git: e8e9cb97d094 - releng/13.4 - caroot: update the root bundle
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 10 Apr 2025 14:59:38 UTC
The branch releng/13.4 has been updated by philip:
URL: https://cgit.FreeBSD.org/src/commit/?id=e8e9cb97d094311712e1d86e019483f3e0de2106
commit e8e9cb97d094311712e1d86e019483f3e0de2106
Author: Michael Osipov <michaelo@FreeBSD.org>
AuthorDate: 2025-03-07 18:58:55 +0000
Commit: Philip Paeps <philip@FreeBSD.org>
CommitDate: 2025-04-10 14:39:15 +0000
caroot: update the root bundle
Summary:
- Seven (7) new roots
- Four (4) distrusted roots
- Fourteen (14) removed (expired) roots
Approved by: so
Security: FreeBSD-EN-25:08.caroot
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D49294
(cherry picked from commit 0100da4deb96e15acf72d7655127c6faafa4148f)
(cherry picked from commit f89c056e118438759d3aa5b8475c075dcad9299e)
---
ObsoleteFiles.inc | 20 +++
.../caroot/blacklisted/AddTrust_External_Root.pem | 99 ---------------
.../AddTrust_Low-Value_Services_Root.pem | 98 ---------------
.../caroot/blacklisted/Cybertrust_Global_Root.pem | 99 ---------------
secure/caroot/blacklisted/DST_Root_CA_X3.pem | 92 --------------
.../E-Tugra_Certification_Authority.pem | 140 ---------------------
.../Entrust_Root_Certification_Authority_-_G4.pem | 0
secure/caroot/blacklisted/GeoTrust_Global_CA.pem | 90 -------------
.../caroot/blacklisted/GlobalSign_Root_CA_-_R2.pem | 99 ---------------
.../caroot/blacklisted/Hongkong_Post_Root_CA_1.pem | 89 -------------
secure/caroot/blacklisted/QuoVadis_Root_CA.pem | 116 -----------------
.../SecureSign_RootCA11.pem | 0
.../Security_Communication_RootCA3.pem | 0
.../blacklisted/Security_Communication_Root_CA.pem | 91 --------------
.../caroot/blacklisted/Sonera_Class_2_Root_CA.pem | 90 -------------
.../Staat_der_Nederlanden_EV_Root_CA.pem | 134 --------------------
.../Staat_der_Nederlanden_Root_CA_-_G2.pem | 137 --------------------
.../SwissSign_Silver_CA_-_G2.pem | 0
secure/caroot/blacklisted/Trustis_FPS_Root_CA.pem | 91 --------------
.../caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem | 139 ++++++++++++++++++++
.../caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem | 139 ++++++++++++++++++++
.../trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem | 71 +++++++++++
secure/caroot/trusted/SecureSign_Root_CA12.pem | 93 ++++++++++++++
secure/caroot/trusted/SecureSign_Root_CA14.pem | 135 ++++++++++++++++++++
secure/caroot/trusted/SecureSign_Root_CA15.pem | 67 ++++++++++
secure/caroot/trusted/TWCA_CYBER_Root_CA.pem | 137 ++++++++++++++++++++
26 files changed, 801 insertions(+), 1465 deletions(-)
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index d759e7db2bc6..9af498ca709d 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -51,6 +51,26 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20250310: caroot bundle updated
+OLD_FILES+=usr/share/certs/trusted/Entrust_Root_Certification_Authority_-_G4.pem
+OLD_FILES+=usr/share/certs/trusted/SecureSign_RootCA11.pem
+OLD_FILES+=usr/share/certs/trusted/Security_Communication_RootCA3.pem
+OLD_FILES+=usr/share/certs/trusted/SwissSign_Silver_CA_-_G2.pem
+OLD_FILES+=usr/share/certs/blacklisted/AddTrust_External_Root.pem
+OLD_FILES+=usr/share/certs/blacklisted/AddTrust_Low-Value_Services_Root.pem
+OLD_FILES+=usr/share/certs/blacklisted/Staat_der_Nederlanden_Root_CA_-_G2.pem
+OLD_FILES+=usr/share/certs/blacklisted/Cybertrust_Global_Root.pem
+OLD_FILES+=usr/share/certs/blacklisted/DST_Root_CA_X3.pem
+OLD_FILES+=usr/share/certs/blacklisted/GlobalSign_Root_CA_-_R2.pem
+OLD_FILES+=usr/share/certs/blacklisted/QuoVadis_Root_CA.pem
+OLD_FILES+=usr/share/certs/blacklisted/Sonera_Class_2_Root_CA.pem
+OLD_FILES+=usr/share/certs/blacklisted/GeoTrust_Global_CA.pem
+OLD_FILES+=usr/share/certs/blacklisted/Staat_der_Nederlanden_EV_Root_CA.pem
+OLD_FILES+=usr/share/certs/blacklisted/E-Tugra_Certification_Authority.pem
+OLD_FILES+=usr/share/certs/blacklisted/Hongkong_Post_Root_CA_1.pem
+OLD_FILES+=usr/share/certs/blacklisted/Security_Communication_Root_CA.pem
+OLD_FILES+=usr/share/certs/blacklisted/Trustis_FPS_Root_CA.pem
+
# 20240419: new clang import which bumps version from 17 to 18
OLD_FILES+=usr/lib/clang/17/include/__clang_cuda_builtin_vars.h
OLD_FILES+=usr/lib/clang/17/include/__clang_cuda_cmath.h
diff --git a/secure/caroot/blacklisted/AddTrust_External_Root.pem b/secure/caroot/blacklisted/AddTrust_External_Root.pem
deleted file mode 100644
index 97fe312d0e8f..000000000000
--- a/secure/caroot/blacklisted/AddTrust_External_Root.pem
+++ /dev/null
@@ -1,99 +0,0 @@
-##
-## AddTrust External Root
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
- Validity
- Not Before: May 30 10:48:38 2000 GMT
- Not After : May 30 10:48:38 2020 GMT
- Subject: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed:
- 1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97:
- a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f:
- cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db:
- 2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70:
- 56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6:
- 5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e:
- 87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c:
- 71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8:
- 69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df:
- ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee:
- 6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94:
- 37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8:
- 45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7:
- c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7:
- a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65:
- b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34:
- 5a:27
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
- X509v3 Key Usage:
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
- DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
- serial:01
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9:
- 84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41:
- 6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5:
- bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2:
- de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51:
- 14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85:
- 93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a:
- 63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b:
- a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4:
- 45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9:
- 91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e:
- 8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76:
- 60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20:
- 0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7:
- 8f:4e:86:04
-SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
------BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
-IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
-MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
-FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
-bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
-H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
-uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
-mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
-a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
-E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
-WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
-VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
-Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
-cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
-IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
-AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
-YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
-6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
-Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
-c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
-mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem b/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem
deleted file mode 100644
index afb471de944f..000000000000
--- a/secure/caroot/blacklisted/AddTrust_Low-Value_Services_Root.pem
+++ /dev/null
@@ -1,98 +0,0 @@
-##
-## AddTrust Low-Value Services Root
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
- Validity
- Not Before: May 30 10:38:31 2000 GMT
- Not After : May 30 10:38:31 2020 GMT
- Subject: C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:96:96:d4:21:49:60:e2:6b:e8:41:07:0c:de:c4:
- e0:dc:13:23:cd:c1:35:c7:fb:d6:4e:11:0a:67:5e:
- f5:06:5b:6b:a5:08:3b:5b:29:16:3a:e7:87:b2:34:
- 06:c5:bc:05:a5:03:7c:82:cb:29:10:ae:e1:88:81:
- bd:d6:9e:d3:fe:2d:56:c1:15:ce:e3:26:9d:15:2e:
- 10:fb:06:8f:30:04:de:a7:b4:63:b4:ff:b1:9c:ae:
- 3c:af:77:b6:56:c5:b5:ab:a2:e9:69:3a:3d:0e:33:
- 79:32:3f:70:82:92:99:61:6d:8d:30:08:8f:71:3f:
- a6:48:57:19:f8:25:dc:4b:66:5c:a5:74:8f:98:ae:
- c8:f9:c0:06:22:e7:ac:73:df:a5:2e:fb:52:dc:b1:
- 15:65:20:fa:35:66:69:de:df:2c:f1:6e:bc:30:db:
- 2c:24:12:db:eb:35:35:68:90:cb:00:b0:97:21:3d:
- 74:21:23:65:34:2b:bb:78:59:a3:d6:e1:76:39:9a:
- a4:49:8e:8c:74:af:6e:a4:9a:a3:d9:9b:d2:38:5c:
- 9b:a2:18:cc:75:23:84:be:eb:e2:4d:33:71:8e:1a:
- f0:c2:f8:c7:1d:a2:ad:03:97:2c:f8:cf:25:c6:f6:
- b8:24:31:b1:63:5d:92:7f:63:f0:25:c9:53:2e:1f:
- bf:4d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
- X509v3 Key Usage:
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:95:B1:B4:F0:94:B6:BD:C7:DA:D1:11:09:21:BE:C1:AF:49:FD:10:7B
- DirName:/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
- serial:01
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- 2c:6d:64:1b:1f:cd:0d:dd:b9:01:fa:96:63:34:32:48:47:99:
- ae:97:ed:fd:72:16:a6:73:47:5a:f4:eb:dd:e9:f5:d6:fb:45:
- cc:29:89:44:5d:bf:46:39:3d:e8:ee:bc:4d:54:86:1e:1d:6c:
- e3:17:27:43:e1:89:56:2b:a9:6f:72:4e:49:33:e3:72:7c:2a:
- 23:9a:bc:3e:ff:28:2a:ed:a3:ff:1c:23:ba:43:57:09:67:4d:
- 4b:62:06:2d:f8:ff:6c:9d:60:1e:d8:1c:4b:7d:b5:31:2f:d9:
- d0:7c:5d:f8:de:6b:83:18:78:37:57:2f:e8:33:07:67:df:1e:
- c7:6b:2a:95:76:ae:8f:57:a3:f0:f4:52:b4:a9:53:08:cf:e0:
- 4f:d3:7a:53:8b:fd:bb:1c:56:36:f2:fe:b2:b6:e5:76:bb:d5:
- 22:65:a7:3f:fe:d1:66:ad:0b:bc:6b:99:86:ef:3f:7d:f3:18:
- 32:ca:7b:c6:e3:ab:64:46:95:f8:26:69:d9:55:83:7b:2c:96:
- 07:ff:59:2c:44:a3:c6:e5:e9:a9:dc:a1:63:80:5a:21:5e:21:
- cf:53:54:f0:ba:6f:89:db:a8:aa:95:cf:8b:e3:71:cc:1e:1b:
- 20:44:08:c0:7a:b6:40:fd:c4:e4:35:e1:1d:16:1c:d0:bc:2b:
- 8e:d6:71:d9
-SHA1 Fingerprint=CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
------BEGIN CERTIFICATE-----
-MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
-b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
-MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
-QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
-VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
-CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
-tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
-dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
-PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
-+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
-BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
-ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
-IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
-7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
-43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
-eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
-pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
-WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/Cybertrust_Global_Root.pem b/secure/caroot/blacklisted/Cybertrust_Global_Root.pem
deleted file mode 100644
index 657a1b7b683c..000000000000
--- a/secure/caroot/blacklisted/Cybertrust_Global_Root.pem
+++ /dev/null
@@ -1,99 +0,0 @@
-##
-## Cybertrust Global Root
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 04:00:00:00:00:01:0f:85:aa:2d:48
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: O = "Cybertrust, Inc", CN = Cybertrust Global Root
- Validity
- Not Before: Dec 15 08:00:00 2006 GMT
- Not After : Dec 15 08:00:00 2021 GMT
- Subject: O = "Cybertrust, Inc", CN = Cybertrust Global Root
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:f8:c8:bc:bd:14:50:66:13:ff:f0:d3:79:ec:23:
- f2:b7:1a:c7:8e:85:f1:12:73:a6:19:aa:10:db:9c:
- a2:65:74:5a:77:3e:51:7d:56:f6:dc:23:b6:d4:ed:
- 5f:58:b1:37:4d:d5:49:0e:6e:f5:6a:87:d6:d2:8c:
- d2:27:c6:e2:ff:36:9f:98:65:a0:13:4e:c6:2a:64:
- 9b:d5:90:12:cf:14:06:f4:3b:e3:d4:28:be:e8:0e:
- f8:ab:4e:48:94:6d:8e:95:31:10:5c:ed:a2:2d:bd:
- d5:3a:6d:b2:1c:bb:60:c0:46:4b:01:f5:49:ae:7e:
- 46:8a:d0:74:8d:a1:0c:02:ce:ee:fc:e7:8f:b8:6b:
- 66:f3:7f:44:00:bf:66:25:14:2b:dd:10:30:1d:07:
- 96:3f:4d:f6:6b:b8:8f:b7:7b:0c:a5:38:eb:de:47:
- db:d5:5d:39:fc:88:a7:f3:d7:2a:74:f1:e8:5a:a2:
- 3b:9f:50:ba:a6:8c:45:35:c2:50:65:95:dc:63:82:
- ef:dd:bf:77:4d:9c:62:c9:63:73:16:d0:29:0f:49:
- a9:48:f0:b3:aa:b7:6c:c5:a7:30:39:40:5d:ae:c4:
- e2:5d:26:53:f0:ce:1c:23:08:61:a8:94:19:ba:04:
- 62:40:ec:1f:38:70:77:12:06:71:a7:30:18:5d:25:
- 27:a5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57
- X509v3 CRL Distribution Points:
- Full Name:
- URI:http://www2.public-trust.com/crl/ct/ctroot.crl
- X509v3 Authority Key Identifier:
- B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- 56:ef:0a:23:a0:54:4e:95:97:c9:f8:89:da:45:c1:d4:a3:00:
- 25:f4:1f:13:ab:b7:a3:85:58:69:c2:30:ad:d8:15:8a:2d:e3:
- c9:cd:81:5a:f8:73:23:5a:a7:7c:05:f3:fd:22:3b:0e:d1:06:
- c4:db:36:4c:73:04:8e:e5:b0:22:e4:c5:f3:2e:a5:d9:23:e3:
- b8:4e:4a:20:a7:6e:02:24:9f:22:60:67:7b:8b:1d:72:09:c5:
- 31:5c:e9:79:9f:80:47:3d:ad:a1:0b:07:14:3d:47:ff:03:69:
- 1a:0c:0b:44:e7:63:25:a7:7f:b2:c9:b8:76:84:ed:23:f6:7d:
- 07:ab:45:7e:d3:df:b3:bf:e9:8a:b6:cd:a8:a2:67:2b:52:d5:
- b7:65:f0:39:4c:63:a0:91:79:93:52:0f:54:dd:83:bb:9f:d1:
- 8f:a7:53:73:c3:cb:ff:30:ec:7c:04:b8:d8:44:1f:93:5f:71:
- 09:22:b7:6e:3e:ea:1c:03:4e:9d:1a:20:61:fb:81:37:ec:5e:
- fc:0a:45:ab:d7:e7:17:55:d0:a0:ea:60:9b:a6:f6:e3:8c:5b:
- 29:c2:06:60:14:9d:2d:97:4c:a9:93:15:9d:61:c4:01:5f:48:
- d6:58:bd:56:31:12:4e:11:c8:21:e0:b3:11:91:65:db:b4:a6:
- 88:38:ce:55
-SHA1 Fingerprint=5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6
------BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
-A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
-bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE
-ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS
-b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5
-7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS
-J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y
-HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP
-t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz
-FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY
-XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
-MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw
-hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js
-MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA
-A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
-Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx
-XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o
-omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc
-A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
-WL1WMRJOEcgh4LMRkWXbtKaIOM5V
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/DST_Root_CA_X3.pem b/secure/caroot/blacklisted/DST_Root_CA_X3.pem
deleted file mode 100644
index 2b0739bfe36e..000000000000
--- a/secure/caroot/blacklisted/DST_Root_CA_X3.pem
+++ /dev/null
@@ -1,92 +0,0 @@
-##
-## DST Root CA X3
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3
- Validity
- Not Before: Sep 30 21:12:19 2000 GMT
- Not After : Sep 30 14:01:15 2021 GMT
- Subject: O = Digital Signature Trust Co., CN = DST Root CA X3
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:df:af:e9:97:50:08:83:57:b4:cc:62:65:f6:90:
- 82:ec:c7:d3:2c:6b:30:ca:5b:ec:d9:c3:7d:c7:40:
- c1:18:14:8b:e0:e8:33:76:49:2a:e3:3f:21:49:93:
- ac:4e:0e:af:3e:48:cb:65:ee:fc:d3:21:0f:65:d2:
- 2a:d9:32:8f:8c:e5:f7:77:b0:12:7b:b5:95:c0:89:
- a3:a9:ba:ed:73:2e:7a:0c:06:32:83:a2:7e:8a:14:
- 30:cd:11:a0:e1:2a:38:b9:79:0a:31:fd:50:bd:80:
- 65:df:b7:51:63:83:c8:e2:88:61:ea:4b:61:81:ec:
- 52:6b:b9:a2:e2:4b:1a:28:9f:48:a3:9e:0c:da:09:
- 8e:3e:17:2e:1e:dd:20:df:5b:c6:2a:8a:ab:2e:bd:
- 70:ad:c5:0b:1a:25:90:74:72:c5:7b:6a:ab:34:d6:
- 30:89:ff:e5:68:13:7b:54:0b:c8:d6:ae:ec:5a:9c:
- 92:1e:3d:64:b3:8c:c6:df:bf:c9:41:70:ec:16:72:
- d5:26:ec:38:55:39:43:d0:fc:fd:18:5c:40:f1:97:
- eb:d5:9a:9b:8d:1d:ba:da:25:b9:c6:d8:df:c1:15:
- 02:3a:ab:da:6e:f1:3e:2e:f5:5c:08:9c:3c:d6:83:
- 69:e4:10:9b:19:2a:b6:29:57:e3:e5:3d:9b:9f:f0:
- 02:5d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Subject Key Identifier:
- C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- a3:1a:2c:9b:17:00:5c:a9:1e:ee:28:66:37:3a:bf:83:c7:3f:
- 4b:c3:09:a0:95:20:5d:e3:d9:59:44:d2:3e:0d:3e:bd:8a:4b:
- a0:74:1f:ce:10:82:9c:74:1a:1d:7e:98:1a:dd:cb:13:4b:b3:
- 20:44:e4:91:e9:cc:fc:7d:a5:db:6a:e5:fe:e6:fd:e0:4e:dd:
- b7:00:3a:b5:70:49:af:f2:e5:eb:02:f1:d1:02:8b:19:cb:94:
- 3a:5e:48:c4:18:1e:58:19:5f:1e:02:5a:f0:0c:f1:b1:ad:a9:
- dc:59:86:8b:6e:e9:91:f5:86:ca:fa:b9:66:33:aa:59:5b:ce:
- e2:a7:16:73:47:cb:2b:cc:99:b0:37:48:cf:e3:56:4b:f5:cf:
- 0f:0c:72:32:87:c6:f0:44:bb:53:72:6d:43:f5:26:48:9a:52:
- 67:b7:58:ab:fe:67:76:71:78:db:0d:a2:56:14:13:39:24:31:
- 85:a2:a8:02:5a:30:47:e1:dd:50:07:bc:02:09:90:00:eb:64:
- 63:60:9b:16:bc:88:c9:12:e6:d2:7d:91:8b:f9:3d:32:8d:65:
- b4:e9:7c:b1:57:76:ea:c5:b6:28:39:bf:15:65:1c:c8:f6:77:
- 96:6a:0a:8d:77:0b:d8:91:0b:04:8e:07:db:29:b6:0a:ee:9d:
- 82:35:35:10
-SHA1 Fingerprint=DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/E-Tugra_Certification_Authority.pem b/secure/caroot/blacklisted/E-Tugra_Certification_Authority.pem
deleted file mode 100644
index c37e3aa0ce59..000000000000
--- a/secure/caroot/blacklisted/E-Tugra_Certification_Authority.pem
+++ /dev/null
@@ -1,140 +0,0 @@
-##
-## E-Tugra Certification Authority
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 7667447206703254355 (0x6a683e9c519bcb53)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority
- Validity
- Not Before: Mar 5 12:09:48 2013 GMT
- Not After : Mar 3 12:09:48 2023 GMT
- Subject: C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (4096 bit)
- Modulus:
- 00:e2:f5:3f:93:05:51:1e:85:62:54:5e:7a:0b:f5:
- 18:07:83:ae:7e:af:7c:f7:d4:8a:6b:a5:63:43:39:
- b9:4b:f7:c3:c6:64:89:3d:94:2e:54:80:52:39:39:
- 07:4b:4b:dd:85:07:76:87:cc:bf:2f:95:4c:cc:7d:
- a7:3d:bc:47:0f:98:70:f8:8c:85:1e:74:8e:92:6d:
- 1b:40:d1:99:0d:bb:75:6e:c8:a9:6b:9a:c0:84:31:
- af:ca:43:cb:eb:2b:34:e8:8f:97:6b:01:9b:d5:0e:
- 4a:08:aa:5b:92:74:85:43:d3:80:ae:a1:88:5b:ae:
- b3:ea:5e:cb:16:9a:77:44:c8:a1:f6:54:68:ce:de:
- 8f:97:2b:ba:5b:40:02:0c:64:17:c0:b5:93:cd:e1:
- f1:13:66:ce:0c:79:ef:d1:91:28:ab:5f:a0:12:52:
- 30:73:19:8e:8f:e1:8c:07:a2:c3:bb:4a:f0:ea:1f:
- 15:a8:ee:25:cc:a4:46:f8:1b:22:ef:b3:0e:43:ba:
- 2c:24:b8:c5:2c:5c:d4:1c:f8:5d:64:bd:c3:93:5e:
- 28:a7:3f:27:f1:8e:1e:d3:2a:50:05:a3:55:d9:cb:
- e7:39:53:c0:98:9e:8c:54:62:8b:26:b0:f7:7d:8d:
- 7c:e4:c6:9e:66:42:55:82:47:e7:b2:58:8d:66:f7:
- 07:7c:2e:36:e6:50:1c:3f:db:43:24:c5:bf:86:47:
- 79:b3:79:1c:f7:5a:f4:13:ec:6c:f8:3f:e2:59:1f:
- 95:ee:42:3e:b9:ad:a8:32:85:49:97:46:fe:4b:31:
- 8f:5a:cb:ad:74:47:1f:e9:91:b7:df:28:04:22:a0:
- d4:0f:5d:e2:79:4f:ea:6c:85:86:bd:a8:a6:ce:e4:
- fa:c3:e1:b3:ae:de:3c:51:ee:cb:13:7c:01:7f:84:
- 0e:5d:51:94:9e:13:0c:b6:2e:a5:4c:f9:39:70:36:
- 6f:96:ca:2e:0c:44:55:c5:ca:fa:5d:02:a3:df:d6:
- 64:8c:5a:b3:01:0a:a9:b5:0a:47:17:ff:ef:91:40:
- 2a:8e:a1:46:3a:31:98:e5:11:fc:cc:bb:49:56:8a:
- fc:b9:d0:61:9a:6f:65:6c:e6:c3:cb:3e:75:49:fe:
- 8f:a7:e2:89:c5:67:d7:9d:46:13:4e:31:76:3b:24:
- b3:9e:11:65:86:ab:7f:ef:1d:d4:f8:bc:e7:ac:5a:
- 5c:b7:5a:47:5c:55:ce:55:b4:22:71:5b:5b:0b:f0:
- cf:dc:a0:61:64:ea:a9:d7:68:0a:63:a7:e0:0d:3f:
- a0:af:d3:aa:d2:7e:ef:51:a0:e6:51:2b:55:92:15:
- 17:53:cb:b7:66:0e:66:4c:f8:f9:75:4c:90:e7:12:
- 70:c7:45
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Authority Key Identifier:
- 2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- Signature Algorithm: sha256WithRSAEncryption
- Signature Value:
- 05:37:3a:f4:4d:b7:45:e2:45:75:24:8f:b6:77:52:e8:1c:d8:
- 10:93:65:f3:f2:59:06:a4:3e:1e:29:ec:5d:d1:d0:ab:7c:e0:
- 0a:90:48:78:ed:4e:98:03:99:fe:28:60:91:1d:30:1d:b8:63:
- 7c:a8:e6:35:b5:fa:d3:61:76:e6:d6:07:4b:ca:69:9a:b2:84:
- 7a:77:93:45:17:15:9f:24:d0:98:13:12:ff:bb:a0:2e:fd:4e:
- 4c:87:f8:ce:5c:aa:98:1b:05:e0:00:46:4a:82:80:a5:33:8b:
- 28:dc:ed:38:d3:df:e5:3e:e9:fe:fb:59:dd:61:84:4f:d2:54:
- 96:13:61:13:3e:8f:80:69:be:93:47:b5:35:43:d2:5a:bb:3d:
- 5c:ef:b3:42:47:cd:3b:55:13:06:b0:09:db:fd:63:f6:3a:88:
- 0a:99:6f:7e:e1:ce:1b:53:6a:44:66:23:51:08:7b:bc:5b:52:
- a2:fd:06:37:38:40:61:8f:4a:96:b8:90:37:f8:66:c7:78:90:
- 00:15:2e:8b:ad:51:35:53:07:a8:6b:68:ae:f9:4e:3c:07:26:
- cd:08:05:70:cc:39:3f:76:bd:a5:d3:67:26:01:86:a6:53:d2:
- 60:3b:7c:43:7f:55:8a:bc:95:1a:c1:28:39:4c:1f:43:d2:91:
- f4:72:59:8a:b9:56:fc:3f:b4:9d:da:70:9c:76:5a:8c:43:50:
- ee:8e:30:72:4d:df:ff:49:f7:c6:a9:67:d9:6d:ac:02:11:e2:
- 3a:16:25:a7:58:08:cb:6f:53:41:9c:48:38:47:68:33:d1:d7:
- c7:8f:d4:74:21:d4:c3:05:90:7a:ff:ce:96:88:b1:15:29:5d:
- 23:ab:d0:60:a1:12:4f:de:f4:17:cd:32:e5:c9:bf:c8:43:ad:
- fd:2e:8e:f1:af:e2:f4:98:fa:12:1f:20:d8:c0:a7:0c:85:c5:
- 90:f4:3b:2d:96:26:b1:2c:be:4c:ab:eb:b1:d2:8a:c9:db:78:
- 13:0f:1e:09:9d:6d:8f:00:9f:02:da:c1:fa:1f:7a:7a:09:c4:
- 4a:e6:88:2a:97:9f:89:8b:fd:37:5f:5f:3a:ce:38:59:86:4b:
- af:71:0b:b4:d8:f2:70:4f:9f:32:13:e3:b0:a7:57:e5:da:da:
- 43:cb:84:34:f2:28:c4:ea:6d:f4:2a:ef:c1:6b:76:da:fb:7e:
- bb:85:3c:d2:53:c2:4d:be:71:e1:45:d1:fd:23:67:0d:13:75:
- fb:cf:65:67:22:9d:ae:b0:09:d1:09:ff:1d:34:bf:fe:23:97:
- 37:d2:39:fa:3d:0d:06:0b:b4:db:3b:a3:ab:6f:5c:1d:b6:7e:
- e8:b3:82:34:ed:06:5c:24
-SHA1 Fingerprint=51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
------BEGIN CERTIFICATE-----
-MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV
-BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC
-aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV
-BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1
-Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz
-MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+
-BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp
-em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
-ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY
-B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH
-D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF
-Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo
-q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D
-k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH
-fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut
-dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM
-ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8
-zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
-rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX
-U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6
-Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5
-XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF
-Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR
-HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY
-GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c
-77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3
-+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK
-vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6
-FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl
-yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P
-AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD
-y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
-NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
------END CERTIFICATE-----
diff --git a/secure/caroot/trusted/Entrust_Root_Certification_Authority_-_G4.pem b/secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem
similarity index 100%
rename from secure/caroot/trusted/Entrust_Root_Certification_Authority_-_G4.pem
rename to secure/caroot/blacklisted/Entrust_Root_Certification_Authority_-_G4.pem
diff --git a/secure/caroot/blacklisted/GeoTrust_Global_CA.pem b/secure/caroot/blacklisted/GeoTrust_Global_CA.pem
deleted file mode 100644
index 39416361b598..000000000000
--- a/secure/caroot/blacklisted/GeoTrust_Global_CA.pem
+++ /dev/null
@@ -1,90 +0,0 @@
-##
-## GeoTrust Global CA
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 144470 (0x23456)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
- Validity
- Not Before: May 21 04:00:00 2002 GMT
- Not After : May 21 04:00:00 2022 GMT
- Subject: C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:da:cc:18:63:30:fd:f4:17:23:1a:56:7e:5b:df:
- 3c:6c:38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:
- 43:b6:03:e9:4d:21:07:08:88:da:58:2f:66:39:29:
- bd:05:78:8b:9d:38:e8:05:b7:6a:7e:71:a4:e6:c4:
- 60:a6:b0:ef:80:e4:89:28:0f:9e:25:d6:ed:83:f3:
- ad:a6:91:c7:98:c9:42:18:35:14:9d:ad:98:46:92:
- 2e:4f:ca:f1:87:43:c1:16:95:57:2d:50:ef:89:2d:
- 80:7a:57:ad:f2:ee:5f:6b:d2:00:8d:b9:14:f8:14:
- 15:35:d9:c0:46:a3:7b:72:c8:91:bf:c9:55:2b:cd:
- d0:97:3e:9c:26:64:cc:df:ce:83:19:71:ca:4e:e6:
- d4:d5:7b:a9:19:cd:55:de:c8:ec:d2:5e:38:53:e5:
- 5c:4f:8c:2d:fe:50:23:36:fc:66:e6:cb:8e:a4:39:
- 19:00:b7:95:02:39:91:0b:0e:fe:38:2e:d1:1d:05:
- 9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39:e2:
- fa:36:53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32:
- eb:18:03:28:52:04:71:e5:ab:33:3d:e1:38:bb:07:
- 36:84:62:9c:79:ea:16:30:f4:5f:c0:2b:e8:71:6b:
- e4:f9
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
- X509v3 Authority Key Identifier:
- C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- 35:e3:29:6a:e5:2f:5d:54:8e:29:50:94:9f:99:1a:14:e4:8f:
- 78:2a:62:94:a2:27:67:9e:d0:cf:1a:5e:47:e9:c1:b2:a4:cf:
- dd:41:1a:05:4e:9b:4b:ee:4a:6f:55:52:b3:24:a1:37:0a:eb:
- 64:76:2a:2e:2c:f3:fd:3b:75:90:bf:fa:71:d8:c7:3d:37:d2:
- b5:05:95:62:b9:a6:de:89:3d:36:7b:38:77:48:97:ac:a6:20:
- 8f:2e:a6:c9:0c:c2:b2:99:45:00:c7:ce:11:51:22:22:e0:a5:
- ea:b6:15:48:09:64:ea:5e:4f:74:f7:05:3e:c7:8a:52:0c:db:
- 15:b4:bd:6d:9b:e5:c6:b1:54:68:a9:e3:69:90:b6:9a:a5:0f:
- b8:b9:3f:20:7d:ae:4a:b5:b8:9c:e4:1d:b6:ab:e6:94:a5:c1:
- c7:83:ad:db:f5:27:87:0e:04:6c:d5:ff:dd:a0:5d:ed:87:52:
- b7:2b:15:02:ae:39:a6:6a:74:e9:da:c4:e7:bc:4d:34:1e:a9:
- 5c:4d:33:5f:92:09:2f:88:66:5d:77:97:c7:1d:76:13:a9:d5:
- e5:f1:16:09:11:35:d5:ac:db:24:71:70:2c:98:56:0b:d9:17:
- b4:d1:e3:51:2b:5e:75:e8:d5:d0:dc:4f:34:ed:c2:05:66:80:
- a1:cb:e6:33
-SHA1 Fingerprint=DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
-R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
-9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
-fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
-iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
-1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
-bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
-MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
-ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
-uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
-Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
-tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
-hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
-5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/GlobalSign_Root_CA_-_R2.pem b/secure/caroot/blacklisted/GlobalSign_Root_CA_-_R2.pem
deleted file mode 100644
index 72698a6ad8f1..000000000000
--- a/secure/caroot/blacklisted/GlobalSign_Root_CA_-_R2.pem
+++ /dev/null
@@ -1,99 +0,0 @@
-##
-## GlobalSign Root CA - R2
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 04:00:00:00:00:01:0f:86:26:e6:0d
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
- Validity
- Not Before: Dec 15 08:00:00 2006 GMT
- Not After : Dec 15 08:00:00 2021 GMT
- Subject: OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:a6:cf:24:0e:be:2e:6f:28:99:45:42:c4:ab:3e:
- 21:54:9b:0b:d3:7f:84:70:fa:12:b3:cb:bf:87:5f:
- c6:7f:86:d3:b2:30:5c:d6:fd:ad:f1:7b:dc:e5:f8:
- 60:96:09:92:10:f5:d0:53:de:fb:7b:7e:73:88:ac:
- 52:88:7b:4a:a6:ca:49:a6:5e:a8:a7:8c:5a:11:bc:
- 7a:82:eb:be:8c:e9:b3:ac:96:25:07:97:4a:99:2a:
- 07:2f:b4:1e:77:bf:8a:0f:b5:02:7c:1b:96:b8:c5:
- b9:3a:2c:bc:d6:12:b9:eb:59:7d:e2:d0:06:86:5f:
- 5e:49:6a:b5:39:5e:88:34:ec:bc:78:0c:08:98:84:
- 6c:a8:cd:4b:b4:a0:7d:0c:79:4d:f0:b8:2d:cb:21:
- ca:d5:6c:5b:7d:e1:a0:29:84:a1:f9:d3:94:49:cb:
- 24:62:91:20:bc:dd:0b:d5:d9:cc:f9:ea:27:0a:2b:
- 73:91:c6:9d:1b:ac:c8:cb:e8:e0:a0:f4:2f:90:8b:
- 4d:fb:b0:36:1b:f6:19:7a:85:e0:6d:f2:61:13:88:
- 5c:9f:e0:93:0a:51:97:8a:5a:ce:af:ab:d5:f7:aa:
- 09:aa:60:bd:dc:d9:5f:df:72:a9:60:13:5e:00:01:
- c9:4a:fa:3f:a4:ea:07:03:21:02:8e:82:ca:03:c2:
- 9b:8f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E
- X509v3 CRL Distribution Points:
- Full Name:
- URI:http://crl.globalsign.net/root-r2.crl
- X509v3 Authority Key Identifier:
- 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- 99:81:53:87:1c:68:97:86:91:ec:e0:4a:b8:44:0b:ab:81:ac:
- 27:4f:d6:c1:b8:1c:43:78:b3:0c:9a:fc:ea:2c:3c:6e:61:1b:
- 4d:4b:29:f5:9f:05:1d:26:c1:b8:e9:83:00:62:45:b6:a9:08:
- 93:b9:a9:33:4b:18:9a:c2:f8:87:88:4e:db:dd:71:34:1a:c1:
- 54:da:46:3f:e0:d3:2a:ab:6d:54:22:f5:3a:62:cd:20:6f:ba:
- 29:89:d7:dd:91:ee:d3:5c:a2:3e:a1:5b:41:f5:df:e5:64:43:
- 2d:e9:d5:39:ab:d2:a2:df:b7:8b:d0:c0:80:19:1c:45:c0:2d:
- 8c:e8:f8:2d:a4:74:56:49:c5:05:b5:4f:15:de:6e:44:78:39:
- 87:a8:7e:bb:f3:79:18:91:bb:f4:6f:9d:c1:f0:8c:35:8c:5d:
- 01:fb:c3:6d:b9:ef:44:6d:79:46:31:7e:0a:fe:a9:82:c1:ff:
- ef:ab:6e:20:c4:50:c9:5f:9d:4d:9b:17:8c:0c:e5:01:c9:a0:
- 41:6a:73:53:fa:a5:50:b4:6e:25:0f:fb:4c:18:f4:fd:52:d9:
- 8e:69:b1:e8:11:0f:de:88:d8:fb:1d:49:f7:aa:de:95:cf:20:
- 78:c2:60:12:db:25:40:8c:6a:fc:7e:42:38:40:64:12:f7:9e:
- 81:e1:93:2e
-SHA1 Fingerprint=75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
------BEGIN CERTIFICATE-----
-MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
-A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
-Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
-MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
-v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
-eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
-tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
-C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
-zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
-mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
-V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
-bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
-3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
-J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
-291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
-ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
-AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
-TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/Hongkong_Post_Root_CA_1.pem b/secure/caroot/blacklisted/Hongkong_Post_Root_CA_1.pem
deleted file mode 100644
index 67c30fc56a27..000000000000
--- a/secure/caroot/blacklisted/Hongkong_Post_Root_CA_1.pem
+++ /dev/null
@@ -1,89 +0,0 @@
-##
-## Hongkong Post Root CA 1
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1000 (0x3e8)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = HK, O = Hongkong Post, CN = Hongkong Post Root CA 1
- Validity
- Not Before: May 15 05:13:14 2003 GMT
- Not After : May 15 04:52:29 2023 GMT
- Subject: C = HK, O = Hongkong Post, CN = Hongkong Post Root CA 1
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ac:ff:38:b6:e9:66:02:49:e3:a2:b4:e1:90:f9:
- 40:8f:79:f9:e2:bd:79:fe:02:bd:ee:24:92:1d:22:
- f6:da:85:72:69:fe:d7:3f:09:d4:dd:91:b5:02:9c:
- d0:8d:5a:e1:55:c3:50:86:b9:29:26:c2:e3:d9:a0:
- f1:69:03:28:20:80:45:22:2d:56:a7:3b:54:95:56:
- 22:59:1f:28:df:1f:20:3d:6d:a2:36:be:23:a0:b1:
- 6e:b5:b1:27:3f:39:53:09:ea:ab:6a:e8:74:b2:c2:
- 65:5c:8e:bf:7c:c3:78:84:cd:9e:16:fc:f5:2e:4f:
- 20:2a:08:9f:77:f3:c5:1e:c4:9a:52:66:1e:48:5e:
- e3:10:06:8f:22:98:e1:65:8e:1b:5d:23:66:3b:b8:
- a5:32:51:c8:86:aa:a1:a9:9e:7f:76:94:c2:a6:6c:
- b7:41:f0:d5:c8:06:38:e6:d4:0c:e2:f3:3b:4c:6d:
- 50:8c:c4:83:27:c1:13:84:59:3d:9e:75:74:b6:d8:
- 02:5e:3a:90:7a:c0:42:36:72:ec:6a:4d:dc:ef:c4:
- 00:df:13:18:57:5f:26:78:c8:d6:0a:79:77:bf:f7:
- af:b7:76:b9:a5:0b:84:17:5d:10:ea:6f:e1:ab:95:
- 11:5f:6d:3c:a3:5c:4d:83:5b:f2:b3:19:8a:80:8b:
- 0b:87
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE, pathlen:3
- X509v3 Key Usage: critical
- Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- 0e:46:d5:3c:ae:e2:87:d9:5e:81:8b:02:98:41:08:8c:4c:bc:
- da:db:ee:27:1b:82:e7:6a:45:ec:16:8b:4f:85:a0:f3:b2:70:
- bd:5a:96:ba:ca:6e:6d:ee:46:8b:6e:e7:2a:2e:96:b3:19:33:
- eb:b4:9f:a8:b2:37:ee:98:a8:97:b6:2e:b6:67:27:d4:a6:49:
- fd:1c:93:65:76:9e:42:2f:dc:22:6c:9a:4f:f2:5a:15:39:b1:
- 71:d7:2b:51:e8:6d:1c:98:c0:d9:2a:f4:a1:82:7b:d5:c9:41:
- a2:23:01:74:38:55:8b:0f:b9:2e:67:a2:20:04:37:da:9c:0b:
- d3:17:21:e0:8f:97:79:34:6f:84:48:02:20:33:1b:e6:34:44:
- 9f:91:70:f4:80:5e:84:43:c2:29:d2:6c:12:14:e4:61:8d:ac:
- 10:90:9e:84:50:bb:f0:96:6f:45:9f:8a:f3:ca:6c:4f:fa:11:
- 3a:15:15:46:c3:cd:1f:83:5b:2d:41:12:ed:50:67:41:13:3d:
- 21:ab:94:8a:aa:4e:7c:c1:b1:fb:a7:d6:b5:27:2f:97:ab:6e:
- e0:1d:e2:d1:1c:2c:1f:44:e2:fc:be:91:a1:9c:fb:d6:29:53:
- 73:86:9f:53:d8:43:0e:5d:d6:63:82:71:1d:80:74:ca:f6:e2:
- 02:6b:d9:5a
-SHA1 Fingerprint=D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58
------BEGIN CERTIFICATE-----
-MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
-FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
-Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
-A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
-b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
-jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
-PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
-ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
-nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
-q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
-MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
-mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
-7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
-oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
-EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
-fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
-AmvZWg==
------END CERTIFICATE-----
diff --git a/secure/caroot/blacklisted/QuoVadis_Root_CA.pem b/secure/caroot/blacklisted/QuoVadis_Root_CA.pem
deleted file mode 100644
index 687deac9887e..000000000000
--- a/secure/caroot/blacklisted/QuoVadis_Root_CA.pem
+++ /dev/null
@@ -1,116 +0,0 @@
-##
-## QuoVadis Root CA
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## It contains a certificate trusted for server authentication.
-##
-## Extracted from nss
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 985026699 (0x3ab6508b)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
- Validity
- Not Before: Mar 19 18:33:33 2001 GMT
- Not After : Mar 17 18:33:33 2021 GMT
- Subject: C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:bf:61:b5:95:53:ba:57:fc:fa:f2:67:0b:3a:1a:
- df:11:80:64:95:b4:d1:bc:cd:7a:cf:f6:29:96:2e:
- 24:54:40:24:38:f7:1a:85:dc:58:4c:cb:a4:27:42:
- 97:d0:9f:83:8a:c3:e4:06:03:5b:00:a5:51:1e:70:
- 04:74:e2:c1:d4:3a:ab:d7:ad:3b:07:18:05:8e:fd:
- 83:ac:ea:66:d9:18:1b:68:8a:f5:57:1a:98:ba:f5:
- ed:76:3d:7c:d9:de:94:6a:3b:4b:17:c1:d5:8f:bd:
- 65:38:3a:95:d0:3d:55:36:4e:df:79:57:31:2a:1e:
- d8:59:65:49:58:20:98:7e:ab:5f:7e:9f:e9:d6:4d:
- ec:83:74:a9:c7:6c:d8:ee:29:4a:85:2a:06:14:f9:
- 54:e6:d3:da:65:07:8b:63:37:12:d7:d0:ec:c3:7b:
*** 1486 LINES SKIPPED ***