git: 7577dae4d672 - stable/14 - caroot: update the root bundle
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 20 Mar 2025 10:19:05 UTC
The branch stable/14 has been updated by michaelo:
URL: https://cgit.FreeBSD.org/src/commit/?id=7577dae4d67216c602dc11e2388d190a2c9dc9ff
commit 7577dae4d67216c602dc11e2388d190a2c9dc9ff
Author: Michael Osipov <michaelo@FreeBSD.org>
AuthorDate: 2025-03-07 18:58:55 +0000
Commit: Michael Osipov <michaelo@FreeBSD.org>
CommitDate: 2025-03-20 10:18:27 +0000
caroot: update the root bundle
Summary:
- Seven (7) new roots
- Four (4) distrusted roots
- Fifteen (15) removed (expired) roots
Reviewed by: kevans
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49294
(cherry picked from commit 0100da4deb96e15acf72d7655127c6faafa4148f)
---
ObsoleteFiles.inc | 20 +++
.../caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem | 139 ++++++++++++++++++++
.../caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem | 139 ++++++++++++++++++++
.../trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem | 71 +++++++++++
secure/caroot/trusted/SecureSign_Root_CA12.pem | 93 ++++++++++++++
secure/caroot/trusted/SecureSign_Root_CA14.pem | 135 ++++++++++++++++++++
secure/caroot/trusted/SecureSign_Root_CA15.pem | 67 ++++++++++
secure/caroot/trusted/TWCA_CYBER_Root_CA.pem | 137 ++++++++++++++++++++
secure/caroot/untrusted/AddTrust_External_Root.pem | 99 ---------------
.../untrusted/AddTrust_Low-Value_Services_Root.pem | 98 ---------------
secure/caroot/untrusted/Cybertrust_Global_Root.pem | 99 ---------------
secure/caroot/untrusted/DST_Root_CA_X3.pem | 92 --------------
.../untrusted/E-Tugra_Certification_Authority.pem | 140 ---------------------
.../Entrust_Root_Certification_Authority_-_G4.pem | 0
secure/caroot/untrusted/GeoTrust_Global_CA.pem | 90 -------------
.../caroot/untrusted/GlobalSign_Root_CA_-_R2.pem | 99 ---------------
.../caroot/untrusted/Hongkong_Post_Root_CA_1.pem | 89 -------------
secure/caroot/untrusted/QuoVadis_Root_CA.pem | 116 -----------------
.../{trusted => untrusted}/SecureSign_RootCA11.pem | 0
.../Security_Communication_RootCA3.pem | 0
.../untrusted/Security_Communication_Root_CA.pem | 91 --------------
secure/caroot/untrusted/Sonera_Class_2_Root_CA.pem | 90 -------------
.../untrusted/Staat_der_Nederlanden_EV_Root_CA.pem | 134 --------------------
.../Staat_der_Nederlanden_Root_CA_-_G2.pem | 137 --------------------
.../SwissSign_Silver_CA_-_G2.pem | 0
secure/caroot/untrusted/Trustis_FPS_Root_CA.pem | 91 --------------
26 files changed, 801 insertions(+), 1465 deletions(-)
diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index f3fec428ff4a..1ca9432d91d6 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -51,6 +51,26 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20250310: caroot bundle updated
+OLD_FILES+=usr/share/certs/trusted/Entrust_Root_Certification_Authority_-_G4.pem
+OLD_FILES+=usr/share/certs/trusted/SecureSign_RootCA11.pem
+OLD_FILES+=usr/share/certs/trusted/Security_Communication_RootCA3.pem
+OLD_FILES+=usr/share/certs/trusted/SwissSign_Silver_CA_-_G2.pem
+OLD_FILES+=usr/share/certs/untrusted/AddTrust_External_Root.pem
+OLD_FILES+=usr/share/certs/untrusted/AddTrust_Low-Value_Services_Root.pem
+OLD_FILES+=usr/share/certs/untrusted/Staat_der_Nederlanden_Root_CA_-_G2.pem
+OLD_FILES+=usr/share/certs/untrusted/Cybertrust_Global_Root.pem
+OLD_FILES+=usr/share/certs/untrusted/DST_Root_CA_X3.pem
+OLD_FILES+=usr/share/certs/untrusted/GlobalSign_Root_CA_-_R2.pem
+OLD_FILES+=usr/share/certs/untrusted/QuoVadis_Root_CA.pem
+OLD_FILES+=usr/share/certs/untrusted/Sonera_Class_2_Root_CA.pem
+OLD_FILES+=usr/share/certs/untrusted/GeoTrust_Global_CA.pem
+OLD_FILES+=usr/share/certs/untrusted/Staat_der_Nederlanden_EV_Root_CA.pem
+OLD_FILES+=usr/share/certs/untrusted/E-Tugra_Certification_Authority.pem
+OLD_FILES+=usr/share/certs/untrusted/Hongkong_Post_Root_CA_1.pem
+OLD_FILES+=usr/share/certs/untrusted/Security_Communication_Root_CA.pem
+OLD_FILES+=usr/share/certs/untrusted/Trustis_FPS_Root_CA.pem
+
# 20250204: sys/vm/stack test symbols moved to /usr/lib/debug
OLD_FILES+=usr/tests/sys/vm/stack/.debug/libsoxstack.so.debug
OLD_DIRS+=usr/tests/sys/vm/stack/.debug
diff --git a/secure/caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem b/secure/caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem
new file mode 100644
index 000000000000..32d0d9dbdf0c
--- /dev/null
+++ b/secure/caroot/trusted/D-TRUST_BR_Root_CA_2_2023.pem
@@ -0,0 +1,139 @@
+##
+## D-TRUST BR Root CA 2 2023
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 73:3b:30:04:48:5b:d9:4d:78:2e:73:4b:c9:a1:dc:66
+ Signature Algorithm: sha512WithRSAEncryption
+ Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST BR Root CA 2 2023
+ Validity
+ Not Before: May 9 08:56:31 2023 GMT
+ Not After : May 9 08:56:30 2038 GMT
+ Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST BR Root CA 2 2023
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:ae:ff:09:59:91:80:0a:4a:68:e6:24:3f:b8:a7:
+ e4:c8:3a:0a:3a:16:cd:c9:23:61:a0:93:71:f2:ab:
+ 8b:73:8f:a0:67:65:60:d2:54:6b:63:51:6f:49:33:
+ e0:72:07:13:7d:38:cd:06:92:07:29:52:6b:4e:77:
+ 6c:04:d3:95:fa:dd:4c:8c:d9:5d:c1:61:7d:4b:e7:
+ 28:b3:44:81:7b:51:af:dd:33:b1:68:7c:d6:4e:4c:
+ fe:2b:68:b9:ca:66:69:c4:ec:5e:57:7f:f7:0d:c7:
+ 9c:36:36:e5:07:60:ac:c0:4c:ea:08:6c:ef:06:7c:
+ 4f:5b:28:7a:08:fc:93:5d:9b:f6:9c:b4:8b:86:ba:
+ 21:b9:f4:f0:e8:59:5a:28:a1:34:84:1a:25:91:b6:
+ b5:8f:ef:b2:f9:80:fa:f9:3d:3c:11:72:d8:e3:2f:
+ 86:76:c5:79:2c:c1:a9:90:93:46:98:67:cb:83:6a:
+ a0:50:23:a7:3b:f6:81:39:e0:ed:f0:b9:bf:65:f1:
+ d8:cb:7a:fb:ef:73:03:ce:00:f4:7d:d7:e0:5d:3b:
+ 66:b8:dc:8e:ba:83:cb:87:76:03:fc:25:d9:e7:23:
+ 6f:06:fd:67:f3:e0:ff:84:bc:47:bf:b5:16:18:46:
+ 69:14:cc:05:f7:db:d3:49:ac:6b:cc:ab:e4:b5:0b:
+ 43:24:5e:4b:6b:4d:67:df:d6:b5:3e:4f:78:1f:94:
+ 71:24:ea:de:70:fc:f1:93:fe:9e:93:5a:e4:94:5a:
+ 97:54:0c:35:7b:5f:6c:ee:00:1f:24:ec:03:ba:02:
+ f5:76:f4:9f:d4:9a:ed:85:2c:38:22:2f:c7:d8:2f:
+ 76:11:4f:fd:6c:5c:e8:f5:8e:27:87:7f:19:4a:21:
+ 47:90:1d:79:8d:1c:5b:f8:cf:4a:85:e4:ed:b3:5b:
+ 8d:be:c4:64:28:5d:41:c4:6e:ac:38:5a:4f:23:74:
+ 74:a9:12:c3:f6:d2:b9:11:15:33:07:91:d8:3b:37:
+ 3a:63:30:06:d1:c5:22:36:28:62:23:10:e0:46:cc:
+ 97:ac:d6:2b:5d:64:24:d5:ee:1c:0e:de:fb:08:5a:
+ 75:2a:f6:63:6d:ce:0b:42:be:d1:ba:70:1c:9c:21:
+ e5:0f:31:69:17:d7:fc:0a:b4:de:ed:80:9c:cb:92:
+ b4:8b:f5:de:59:a2:58:09:a5:63:47:0b:e1:41:32:
+ 34:41:d9:9a:b1:d9:a8:b0:1b:5a:de:0d:0d:f4:e2:
+ b2:5d:35:80:b9:81:d4:84:69:91:02:cb:75:d0:8d:
+ c5:b5:3d:09:91:09:8f:14:a1:14:74:79:3e:d6:c9:
+ 15:1d:a4:59:59:22:dc:f6:8a:45:3d:3c:12:d6:3e:
+ 5d:32:2f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 67:90:F0:D6:DE:B5:18:D5:46:29:7E:5C:AB:F8:9E:08:BC:64:95:10
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 CRL Distribution Points:
+ Full Name:
+ URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_2_2023.crl
+ Signature Algorithm: sha512WithRSAEncryption
+ Signature Value:
+ 34:f7:b3:77:53:db:30:16:b9:2d:a5:21:f1:40:21:75:eb:eb:
+ 48:16:81:3d:73:e0:9e:27:2a:eb:77:a9:13:a4:6a:0a:5a:5a:
+ 14:33:3d:68:1f:81:ae:69:fd:8c:9f:65:6c:34:42:d9:2d:d0:
+ 7f:78:16:b1:3a:ac:23:31:ad:5e:7f:ae:e7:ae:2b:fa:ba:fc:
+ 3c:97:95:40:93:5f:c3:2d:03:a3:ed:a4:6f:53:d7:fa:40:0e:
+ 30:f5:00:20:2c:00:4c:8c:3b:b4:a3:1f:b6:bf:91:32:ab:af:
+ 92:98:d3:16:e6:d4:d1:54:5c:43:5b:2e:ae:ef:57:2a:a8:b4:
+ 6f:a4:ef:0d:56:14:da:21:ab:20:76:9e:03:fc:26:b8:9e:3f:
+ 3e:03:26:e6:4c:db:9d:5f:42:84:3d:45:03:03:1c:59:88:ca:
+ dc:2e:61:24:5a:a4:ea:27:0b:73:12:be:52:b3:0a:cf:32:17:
+ e2:1e:87:1a:16:95:48:6d:5a:e0:d0:cf:09:92:26:66:91:d8:
+ a3:61:0e:aa:81:81:7f:e8:52:82:d1:42:e7:e0:1d:18:fa:a4:
+ 85:36:e7:86:e0:0d:eb:bc:d4:c9:d6:3c:43:f1:5d:49:6e:7e:
+ 81:9b:69:b5:89:62:8f:88:52:d8:d7:fe:27:c1:23:c5:cb:2b:
+ 02:bb:b1:5f:fe:fb:43:85:03:46:be:5d:c6:ca:21:26:ff:d7:
+ 02:9e:74:4a:dc:f8:13:15:b1:81:57:36:cb:65:5c:d1:1d:31:
+ 77:e9:25:c3:c3:b2:32:37:d5:f1:98:09:e4:6d:63:80:08:ab:
+ 06:92:81:d4:e9:70:8f:a7:3f:b2:ed:86:8c:82:6a:35:c8:42:
+ 5a:82:d1:52:1a:45:0f:15:a5:00:f0:94:7b:65:27:57:39:43:
+ cf:7c:7f:e6:bd:35:b3:7b:f1:19:4c:de:3a:96:cf:e9:76:ee:
+ 03:e7:c2:43:52:3c:6a:81:e8:c1:5a:80:bd:11:5d:93:6b:fb:
+ c7:e6:64:3f:bb:69:1c:e9:dd:25:8b:af:74:c9:54:40:ca:cb:
+ 93:13:0a:ed:fb:66:92:11:ca:f5:c0:fa:d8:83:55:03:7c:d3:
+ c5:22:46:75:70:6b:79:48:06:2a:82:9a:bf:e6:eb:16:0e:22:
+ 45:01:bc:dd:36:94:34:a9:35:26:8a:d7:97:b9:ee:08:72:bf:
+ 34:92:70:83:80:ab:38:aa:59:68:dd:40:a4:18:90:b2:f3:d5:
+ 03:ca:26:ca:ef:d5:c7:e0:8f:53:8e:f0:00:e3:a8:ed:9f:f9:
+ ad:77:e0:2b:63:4f:9e:c3:ee:37:bb:78:09:84:9e:b9:6e:fb:
+ 29:99:90:e8:80:d3:9f:24
+SHA1 Fingerprint=2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87
+-----BEGIN CERTIFICATE-----
+MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBI
+MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE
+LVRSVVNUIEJSIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUw
+OTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi
+MCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCTcfKr
+i3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNE
+gXtRr90zsWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8
+k12b9py0i4a6Ibn08OhZWiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCT
+Rphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl
+2ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LULQyReS2tNZ9/WtT5PeB+U
+cSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIvx9gvdhFP
+/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bS
+uREVMweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+
+0bpwHJwh5Q8xaRfX/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4N
+DfTisl01gLmB1IRpkQLLddCNxbU9CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+
+XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUZ5Dw1t61
+GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG
+OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y
+XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tI
+FoE9c+CeJyrrd6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67n
+riv6uvw8l5VAk1/DLQOj7aRvU9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTR
+VFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4nj8+AybmTNudX0KEPUUDAxxZiMrc
+LmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdijYQ6qgYF/6FKC0ULn
+4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff/vtD
+hQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsG
+koHU6XCPpz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46
+ls/pdu4D58JDUjxqgejBWoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aS
+Ecr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/5usWDiJFAbzdNpQ0qTUmiteXue4Icr80
+knCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jtn/mtd+ArY0+ew+43u3gJ
+hJ65bvspmZDogNOfJA==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem b/secure/caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem
new file mode 100644
index 000000000000..5325b545bb3f
--- /dev/null
+++ b/secure/caroot/trusted/D-TRUST_EV_Root_CA_2_2023.pem
@@ -0,0 +1,139 @@
+##
+## D-TRUST EV Root CA 2 2023
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 69:26:09:7e:80:4b:4c:a0:a7:8c:78:62:53:5f:5a:6f
+ Signature Algorithm: sha512WithRSAEncryption
+ Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST EV Root CA 2 2023
+ Validity
+ Not Before: May 9 09:10:33 2023 GMT
+ Not After : May 9 09:10:32 2038 GMT
+ Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST EV Root CA 2 2023
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:d8:8e:a3:89:80:0b:b2:57:52:dc:a9:53:4c:37:
+ b9:7f:63:17:13:ef:a7:5b:23:5b:69:75:b0:99:0a:
+ 17:c1:8b:c4:db:a8:e0:cc:31:ba:c2:f2:cd:5d:e9:
+ b7:f8:1d:af:6a:c4:95:87:d7:47:c9:95:d8:82:04:
+ 50:3d:81:08:ff:e4:3d:b3:b1:d6:c5:b2:fd:88:09:
+ db:9c:84:ec:25:17:14:87:7f:30:78:9b:6a:58:c9:
+ b6:73:28:3c:34:f7:99:f7:7f:d3:a6:f8:1c:45:7c:
+ ad:2c:8c:94:3f:d8:67:10:53:7e:22:cd:4e:25:51:
+ f0:25:24:35:11:5e:10:c6:ec:87:66:89:81:68:ba:
+ cc:2b:9d:47:73:1f:bd:cd:91:a4:72:6a:9c:a2:1b:
+ 18:a0:6f:ec:50:f4:7d:40:c2:a8:30:cf:bd:73:c8:
+ 13:2b:10:13:1e:8b:9a:a8:3a:94:73:d3:18:69:0a:
+ 4a:ff:c1:01:03:ff:79:7f:b5:48:7f:7b:ee:e8:29:
+ 6f:36:4c:95:61:86:d8:f9:a2:73:8a:ee:ae:2f:96:
+ ee:68:cd:3d:4d:28:42:f9:45:2b:32:1b:46:55:16:
+ 6a:a6:4b:29:f9:bb:95:56:bf:46:1d:ec:1d:93:1d:
+ c0:65:b2:1f:a1:43:ae:56:9e:a0:b1:8f:6b:12:b7:
+ 60:6d:78:0b:ca:8a:5c:ed:1e:96:0e:83:a6:48:95:
+ 8d:3b:a3:21:c4:ae:58:c6:00:b2:84:b4:23:a4:96:
+ 86:35:b8:d8:9e:d8:ac:34:49:98:63:95:c5:cb:6d:
+ 48:47:e2:f2:2e:18:1e:d0:31:ab:dd:74:ec:f9:dc:
+ 8c:b8:1c:8e:68:23:ba:d0:f3:50:dc:cf:65:8f:73:
+ 3a:32:c7:7c:fe:ca:82:22:4f:be:8e:62:47:66:e5:
+ cd:87:e2:e8:d5:0f:18:9f:e5:04:72:4b:46:3c:10:
+ f2:44:c2:64:56:71:4e:75:e8:9c:c9:26:74:c5:7d:
+ 59:d1:0a:5b:0f:6d:fe:9e:75:1c:18:c6:1a:3a:7c:
+ d8:0d:04:cc:cd:b7:45:65:7a:b1:8f:b8:ae:84:48:
+ 3e:b3:7a:4d:a8:03:e2:e2:7e:01:16:59:68:18:43:
+ 33:b0:d2:dc:b0:1a:43:35:ee:a5:da:a9:46:5c:ae:
+ 86:81:41:01:4a:74:26:ec:9f:06:bf:c2:05:37:64:
+ 75:78:29:68:fd:c5:f5:eb:fe:47:f9:e4:85:b0:e1:
+ 7b:31:9d:a6:7f:72:a3:b9:c4:2c:2e:cc:99:57:0e:
+ 21:0c:45:01:94:65:eb:65:09:c6:63:22:0b:33:49:
+ 92:48:3c:fc:cd:ce:b0:3e:8e:9e:8b:f8:fe:49:c5:
+ 35:72:47
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ AA:FC:91:10:1B:87:91:5F:16:B9:BF:4F:4B:91:5E:00:1C:B1:32:80
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 CRL Distribution Points:
+ Full Name:
+ URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_2_2023.crl
+ Signature Algorithm: sha512WithRSAEncryption
+ Signature Value:
+ 93:cb:a5:1f:99:11:ec:9a:0d:5f:2c:15:93:c6:3f:be:10:8d:
+ 78:42:f0:6e:90:47:47:8e:a3:92:32:8d:70:8f:f6:5b:8d:be:
+ 89:ce:47:01:6a:1b:20:20:89:5b:c8:82:10:6c:e0:e7:99:aa:
+ 6b:c6:2a:a0:63:35:91:6a:85:25:ad:17:38:a5:9b:7e:50:f2:
+ 76:ea:85:05:2a:27:41:2b:b1:81:d1:a2:f6:40:75:a9:0e:cb:
+ f1:55:48:d8:ec:d1:ec:b3:e8:ce:14:a1:35:ec:c2:5e:35:1a:
+ ab:a6:16:01:06:8e:ea:dc:2f:a3:8a:ca:2c:91:eb:52:8e:5f:
+ 0c:9b:17:cf:cb:73:07:19:c4:6a:c2:73:54:ef:7c:43:52:63:
+ c1:11:ca:c2:45:b1:f4:3b:53:f5:69:ae:3c:e3:a5:de:ac:e8:
+ 54:b7:b2:91:fd:ac:a9:1f:f2:87:e4:17:c6:49:a8:7c:d8:0a:
+ 41:f4:f2:3e:e7:77:34:04:52:dd:e8:81:f2:4d:2f:54:45:9d:
+ 15:e1:4f:cc:e5:de:34:57:10:c9:23:72:17:70:8d:50:70:1f:
+ 56:6c:cc:b9:ff:3a:5a:4f:63:7a:c3:6e:65:07:1d:84:a1:ff:
+ a9:0c:63:89:6d:b2:40:88:39:d7:1f:77:68:b5:fc:9c:d5:d6:
+ 67:69:5b:a8:74:db:fc:89:f6:1b:32:f7:a4:24:a6:76:b7:47:
+ 53:ef:8d:49:8f:a9:b6:83:5a:a5:96:90:45:61:f5:de:03:4f:
+ 26:0f:a8:8b:f0:03:96:b0:ac:15:d0:71:5a:6a:7b:94:e6:70:
+ 93:da:f1:69:e0:b2:62:4d:9e:8f:ff:89:9d:9b:5d:cd:45:e9:
+ 94:02:22:8d:e0:35:7f:e8:f1:04:79:71:6c:54:83:f8:33:b9:
+ 05:32:1b:58:55:11:4f:d0:e5:27:47:71:ec:ed:da:67:d6:62:
+ a6:4b:4d:0f:69:a2:c9:bc:ec:22:4b:94:c7:68:94:17:7e:e2:
+ 8e:28:3e:b6:c6:ea:f5:34:6c:9f:37:88:07:38:db:86:71:fa:
+ cd:95:48:43:6e:a3:4f:82:87:d7:34:98:6e:4b:93:79:60:75:
+ 69:0f:f0:1a:d5:53:fa:21:0c:c2:3f:e9:3f:1f:18:8c:92:5d:
+ 78:a7:76:67:19:bb:b2:ea:7f:e9:70:09:56:56:a3:b0:0c:0b:
+ 2d:36:5e:c5:e9:c4:d5:83:cb:86:17:97:2c:6c:13:6f:87:5a:
+ af:49:a6:1d:db:cd:38:04:2e:5f:e2:4a:35:0e:2d:4b:f8:a2:
+ 24:04:8d:d8:e1:63:5e:02:92:34:da:98:61:5c:1c:6f:58:76:
+ 64:b3:fc:02:b8:f5:9d:0a
+SHA1 Fingerprint=A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B
+-----BEGIN CERTIFICATE-----
+MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBI
+MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE
+LVRSVVNUIEVWIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUw
+OTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi
+MCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1sJkK
+F8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE
+7CUXFId/MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFe
+EMbsh2aJgWi6zCudR3Mfvc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6
+lHPTGGkKSv/BAQP/eX+1SH977ugpbzZMlWGG2Pmic4ruri+W7mjNPU0oQvlFKzIb
+RlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3YG14C8qKXO0elg6DpkiV
+jTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq9107PncjLgc
+jmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZx
+TnXonMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+
+ARZZaBhDM7DS3LAaQzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nk
+hbDhezGdpn9yo7nELC7MmVcOIQxFAZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knF
+NXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqvyREBuH
+kV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG
+OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y
+XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14
+QvBukEdHjqOSMo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4
+pZt+UPJ26oUFKidBK7GB0aL2QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q
+3C+jisosketSjl8MmxfPy3MHGcRqwnNU73xDUmPBEcrCRbH0O1P1aa4846XerOhU
+t7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V4U/M5d40VxDJI3IX
+cI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuodNv8
+ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT
+2vFp4LJiTZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs
+7dpn1mKmS00PaaLJvOwiS5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNP
+gofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAst
+Nl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L+KIkBI3Y4WNeApI02phh
+XBxvWHZks/wCuPWdCg==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem b/secure/caroot/trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem
new file mode 100644
index 000000000000..c3372985be38
--- /dev/null
+++ b/secure/caroot/trusted/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem
@@ -0,0 +1,71 @@
+##
+## FIRMAPROFESIONAL CA ROOT-A WEB
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 31:97:21:ed:af:89:42:7f:35:41:87:a1:67:56:4c:6d
+ Signature Algorithm: ecdsa-with-SHA384
+ Issuer: C = ES, O = Firmaprofesional SA, organizationIdentifier = VATES-A62634068, CN = FIRMAPROFESIONAL CA ROOT-A WEB
+ Validity
+ Not Before: Apr 6 09:01:36 2022 GMT
+ Not After : Mar 31 09:01:36 2047 GMT
+ Subject: C = ES, O = Firmaprofesional SA, organizationIdentifier = VATES-A62634068, CN = FIRMAPROFESIONAL CA ROOT-A WEB
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:47:53:ea:2c:11:a4:77:c7:2a:ea:f3:d6:5f:7b:
+ d3:04:91:5c:fa:88:c6:22:b9:83:10:62:77:84:33:
+ 2d:e9:03:88:d4:e0:33:f7:ed:77:2c:4a:60:ea:e4:
+ 6f:ad:6d:b4:f8:4c:8a:a4:e4:1f:ca:ea:4f:38:4a:
+ 2e:82:73:2b:c7:66:9b:0a:8c:40:9c:7c:8a:f6:f2:
+ 39:60:b2:de:cb:ec:b8:e4:6f:ea:9b:5d:b7:53:90:
+ 18:32:55:c5:20:b7:94
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ 93:E1:43:63:5C:3C:9D:D6:27:F3:52:EC:17:B2:A9:AF:2C:F7:76:F8
+ X509v3 Subject Key Identifier:
+ 93:E1:43:63:5C:3C:9D:D6:27:F3:52:EC:17:B2:A9:AF:2C:F7:76:F8
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ Signature Algorithm: ecdsa-with-SHA384
+ Signature Value:
+ 30:65:02:30:1d:7c:a4:7b:c3:89:75:33:e1:3b:a9:45:bf:46:
+ e9:e9:a1:dd:c9:22:16:b7:47:11:0b:d8:9a:ba:f1:c8:0b:70:
+ 50:53:02:91:70:85:59:a9:1e:a4:e6:ea:23:31:a0:00:02:31:
+ 00:fd:e2:f8:b3:af:16:b9:1e:73:c4:96:e3:c1:30:19:d8:7e:
+ e6:c3:97:de:1c:4f:b8:89:2f:33:eb:48:0f:19:f7:87:46:5d:
+ 26:90:a5:85:c5:b9:7a:94:3e:87:a8:bd:00
+SHA1 Fingerprint=A8:31:11:74:A6:14:15:0D:CA:77:DD:0E:E4:0C:5D:58:FC:A0:72:A5
+-----BEGIN CERTIFICATE-----
+MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQsw
+CQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UE
+YQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENB
+IFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2WhcNNDcwMzMxMDkwMTM2WjBuMQsw
+CQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UE
+YQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENB
+IFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zf
+e9MEkVz6iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6C
+cyvHZpsKjECcfIr28jlgst7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FDY1w8ndYn81LsF7Kpryz3dvgwHQYDVR0O
+BBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjO
+PQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgLcFBTApFw
+hVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dG
+XSaQpYXFuXqUPoeovQA=
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/SecureSign_Root_CA12.pem b/secure/caroot/trusted/SecureSign_Root_CA12.pem
new file mode 100644
index 000000000000..0e2b8a20edb2
--- /dev/null
+++ b/secure/caroot/trusted/SecureSign_Root_CA12.pem
@@ -0,0 +1,93 @@
+##
+## SecureSign Root CA12
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 66:f9:c7:c1:af:ec:c2:51:b4:ed:53:97:e6:e6:82:c3:2b:1c:90:16
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C = JP, O = "Cybertrust Japan Co., Ltd.", CN = SecureSign Root CA12
+ Validity
+ Not Before: Apr 8 05:36:46 2020 GMT
+ Not After : Apr 8 05:36:46 2040 GMT
+ Subject: C = JP, O = "Cybertrust Japan Co., Ltd.", CN = SecureSign Root CA12
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ba:39:c1:37:7a:68:45:2b:14:b4:eb:e4:13:eb:
+ 57:75:23:4d:8f:24:2d:16:e8:ae:8e:c9:7d:a4:57:
+ 3b:2a:76:25:33:83:6c:ea:32:8a:94:9b:4e:3c:96:
+ e4:fd:51:bf:99:c9:93:7e:bf:f9:ad:a7:b2:48:2b:
+ 07:1c:27:f5:4c:bc:70:12:77:a4:85:54:b5:fd:90:
+ 7a:e4:a3:e4:51:58:03:cd:10:79:79:ee:6b:93:1f:
+ 64:8e:6b:64:ab:a3:13:e3:71:fe:7d:ab:9c:dd:27:
+ 53:37:b3:aa:18:c2:59:26:ec:5b:1f:d2:e6:65:7c:
+ ef:93:bd:d8:58:5c:0b:c0:e3:65:6f:3c:c7:ca:59:
+ e3:fe:6e:5f:ac:83:be:fd:5d:25:4e:2a:29:3b:d6:
+ 0b:ab:17:32:78:a4:e1:3e:94:46:be:62:6e:9b:de:
+ 46:a8:b1:16:e7:85:6e:f4:08:40:45:11:a0:9e:54:
+ 44:84:f7:d8:36:ce:f5:50:47:dc:2c:30:9b:ee:c0:
+ f5:96:d2:fe:09:86:c7:06:59:ae:4f:ae:8e:11:98:
+ 7b:f3:0b:52:aa:62:26:aa:21:df:8e:25:33:79:97:
+ 16:49:8d:f5:3e:d5:47:9f:37:31:49:33:72:05:4d:
+ 0c:b6:55:8c:f1:57:8f:8a:87:d1:ad:c5:11:12:39:
+ a0:ad
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 57:34:F3:74:CF:04:4B:D5:25:E6:F1:40:B6:2C:4C:D9:2D:E9:A0:AD
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 3e:bb:db:17:16:d2:f2:14:01:20:2c:38:83:4b:ad:be:ca:85:
+ 7a:9a:b6:9b:6b:a6:e1:fc:a5:3a:ac:ad:b4:28:3a:af:d7:01:
+ 83:49:2b:63:a2:dd:9a:64:0e:98:5c:6f:dd:8e:bb:8a:54:22:
+ 2d:4a:13:f3:ae:40:43:db:4f:91:b7:86:1a:ec:00:b4:41:81:
+ a4:4f:fa:6a:8b:88:b3:76:08:72:2a:49:40:c3:d3:c3:85:89:
+ 98:10:a5:9d:6f:19:b7:bb:cf:7a:65:55:db:37:eb:3c:8a:72:
+ 32:97:1e:9a:29:3e:ad:8d:e6:a3:1b:6d:f5:75:1a:e6:b0:68:
+ b9:5b:a2:ee:69:47:27:35:a1:86:99:80:f3:33:4b:e1:6b:a4:
+ 26:c3:ef:74:59:6c:7a:a2:64:b6:1e:44:c3:50:e0:0f:39:3d:
+ a9:33:f1:a5:f3:d2:bd:62:84:ac:8e:1c:a9:cd:5a:bd:37:3b:
+ 6e:0a:22:b4:f4:15:e7:91:58:c5:3a:44:d3:95:28:d9:c0:65:
+ e9:72:ca:d0:0f:bd:1f:b3:15:d9:a9:e3:a4:47:09:9e:e0:cb:
+ 37:fb:fd:bd:97:d5:be:18:1a:69:a2:39:81:d9:1a:f5:ab:7f:
+ c8:e3:e2:67:0b:9d:f4:0c:ea:54:df:d2:b2:af:b1:22:f1:20:
+ df:bc:44:1c
+SHA1 Fingerprint=7A:22:1E:3D:DE:1B:06:AC:9E:C8:47:70:16:8E:3C:E5:F7:6B:06:F4
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQEL
+BQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u
+LCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgw
+NTM2NDZaFw00MDA0MDgwNTM2NDZaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpD
+eWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBS
+b290IENBMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6OcE3emhF
+KxS06+QT61d1I02PJC0W6K6OyX2kVzsqdiUzg2zqMoqUm048luT9Ub+ZyZN+v/mt
+p7JIKwccJ/VMvHASd6SFVLX9kHrko+RRWAPNEHl57muTH2SOa2SroxPjcf59q5zd
+J1M3s6oYwlkm7Fsf0uZlfO+TvdhYXAvA42VvPMfKWeP+bl+sg779XSVOKik71gur
+FzJ4pOE+lEa+Ym6b3kaosRbnhW70CEBFEaCeVESE99g2zvVQR9wsMJvuwPWW0v4J
+hscGWa5Pro4RmHvzC1KqYiaqId+OJTN5lxZJjfU+1UefNzFJM3IFTQy2VYzxV4+K
+h9GtxRESOaCtAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBRXNPN0zwRL1SXm8UC2LEzZLemgrTANBgkqhkiG9w0BAQsF
+AAOCAQEAPrvbFxbS8hQBICw4g0utvsqFepq2m2um4fylOqyttCg6r9cBg0krY6Ld
+mmQOmFxv3Y67ilQiLUoT865AQ9tPkbeGGuwAtEGBpE/6aouIs3YIcipJQMPTw4WJ
+mBClnW8Zt7vPemVV2zfrPIpyMpcemik+rY3moxtt9XUa5rBouVui7mlHJzWhhpmA
+8zNL4WukJsPvdFlseqJkth5Ew1DgDzk9qTPxpfPSvWKErI4cqc1avTc7bgoitPQV
+55FYxTpE05Uo2cBl6XLK0A+9H7MV2anjpEcJnuDLN/v9vZfVvhgaaaI5gdka9at/
+yOPiZwud9AzqVN/Ssq+xIvEg37xEHA==
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/SecureSign_Root_CA14.pem b/secure/caroot/trusted/SecureSign_Root_CA14.pem
new file mode 100644
index 000000000000..261254699085
--- /dev/null
+++ b/secure/caroot/trusted/SecureSign_Root_CA14.pem
@@ -0,0 +1,135 @@
+##
+## SecureSign Root CA14
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 64:db:5a:0c:20:4e:e8:d7:29:77:c8:50:27:a2:5a:27:dd:2d:f2:cb
+ Signature Algorithm: sha384WithRSAEncryption
+ Issuer: C = JP, O = "Cybertrust Japan Co., Ltd.", CN = SecureSign Root CA14
+ Validity
+ Not Before: Apr 8 07:06:19 2020 GMT
+ Not After : Apr 8 07:06:19 2045 GMT
+ Subject: C = JP, O = "Cybertrust Japan Co., Ltd.", CN = SecureSign Root CA14
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:c5:d2:7a:a1:d6:8a:bf:16:31:d0:98:d1:3a:94:
+ fc:5a:b8:6e:22:c1:62:f7:a7:0a:27:ef:50:f6:2e:
+ b1:9e:68:12:f0:6c:24:63:39:f1:f0:df:10:c6:de:
+ b7:52:20:d5:52:5b:42:99:9e:f3:a0:be:52:1f:5f:
+ cc:67:6d:a7:2e:50:a2:c1:97:8d:b6:f8:95:f5:b0:
+ ba:dc:9d:e0:be:cb:df:f7:38:f2:47:f5:a6:9a:92:
+ 95:2a:62:59:50:0b:a2:b1:35:e7:65:b2:61:b2:ea:
+ 92:71:69:e4:29:f0:4f:81:81:04:3c:b2:a5:5b:d4:
+ c5:a8:59:67:7b:55:1c:49:ab:7a:9d:c2:e7:73:4d:
+ ef:cd:09:c2:c4:57:12:db:01:0e:23:79:09:07:3b:
+ a2:e8:fc:8a:cf:8f:c0:46:24:9c:38:27:e0:83:9d:
+ 1b:a0:bf:78:15:10:eb:86:4e:0a:5a:fd:df:da:2c:
+ 82:7e:ee:ca:f6:29:e1:fa:71:a1:f7:88:68:9c:9c:
+ f0:8d:be:0f:49:91:d8:ea:3a:f9:fd:d0:68:71:db:
+ e9:b5:2b:4e:82:92:6f:66:1f:e0:f0:dc:4c:ec:ca:
+ d1:ea:ba:74:06:f9:b3:84:90:94:d1:5f:8e:73:19:
+ 10:5d:02:e5:70:a5:c0:10:d0:10:7c:6f:c5:58:49:
+ b4:b0:6e:9a:da:7d:95:f5:cc:da:02:af:b8:2c:7d:
+ 79:8f:be:43:f1:f9:28:28:8d:09:43:f8:08:dd:6b:
+ c8:8b:2c:24:b1:8d:52:07:bd:78:9b:cb:ca:68:b2:
+ a4:dd:0c:4c:79:60:c6:99:d1:93:f1:30:1a:07:d3:
+ ae:22:c2:ea:ce:f1:84:09:cc:e0:14:6e:7f:3f:7e:
+ d2:82:85:ac:dc:a9:16:4e:85:a0:60:cb:f6:9c:d7:
+ c8:b3:8e:ed:c6:9b:98:75:0d:55:e8:5f:e5:95:8b:
+ 02:a4:ae:43:29:28:11:a4:e6:12:30:01:4b:75:6b:
+ 1e:66:9d:79:2f:a5:76:2f:1d:40:b4:6d:c9:7d:79:
+ 08:ec:d1:6a:b6:5d:2a:b2:a5:66:bd:6b:85:f4:74:
+ 56:c3:f5:e7:75:52:28:2c:a5:ff:66:47:a5:d4:fe:
+ fe:9e:54:bf:65:7e:01:d6:30:8f:a5:36:9c:a2:50:
+ 1c:ee:38:80:01:48:c6:c7:74:f4:c6:ac:c3:40:49:
+ 16:61:74:2c:af:8c:6f:35:ed:7b:18:00:5b:36:3c:
+ 9c:50:0d:ca:92:33:10:f1:26:49:6d:df:75:24:37:
+ 82:22:d7:e8:96:fd:15:4b:02:96:3e:07:72:95:7e:
+ ab:3d:4c:2e:d7:ca:f0:df:e0:58:3f:2d:2f:04:9a:
+ 38:a3:01
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 06:93:A3:0A:5E:28:69:37:AA:61:1D:EB:EB:FC:2D:6F:23:E4:F3:A0
+ Signature Algorithm: sha384WithRSAEncryption
+ Signature Value:
+ 96:80:72:09:06:7e:9c:cc:93:04:16:bb:a0:3a:8d:92:4e:b7:
+ 11:1a:0a:71:71:10:cd:04:ad:7f:a5:45:50:10:66:4e:4a:41:
+ a2:03:d9:11:4f:7a:37:b9:4b:e2:c6:8f:32:66:75:25:fb:eb:
+ ce:3f:03:29:26:8d:b8:16:1d:f6:1f:33:6e:48:e6:e8:f8:57:
+ b2:1b:79:df:3b:87:0a:e2:64:ba:00:ca:6c:ef:7e:d0:23:eb:
+ 78:8f:ff:64:9b:34:37:9f:35:65:a2:a4:00:3d:12:23:96:58:
+ 5d:ca:63:87:c6:a3:07:88:4d:e7:69:76:8a:53:cd:f1:4f:ec:
+ 42:f2:93:e3:99:a4:37:3c:87:b8:62:db:f0:ec:1f:37:3f:37:
+ 5f:43:cc:51:9d:b5:f0:97:c2:b7:85:6a:68:0b:44:1e:e5:51:
+ ee:93:ce:4b:6e:86:c1:d2:0c:24:59:36:1a:9f:2c:91:8f:e3:
+ 18:db:94:95:0a:ed:91:aa:0e:99:dc:96:53:e3:61:83:c6:16:
+ ba:23:ba:dc:dd:7e:1a:c6:7b:42:b6:d9:5a:05:dc:9a:5f:d5:
+ df:b8:da:47:7d:da:38:db:ac:39:d5:1e:6b:6c:2a:17:8c:61:
+ cd:b1:6d:72:01:c3:c3:20:00:62:68:16:31:d5:76:aa:86:bb:
+ 0e:aa:9e:c6:f9:f0:d9:f8:0d:21:02:e4:c5:28:16:59:11:b9:
+ d9:69:73:2a:92:78:b8:92:57:9b:08:f2:3a:e5:2f:95:b0:58:
+ b7:6b:20:14:6d:14:ef:0a:bc:7e:d8:55:d8:88:da:2f:fa:19:
+ a5:fb:8b:e0:7f:39:f5:72:2b:85:c4:2c:ac:ef:19:45:92:4c:
+ b3:61:07:dc:4d:1f:6e:d2:81:13:5c:9a:f3:12:67:83:cf:9b:
+ 3f:8b:9f:9d:a4:b9:a8:96:03:7a:c5:ee:20:de:33:da:2f:9e:
+ 1a:7a:74:1e:e1:ee:cc:5a:3a:04:dd:b3:1a:04:a8:14:63:ac:
+ b7:47:12:83:9a:6c:f5:e6:e9:15:15:91:1a:84:19:0e:94:44:
+ e7:12:8e:25:5b:80:67:19:dc:63:93:10:0b:65:2e:8a:fa:09:
+ 9a:4e:da:86:28:7d:aa:61:35:d8:0e:a7:28:1a:bb:52:e0:78:
+ f8:6c:ba:6c:b0:6e:b9:87:5e:e9:99:35:37:f1:3d:64:2b:a9:
+ a0:34:93:cf:63:2f:d5:81:df:ae:63:27:a5:1e:4e:8d:dc:29:
+ 78:59:f8:f9:a1:20:8c:a7:26:40:6e:82:72:cd:78:b2:c8:8f:
+ 3c:1e:73:e7:c1:1f:bf:cf:ce:a5:2a:9b:db:44:64:32:a0:bb:
+ 7f:5c:25:13:48:b5:7f:92
+SHA1 Fingerprint=DD:50:C0:F7:79:B3:64:2E:74:A2:B8:9D:9F:D3:40:DD:BB:F0:F2:4F
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEM
+BQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u
+LCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgw
+NzA2MTlaFw00NTA0MDgwNzA2MTlaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpD
+eWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBS
+b290IENBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF0nqh1oq/
+FjHQmNE6lPxauG4iwWL3pwon71D2LrGeaBLwbCRjOfHw3xDG3rdSINVSW0KZnvOg
+vlIfX8xnbacuUKLBl422+JX1sLrcneC+y9/3OPJH9aaakpUqYllQC6KxNedlsmGy
+6pJxaeQp8E+BgQQ8sqVb1MWoWWd7VRxJq3qdwudzTe/NCcLEVxLbAQ4jeQkHO6Lo
+/IrPj8BGJJw4J+CDnRugv3gVEOuGTgpa/d/aLIJ+7sr2KeH6caH3iGicnPCNvg9J
+kdjqOvn90Ghx2+m1K06Ckm9mH+Dw3EzsytHqunQG+bOEkJTRX45zGRBdAuVwpcAQ
+0BB8b8VYSbSwbprafZX1zNoCr7gsfXmPvkPx+SgojQlD+Ajda8iLLCSxjVIHvXib
+y8posqTdDEx5YMaZ0ZPxMBoH064iwurO8YQJzOAUbn8/ftKChazcqRZOhaBgy/ac
+18izju3Gm5h1DVXoX+WViwKkrkMpKBGk5hIwAUt1ax5mnXkvpXYvHUC0bcl9eQjs
+0Wq2XSqypWa9a4X0dFbD9ed1Uigspf9mR6XU/v6eVL9lfgHWMI+lNpyiUBzuOIAB
+SMbHdPTGrMNASRZhdCyvjG817XsYAFs2PJxQDcqSMxDxJklt33UkN4Ii1+iW/RVL
+ApY+B3KVfqs9TC7XyvDf4Fg/LS8EmjijAQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUBpOjCl4oaTeqYR3r6/wtbyPk
+86AwDQYJKoZIhvcNAQEMBQADggIBAJaAcgkGfpzMkwQWu6A6jZJOtxEaCnFxEM0E
+rX+lRVAQZk5KQaID2RFPeje5S+LGjzJmdSX7684/AykmjbgWHfYfM25I5uj4V7Ib
+ed87hwriZLoAymzvftAj63iP/2SbNDefNWWipAA9EiOWWF3KY4fGoweITedpdopT
+zfFP7ELyk+OZpDc8h7hi2/DsHzc/N19DzFGdtfCXwreFamgLRB7lUe6TzktuhsHS
+DCRZNhqfLJGP4xjblJUK7ZGqDpncllPjYYPGFrojutzdfhrGe0K22VoF3Jpf1d+4
+2kd92jjbrDnVHmtsKheMYc2xbXIBw8MgAGJoFjHVdqqGuw6qnsb58Nn4DSEC5MUo
+FlkRudlpcyqSeLiSV5sI8jrlL5WwWLdrIBRtFO8KvH7YVdiI2i/6GaX7i+B/OfVy
+K4XELKzvGUWSTLNhB9xNH27SgRNcmvMSZ4PPmz+Ln52kuaiWA3rF7iDeM9ovnhp6
+dB7h7sxaOgTdsxoEqBRjrLdHEoOabPXm6RUVkRqEGQ6UROcSjiVbgGcZ3GOTEAtl
+Lor6CZpO2oYofaphNdgOpygau1LgePhsumywbrmHXumZNTfxPWQrqaA0k89jL9WB
+365jJ6UeTo3cKXhZ+PmhIIynJkBugnLNeLLIjzwec+fBH7/PzqUqm9tEZDKgu39c
+JRNItX+S
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/SecureSign_Root_CA15.pem b/secure/caroot/trusted/SecureSign_Root_CA15.pem
new file mode 100644
index 000000000000..4d598436ea36
--- /dev/null
+++ b/secure/caroot/trusted/SecureSign_Root_CA15.pem
@@ -0,0 +1,67 @@
+##
+## SecureSign Root CA15
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 16:15:c7:c3:d8:49:a7:be:69:0c:8a:88:ed:f0:70:f9:dd:b7:3e:87
+ Signature Algorithm: ecdsa-with-SHA384
+ Issuer: C = JP, O = "Cybertrust Japan Co., Ltd.", CN = SecureSign Root CA15
+ Validity
+ Not Before: Apr 8 08:32:56 2020 GMT
+ Not After : Apr 8 08:32:56 2045 GMT
+ Subject: C = JP, O = "Cybertrust Japan Co., Ltd.", CN = SecureSign Root CA15
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:0b:50:74:8d:64:32:99:99:b3:d2:60:08:b8:22:
+ 8e:46:74:2c:78:c0:2b:44:2d:6d:5f:1d:c9:ae:4b:
+ 52:20:83:3d:b8:14:6d:53:87:60:9e:5f:6c:85:db:
+ 06:14:95:e0:c7:28:ff:9d:5f:e4:aa:f1:b3:8b:6d:
+ ed:4f:2f:4b:c9:4a:94:91:64:75:fe:01:ec:c1:d8:
+ eb:7a:94:78:56:18:43:5f:6b:81:cb:f6:bc:da:b4:
+ 0c:b6:29:93:08:69:8f
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ EB:41:C8:AE:FC:D5:9E:51:48:F5:BD:8B:F4:87:20:93:41:2B:D3:F4
+ Signature Algorithm: ecdsa-with-SHA384
+ Signature Value:
+ 30:65:02:31:00:d9:2e:89:7e:5e:4e:a4:11:07:bd:59:c2:07:
+ de:ab:32:38:53:2a:46:44:06:17:7a:ce:51:e9:e0:ff:66:2d:
+ 09:4e:e0:4f:f4:05:d1:85:f6:35:60:dc:f5:72:b3:46:7d:02:
+ 30:44:98:46:1a:82:85:1e:61:69:89:4b:07:4b:66:b5:9e:aa:
+ ba:a0:1e:41:d9:01:74:3a:6e:45:3a:89:80:19:7b:32:98:55:
+ 63:ab:eb:63:6e:93:6d:ab:1b:09:60:31:4e
+SHA1 Fingerprint=CB:BA:83:C8:C1:5A:5D:F1:F9:73:6F:CA:D7:EF:28:13:06:4A:07:7D
+-----BEGIN CERTIFICATE-----
+MIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMw
+UTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBM
+dGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMy
+NTZaFw00NTA0MDgwODMyNTZaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpDeWJl
+cnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBSb290
+IENBMTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQLUHSNZDKZmbPSYAi4Io5GdCx4
+wCtELW1fHcmuS1Iggz24FG1Th2CeX2yF2wYUleDHKP+dX+Sq8bOLbe1PL0vJSpSR
+ZHX+AezB2Ot6lHhWGENfa4HL9rzatAy2KZMIaY+jQjBAMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT
+9DAKBggqhkjOPQQDAwNoADBlAjEA2S6Jfl5OpBEHvVnCB96rMjhTKkZEBhd6zlHp
+4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJSwdLZrWeqrqgHkHZAXQ6
+bkU6iYAZezKYVWOr62Nuk22rGwlgMU4=
+-----END CERTIFICATE-----
diff --git a/secure/caroot/trusted/TWCA_CYBER_Root_CA.pem b/secure/caroot/trusted/TWCA_CYBER_Root_CA.pem
new file mode 100644
index 000000000000..f3a6b60e3bc8
--- /dev/null
+++ b/secure/caroot/trusted/TWCA_CYBER_Root_CA.pem
@@ -0,0 +1,137 @@
+##
+## TWCA CYBER Root CA
+##
+## This is a single X.509 certificate for a public Certificate
+## Authority (CA). It was automatically extracted from Mozilla's
+## root CA list (the file `certdata.txt' in security/nss).
+##
+## It contains a certificate trusted for server authentication.
+##
+## Extracted from nss
+##
+## @generated
+##
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 40:01:34:8c:c2:00:00:00:00:00:00:00:01:3c:f2:c6
+ Signature Algorithm: sha384WithRSAEncryption
+ Issuer: C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA CYBER Root CA
+ Validity
+ Not Before: Nov 22 06:54:29 2022 GMT
+ Not After : Nov 22 15:59:59 2047 GMT
+ Subject: C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA CYBER Root CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:c6:f8:ca:1e:d9:09:20:7e:1d:6c:4e:ce:8f:e3:
+ 47:33:44:9c:c7:c9:69:aa:3a:5b:78:ee:70:d2:92:
+ f8:04:b3:52:52:1d:67:72:28:a1:df:8b:5d:95:0a:
+ fe:ea:cd:ed:f7:29:ce:f0:6f:7f:ac:cd:3d:ef:b3:
+ 1c:45:6a:f7:28:90:f1:61:57:c5:0c:c4:a3:50:5d:
+ de:d4:b5:cb:19:ca:80:b9:75:ce:29:ce:d2:85:22:
+ ec:02:63:cc:44:30:20:da:ea:91:5b:56:e6:1d:1c:
+ d5:9d:66:c7:3f:df:86:ca:4b:53:c4:d9:8d:b2:1d:
+ ea:f8:dc:27:53:a3:47:e1:61:cc:7d:b5:b0:f8:ee:
+ 73:91:c5:ce:73:6f:ce:ee:10:1f:1a:06:cf:e9:27:
+ 60:c5:4f:19:e4:eb:ce:22:26:45:d7:60:99:dd:ce:
+ 4f:37:e0:7f:e7:63:ad:b0:b8:59:b8:d0:06:68:35:
+ 60:d3:36:ae:71:43:04:f1:69:65:78:7c:f3:1f:f3:
+ ca:28:9f:5a:20:95:66:b4:cd:b7:ee:8f:78:a4:45:
+ 18:e9:26:2f:8d:9b:29:28:b1:a4:b7:3a:6d:b9:d4:
+ 1c:38:72:45:58:b1:5e:eb:f0:28:9b:b7:82:ca:fd:
+ cf:d6:33:0f:9f:fb:97:9e:b1:1c:9c:9e:ea:5f:5e:
+ db:aa:dd:54:e9:30:21:28:6d:8e:79:f3:75:92:8c:
+ 26:fe:dc:c5:f6:c3:b0:df:44:59:43:a3:b6:03:28:
+ f6:08:30:aa:0d:33:e1:ef:9c:a9:07:22:e3:59:5b:
+ 40:8f:da:88:b7:69:08:a8:b7:23:2e:44:09:59:37:
+ 5b:c7:e3:17:f2:22:eb:6e:39:52:c5:de:54:a7:98:
+ c9:4b:20:95:dc:46:89:5f:b4:12:f9:85:29:8e:eb:
+ c8:27:15:20:c0:4b:d4:cc:7c:0c:6c:34:0c:26:9b:
+ 26:31:a6:3c:a7:f6:d9:d0:4b:a2:64:ff:3b:99:41:
+ 72:c1:e0:70:97:f1:24:bb:2b:c4:74:22:b1:ac:6b:
+ 22:32:24:d3:78:2a:c0:c0:a1:2f:f1:52:05:c9:3f:
+ ef:76:66:e2:45:d8:0d:3d:ad:95:c8:c7:89:26:c8:
+ 0f:ae:a7:03:2e:fb:c1:5f:fa:20:e1:70:ad:b0:65:
+ 20:37:33:60:b0:d5:af:d7:0c:1c:c2:90:70:d7:4a:
+ 18:bc:7e:01:b0:b0:eb:15:1e:44:06:cd:a4:4f:e8:
+ 0c:d1:c3:20:10:e1:54:65:9e:b6:51:d0:1a:76:6b:
+ 42:5a:58:76:34:ea:b7:37:19:ae:2e:75:f9:96:e5:
+ c1:59:f7:94:57:29:25:8d:3a:4c:ab:4d:9a:41:d0:
+ 5f:26:03
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ 9D:85:61:14:7C:C1:62:6F:97:68:E4:4F:37:40:E1:AD:E0:0D:56:37
+ X509v3 Subject Key Identifier:
+ 9D:85:61:14:7C:C1:62:6F:97:68:E4:4F:37:40:E1:AD:E0:0D:56:37
+ Signature Algorithm: sha384WithRSAEncryption
+ Signature Value:
+ 64:8f:7a:c4:62:0e:b5:88:cc:b8:c7:86:0e:a1:4a:16:cd:70:
+ 0b:b7:a7:85:0b:b3:76:b6:0f:a7:ff:08:8b:0b:25:cf:a8:d4:
+ 83:75:2a:b8:96:88:b6:fb:df:2d:2d:b4:69:53:21:35:57:d6:
+ 89:4d:73:bf:69:8f:70:a3:61:cc:9a:db:1e:9a:e0:20:f8:6c:
+ bb:9b:22:9d:5d:84:31:9a:2c:8a:dd:6a:a1:d7:28:69:ca:fe:
+ 76:55:7a:46:67:eb:cc:43:88:16:a2:03:d6:b9:17:f8:19:6c:
+ 6d:23:02:7f:f1:5f:d0:0a:29:23:3b:d1:aa:0a:ed:a9:17:26:
+ 54:0a:4d:c2:a5:4d:f8:c5:fd:b8:81:cf:2b:2c:78:a3:67:4c:
+ a9:07:9a:f3:df:5e:fb:7c:f5:89:cd:74:97:61:10:6a:07:2b:
+ 81:5a:d2:8e:b7:e7:20:d1:20:6e:24:a8:84:27:a1:57:ac:aa:
+ 55:58:2f:dc:d9:ca:fa:68:04:9e:ed:44:24:f9:74:40:3b:23:
+ 33:ab:83:5a:18:26:42:b6:6d:54:b5:16:60:30:6c:b1:a0:f8:
+ b8:41:a0:5d:49:49:d2:65:05:3a:ea:fe:9d:61:bc:86:d9:bf:
+ de:d3:ba:3a:b1:7f:7e:92:34:8e:c9:00:6e:dc:98:bd:dc:ec:
+ 80:05:ad:02:3d:df:65:ed:0b:03:f7:f7:16:84:04:31:ba:93:
+ 94:d8:f2:12:f8:8a:e3:bf:42:af:a7:d4:cd:11:17:16:c8:42:
+ 1d:14:a8:42:f6:d2:40:86:a0:4f:23:ca:96:45:56:60:06:cd:
+ b7:55:01:a6:01:94:65:fe:6e:05:09:ba:b4:a4:aa:e2:ef:58:
+ be:bd:27:56:d8:ef:73:71:5b:44:33:f2:9a:72:ea:b0:5e:3e:
+ 6e:a9:52:5b:ec:70:6d:b5:87:8f:37:5e:3c:8c:9c:ce:e4:f0:
+ ce:0c:67:41:cc:ce:f6:80:ab:4e:cc:4c:56:f5:c1:61:59:93:
+ b4:3e:a6:da:b8:37:12:9f:2a:32:e3:8b:b8:21:ec:c3:2b:65:
+ 0c:ef:22:de:88:29:3b:4c:d7:fa:fe:b7:e1:47:be:9c:3e:3e:
+ 83:fb:51:5d:f5:68:f7:2e:21:85:dc:bf:f1:5a:e2:7c:d7:c5:
+ e4:83:c1:6a:eb:ba:80:5a:de:5c:2d:70:76:f8:c8:e5:87:87:
+ ca:a0:9d:a1:e5:22:12:27:0f:44:3d:1d:6c:ea:d4:c2:8b:2f:
+ 6f:79:ab:7f:50:a6:c4:19:a7:a1:7a:b7:96:f9:c1:1f:62:5a:
+ a2:43:07:40:5e:26:c6:ac:ed:ae:70:16:c5:aa:ca:72:8a:4d:
+ b0:cf:01:8b:03:3f:6e:d7
+SHA1 Fingerprint=F6:B1:1C:1A:83:38:E9:7B:DB:B3:A8:C8:33:24:E0:2D:9C:7F:26:66
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQ
+MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290
+IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5
+WhcNNDcxMTIyMTU1OTU5WjBQMQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FO
+LUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDG+Moe2Qkgfh1sTs6P
+40czRJzHyWmqOlt47nDSkvgEs1JSHWdyKKHfi12VCv7qze33Kc7wb3+szT3vsxxF
+avcokPFhV8UMxKNQXd7UtcsZyoC5dc4pztKFIuwCY8xEMCDa6pFbVuYdHNWdZsc/
+34bKS1PE2Y2yHer43CdTo0fhYcx9tbD47nORxc5zb87uEB8aBs/pJ2DFTxnk684i
+JkXXYJndzk834H/nY62wuFm40AZoNWDTNq5xQwTxaWV4fPMf88oon1oglWa0zbfu
+j3ikRRjpJi+NmykosaS3Om251Bw4ckVYsV7r8Cibt4LK/c/WMw+f+5eesRycnupf
+Xtuq3VTpMCEobY5583WSjCb+3MX2w7DfRFlDo7YDKPYIMKoNM+HvnKkHIuNZW0CP
+2oi3aQiotyMuRAlZN1vH4xfyIutuOVLF3lSnmMlLIJXcRolftBL5hSmO68gnFSDA
+S9TMfAxsNAwmmyYxpjyn9tnQS6Jk/zuZQXLB4HCX8SS7K8R0IrGsayIyJNN4KsDA
+oS/xUgXJP+92ZuJF2A09rZXIx4kmyA+upwMu+8Ff+iDhcK2wZSA3M2Cw1a/XDBzC
+kHDXShi8fgGwsOsVHkQGzaRP6AzRwyAQ4VRlnrZR0Bp2a0JaWHY06rc3Ga4udfmW
+5cFZ95RXKSWNOkyrTZpB0F8mAwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSdhWEUfMFib5do5E83QOGt4A1WNzAd
+BgNVHQ4EFgQUnYVhFHzBYm+XaORPN0DhreANVjcwDQYJKoZIhvcNAQEMBQADggIB
+AGSPesRiDrWIzLjHhg6hShbNcAu3p4ULs3a2D6f/CIsLJc+o1IN1KriWiLb73y0t
+tGlTITVX1olNc79pj3CjYcya2x6a4CD4bLubIp1dhDGaLIrdaqHXKGnK/nZVekZn
+68xDiBaiA9a5F/gZbG0jAn/xX9AKKSM70aoK7akXJlQKTcKlTfjF/biBzysseKNn
+TKkHmvPfXvt89YnNdJdhEGoHK4Fa0o635yDRIG4kqIQnoVesqlVYL9zZyvpoBJ7t
+RCT5dEA7IzOrg1oYJkK2bVS1FmAwbLGg+LhBoF1JSdJlBTrq/p1hvIbZv97Tujqx
+f36SNI7JAG7cmL3c7IAFrQI932XtCwP39xaEBDG6k5TY8hL4iuO/Qq+n1M0RFxbI
+Qh0UqEL20kCGoE8jypZFVmAGzbdVAaYBlGX+bgUJurSkquLvWL69J1bY73NxW0Qz
+8ppy6rBePm6pUlvscG21h483XjyMnM7k8M4MZ0HMzvaAq07MTFb1wWFZk7Q+ptq4
+NxKfKjLji7gh7MMrZQzvIt6IKTtM1/r+t+FHvpw+PoP7UV31aPcuIYXcv/Fa4nzX
+xeSDwWrruoBa3lwtcHb4yOWHh8qgnaHlIhInD0Q9HWzq1MKLL295q39QpsQZp6F6
+t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X
+-----END CERTIFICATE-----
diff --git a/secure/caroot/untrusted/AddTrust_External_Root.pem b/secure/caroot/untrusted/AddTrust_External_Root.pem
deleted file mode 100644
index 97fe312d0e8f..000000000000
--- a/secure/caroot/untrusted/AddTrust_External_Root.pem
+++ /dev/null
@@ -1,99 +0,0 @@
-##
-## AddTrust External Root
-##
-## This is a single X.509 certificate for a public Certificate
-## Authority (CA). It was automatically extracted from Mozilla's
-## root CA list (the file `certdata.txt' in security/nss).
-##
-## Extracted from nss
-## with $FreeBSD: head/secure/caroot/MAca-bundle.pl 352951 2019-10-02 01:27:50Z kevans $
-##
-## @generated
-##
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
- Validity
- Not Before: May 30 10:48:38 2000 GMT
- Not After : May 30 10:48:38 2020 GMT
- Subject: C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed:
- 1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97:
- a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f:
- cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db:
- 2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70:
- 56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6:
- 5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e:
- 87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c:
- 71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8:
- 69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df:
- ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee:
- 6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94:
- 37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8:
- 45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7:
- c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7:
- a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65:
- b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34:
- 5a:27
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
- X509v3 Key Usage:
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Authority Key Identifier:
- keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
- DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
- serial:01
- Signature Algorithm: sha1WithRSAEncryption
- Signature Value:
- b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9:
- 84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41:
- 6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5:
- bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2:
- de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51:
- 14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85:
- 93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a:
- 63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b:
- a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4:
- 45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9:
- 91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e:
- 8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76:
- 60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20:
- 0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7:
- 8f:4e:86:04
-SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
------BEGIN CERTIFICATE-----
*** 1484 LINES SKIPPED ***