c:bc:9c:39:c0:b4:e1:6b:f7:83:25:23:
+                    57:d9:12:80:e5:49:f0:75:0f:ef:8d:eb:1c:9b:54:
+                    28:b4:21:3c:fc:7c:0a:ff:ef:7b:6b:75:ff:8b:1d:
+                    a0:19:05:ab:fa:f8:2b:81:42:e8:38:ba:bb:fb:aa:
+                    fd:3d:e0:f3:ca:df:4e:97:97:29:ed:f3:18:56:e9:
+                    a5:96:ac:bd:c3:90:98:b2:e0:f9:a2:d4:a6:47:43:
+                    7c:6d:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: sha384WithRSAEncryption
+         2f:5c:99:3c:fc:06:5e:8c:94:2e:70:ea:d2:32:31:8d:b4:f0:
+         51:d5:bc:0a:f3:64:9f:07:5e:d5:c1:73:68:64:7a:a2:b9:0e:
+         e8:f9:5d:85:2d:a8:37:45:aa:28:f4:96:05:50:60:a9:49:7e:
+         9f:e2:99:36:29:13:44:47:6a:9d:55:20:3c:d8:9b:f1:03:32:
+         ba:da:40:a1:73:ea:83:a1:b7:44:a6:0e:99:01:9b:e4:bc:7f:
+         be:13:94:7e:ca:a6:1e:76:80:36:3d:84:06:8b:33:26:65:6d:
+         ca:7e:9e:fe:1f:8c:58:38:7b:1a:83:b1:0f:bc:17:11:bb:e6:
+         06:cc:63:fa:81:f2:81:4c:da:0b:10:6b:a1:fa:d5:28:a5:cf:
+         06:40:16:ff:7b:7d:18:5e:39:12:a4:53:9e:7e:32:42:10:a6:
+         21:91:a9:1c:4e:17:7c:84:bc:9f:8c:d1:e8:df:e6:51:b9:36:
+         47:3f:90:b9:c7:bc:02:dc:5b:1c:4f:0e:48:c1:25:83:9c:0a:
+         3f:9e:b1:03:33:12:1a:27:ac:f7:22:6c:24:d1:01:41:f8:58:
+         03:fe:25:68:22:1f:9a:5a:3c:7c:6c:9e:75:48:f3:81:f1:66:
+         67:6e:4c:82:c0:ee:ba:57:0e:18:ef:2e:9a:f7:12:d8:a0:6b:
+         e9:05:a5:a1:e9:68:f8:bc:4c:3f:12:1e:45:e8:52:c0:a3:bf:
+         12:27:79:b9:cc:31:3c:c3:f6:3a:22:16:03:a0:c9:8f:66:a4:
+         5b:a2:4d:d6:81:25:06:e9:76:a4:00:0a:3e:cb:cd:35:9b:e0:
+         e1:38:cb:60:53:86:28:42:41:1c:44:57:e8:a8:ad:ab:45:e3:
+         25:10:bc:db:3e:65:41:fb:1b:a6:97:0f:eb:b9:74:79:f9:1e:
+         bc:1d:57:0d:47:af:c3:2f:9f:87:46:a7:eb:26:5a:0f:56:63:
+         b5:62:60:6e:00:fb:e3:27:11:22:e7:fe:99:8f:34:f5:b9:e8:
+         c3:91:72:bd:d8:c3:1e:b9:2e:f2:91:44:51:d0:57:cd:0c:34:
+         d5:48:21:bf:db:13:f1:66:25:43:52:d2:70:22:36:cd:9f:c4:
+         1c:75:20:ad:63:72:63:06:0f:0e:27:ce:d2:6a:0d:bc:b5:39:
+         1a:e9:d1:76:7a:d1:5c:e4:e7:49:49:2d:55:37:68:f0:1a:3a:
+         98:3e:54:17:87:54:e9:a6:27:50:89:7b:20:2f:3f:ff:bf:a1:
+         8b:4a:47:98:ff:2b:7b:49:3e:c3:29:46:60:18:42:ab:33:29:
+         ba:c0:29:b9:13:89:d3:88:8a:39:41:3b:c9:fd:a6:ed:1f:f4:
+         60:63:df:d2:2d:55:01:8b
+SHA1 Fingerprint=AD:98:F9:F3:E4:7D:75:3B:65:D4:82:B3:A4:52:17:BB:6E:F5:E4:38
+-----BEGIN CERTIFICATE-----
+MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf
+MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD
+Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw
+HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY
+MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp
+YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa
+ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz
+SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf
+iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X
+ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3
+IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS
+VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE
+SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu
++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt
+8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L
+HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt
+zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P
+AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c
+mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ
+YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52
+gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA
+Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB
+JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX
+DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui
+TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5
+dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65
+LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp
+0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY
+QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/E-Tugra_Certification_Authority.pem b/secure/caroot/untrusted/E-Tugra_Certification_Authority.pem
similarity index 100%
rename from secure/caroot/trusted/E-Tugra_Certification_Authority.pem
rename to secure/caroot/untrusted/E-Tugra_Certification_Authority.pem
diff --git a/secure/caroot/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem b/secure/caroot/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem
similarity index 100%
rename from secure/caroot/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem
rename to secure/caroot/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem
diff --git a/secure/caroot/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem b/secure/caroot/untrusted/E-Tugra_Global_Root_CA_RSA_v3.pem
similarity index 100%
rename from secure/caroot/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem
rename to secure/caroot/untrusted/E-Tugra_Global_Root_CA_RSA_v3.pem
diff --git a/secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem b/secure/caroot/untrusted/Hongkong_Post_Root_CA_1.pem
similarity index 100%
rename from secure/caroot/trusted/Hongkong_Post_Root_CA_1.pem
rename to secure/caroot/untrusted/Hongkong_Post_Root_CA_1.pem