$ git diff --patch-with-stat --summary 268422962c7b43e6abacc047a5138989515588d4..52b244b007abb47296983254977822b9f1a16f86
ca-legacy | 87 +
ca-legacy.8.txt | 85 +
ca-legacy.conf | 24 +
cacert.org.crt | 41 -
certdata.txt | 3229 +++++++-------------
certdata2pem.py | 413 +++
generate-cacerts-fix-entrustsslca.patch | 19 -
generate-cacerts-mandriva.patch | 65 -
generate-cacerts-rename-duplicates.patch | 10 -
generate-cacerts.pl | 348 ---
nssckbi.h | 61 +
...erts-fix-mkcerts-to-work-with-new-openssl.patch | 29 -
rootcerts-igp-brasil.txt | 153 -
rootcerts.spec | 338 +-
trust-fixes | 1 +
update-ca-trust | 22 +
update-ca-trust.8.txt | 254 ++
use-openssl-rehash-instead-of-c_rehash.patch | 44 -
verisign-class-3-secure-server-ca.pem | 27 -
19 files changed, 2357 insertions(+), 2893 deletions(-)
create mode 100644 ca-legacy
create mode 100644 ca-legacy.8.txt
create mode 100644 ca-legacy.conf
delete mode 100644 cacert.org.crt
create mode 100644 certdata2pem.py
delete mode 100644 generate-cacerts-fix-entrustsslca.patch
delete mode 100644 generate-cacerts-mandriva.patch
delete mode 100644 generate-cacerts-rename-duplicates.patch
delete mode 100644 generate-cacerts.pl
create mode 100644 nssckbi.h
delete mode 100644 rootcerts-fix-mkcerts-to-work-with-new-openssl.patch
delete mode 100644 rootcerts-igp-brasil.txt
create mode 100644 trust-fixes
create mode 100644 update-ca-trust
create mode 100644 update-ca-trust.8.txt
delete mode 100644 use-openssl-rehash-instead-of-c_rehash.patch
delete mode 100644 verisign-class-3-secure-server-ca.pem
diff --git a/ca-legacy b/ca-legacy
new file mode 100644
index 0000000..d63489e
--- /dev/null
+++ b/ca-legacy
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+#set -vx
+
+LCFILE=/etc/pki/ca-trust/ca-legacy.conf
+LLINK=/etc/pki/ca-trust/source/ca-bundle.legacy.crt
+LDEFAULT=/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
+LDISABLE=/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
+
+# An absent value, or any unexpected value, is treated as "default".
+is_disabled()
+{
+ grep -i "^legacy *= *disable *$" $LCFILE >/dev/null 2>&1
+}
+
+do_check()
+{
+ is_disabled
+ if [ $? -eq 0 ]; then
+ echo "Legacy CAs are set to DISABLED in file $LCFILE (affects install/upgrade)"
+ LEXPECT=$LDISABLE
+ else
+ echo "Legacy CAs are set to DEFAULT in file $LCFILE (affects install/upgrade)"
+ LEXPECT=$LDEFAULT
+ fi
+ echo "Status of symbolic link $LLINK:"
+ readlink -v $LLINK
+}
+
+do_install()
+{
+ is_disabled
+ if [ $? -eq 0 ]; then
+ # found, legacy is disabled
+ ln -sf $LDISABLE $LLINK
+ else
+ # expression not found, legacy is set to default
+ ln -sf $LDEFAULT $LLINK
+ fi
+}
+
+do_default()
+{
+ sed -i 's/^legacy *=.*$/legacy=default/' $LCFILE
+ do_install
+ /usr/bin/update-ca-trust
+}
+
+do_disable()
+{
+ sed -i 's/^legacy *=.*$/legacy=disable/' $LCFILE
+ do_install
+ /usr/bin/update-ca-trust
+}
+
+do_help()
+{
+ echo "usage: $0 [check | default | disable | install]"
+}
+
+if [[ $# -eq 0 ]]; then
+ # no parameters
+ do_help
+ exit $?
+fi
+
+if [[ "$1" = "install" ]]; then
+ do_install
+ exit $?
+fi
+
+if [[ "$1" = "default" ]]; then
+ do_default
+ exit $?
+fi
+if [[ "$1" = "disable" ]]; then
+ do_disable
+ exit $?
+fi
+
+if [[ "$1" = "check" ]]; then
+ do_check
+ exit $?
+fi
+
+echo "$0: Unsupported command $1"
+do_help
diff --git a/ca-legacy.8.txt b/ca-legacy.8.txt
new file mode 100644
index 0000000..f0b6e31
--- /dev/null
+++ b/ca-legacy.8.txt
@@ -0,0 +1,85 @@
+////
+Copyright (C) 2013 Red Hat, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+////
+
+
+ca-legacy(8)
+============
+:doctype: manpage
+:man source: ca-legacy
+
+
+NAME
+----
+ca-legacy - Manage the system configuration for legacy CA certificates
+
+
+SYNOPSIS
+--------
+*ca-legacy* ['COMMAND']
+
+
+DESCRIPTION
+-----------
+ca-legacy(8) is used to include or exclude a set of legacy Certificate Authority (CA)
+certificates in the system's list of trusted CA certificates.
+
+The list of CA certificates and trust flags included in the ca-certificates package
+are based on the decisions made by Mozilla.org according to the Mozilla CA policy.
+
+Occasionally, removal or distrust decisions made by Mozilla.org might be incompatible with the requirements
+or limitations of some applications that also use the CA certificates list in the Linux environment.
+
+The ca-certificates package might keep some CA certificates included and trusted by default,
+as long as it is seen necessary by the maintainers, despite the fact that they have
+been removed by Mozilla. These certificates are called legacy CA certificates.
+
+The general requirements to keep legacy CA certificates included and trusted might change over time,
+for example if functional limitations of software packages have been resolved.
+Future versions of the ca-certificates package might reduce the set of legacy CA certificates
+that are included and trusted by default.
+
+The ca-legacy(8) command can be used to override the default behaviour.
+
+The mechanisms to individually trust or distrust CA certificates as described in update-ca-trust(8) still apply.
+
+
+COMMANDS
+--------
+*check*::
+ The current configuration will be shown.
+
+*default*::
+ Configure the system to use the default configuration, as recommended
+ by the package maintainers.
+
+*disable*::
+ Configure the system to explicitly disable legacy CA certificates.
+ Using this configuration, the system will use the set of
+ included and trusted CA certificates as released by Mozilla.
+
+*install*::
+ The configuration file will be read and the system configuration
+ will be set accordingly. This command is executed automatically during
+ upgrades of the ca-certificates package.
+
+
+FILES
+-----
+/etc/pki/ca-trust/ca-legacy.conf::
+ A configuration file that will be used and modified by the ca-legacy command.
+ The contents of the configuration file will be read on package upgrades.
+
+AUTHOR
+------
+Written by Kai Engert.
diff --git a/ca-legacy.conf b/ca-legacy.conf
new file mode 100644
index 0000000..56f028f
--- /dev/null
+++ b/ca-legacy.conf
@@ -0,0 +1,24 @@
+# The upstream Mozilla.org project tests all changes to the root CA
+# list with the NSS (Network Security Services) library.
+#
+# Occassionally, changes might cause compatibility issues with
+# other cryptographic libraries, such as openssl or gnutls.
+#
+# The package maintainers of the CA certificates package might decide
+# to temporarily keep certain (legacy) root CA certificates trusted,
+# until incompatibility issues can be resolved.
+#
+# Using this configuration file it is possible to opt-out of the
+# compatibility choices made by the package maintainer.
+#
+# legacy=default :
+# This configuration uses the choices made by the package maintainer.
+# It may keep root CA certificate as trusted, which the upstream
+# Mozilla.org project has already marked as no longer trusted.
+# The set of CA certificates that are being kept enabled may change
+# between package versions.
+#
+# legacy=disable :
+# Follow all removal decisions made by Mozilla.org
+#
+legacy=default
diff --git a/cacert.org.crt b/cacert.org.crt
deleted file mode 100644
index e7dfc82..0000000
--- a/cacert.org.crt
+++ /dev/null
@@ -1,41 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
-IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
-IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
-Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
-BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
-MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
-ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
-8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
-zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
-fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
-w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
-G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
-epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
-laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
-QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
-fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
-YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
-ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
-gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
-MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
-IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
-dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
-czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
-dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
-aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
-AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
-b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
-ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
-nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
-18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
-gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
-Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
-sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
-SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
-CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
-GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
-zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
-omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
------END CERTIFICATE-----
diff --git a/certdata.txt b/certdata.txt
index 61ce1de..fcef935 100644
--- a/certdata.txt
+++ b/certdata.txt
@@ -13,19 +13,21 @@
#
# Certificates
#
-# -- Attribute -- -- type -- -- value --
-# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-# CKA_TOKEN CK_BBOOL CK_TRUE
-# CKA_PRIVATE CK_BBOOL CK_FALSE
-# CKA_MODIFIABLE CK_BBOOL CK_FALSE
-# CKA_LABEL UTF8 (varies)
-# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-# CKA_SUBJECT DER+base64 (varies)
-# CKA_ID byte array (varies)
-# CKA_ISSUER DER+base64 (varies)
-# CKA_SERIAL_NUMBER DER+base64 (varies)
-# CKA_VALUE DER+base64 (varies)
-# CKA_NSS_EMAIL ASCII7 (unused here)
+# -- Attribute -- -- type -- -- value --
+# CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+# CKA_TOKEN CK_BBOOL CK_TRUE
+# CKA_PRIVATE CK_BBOOL CK_FALSE
+# CKA_MODIFIABLE CK_BBOOL CK_FALSE
+# CKA_LABEL UTF8 (varies)
+# CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+# CKA_SUBJECT DER+base64 (varies)
+# CKA_ID byte array (varies)
+# CKA_ISSUER DER+base64 (varies)
+# CKA_SERIAL_NUMBER DER+base64 (varies)
+# CKA_VALUE DER+base64 (varies)
+# CKA_NSS_EMAIL ASCII7 (unused here)
+# CKA_NSS_SERVER_DISTRUST_AFTER DER+base64 (varies)
+# CKA_NSS_EMAIL_DISTRUST_AFTER DER+base64 (varies)
#
# Trust
#
@@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL
\125\342\374\110\311\051\046\151\340
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GlobalSign Root CA"
# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
@@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL
\152\374\176\102\070\100\144\022\367\236\201\341\223\056
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GlobalSign Root CA - R2"
# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
@@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL
\113\336\006\226\161\054\362\333\266\037\244\357\077\356
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL
\311\130\020\371\252\357\132\266\317\113\113\337\052
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -664,283 +674,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
-#
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
-# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Not Valid Before: Fri Oct 01 00:00:00 1999
-# Not Valid After : Wed Jul 16 23:59:59 2036
-# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
-# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161
-\051\357\127
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\032\060\202\003\002\002\021\000\233\176\006\111\243
-\076\142\271\325\356\220\110\161\051\357\127\060\015\006\011\052
-\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060
-\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003
-\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111
-\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145
-\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164
-\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050
-\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156
-\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164
-\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171
-\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123
-\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060
-\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066
-\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003
-\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012
-\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056
-\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123
-\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162
-\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040
-\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111
-\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162
-\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060
-\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156
-\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040
-\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143
-\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
-\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\313\272\234\122\374\170\037\032\036\157\033
-\067\163\275\370\311\153\224\022\060\117\360\066\107\365\320\221
-\012\365\027\310\245\141\301\026\100\115\373\212\141\220\345\166
-\040\301\021\006\175\253\054\156\246\365\021\101\216\372\055\255
-\052\141\131\244\147\046\114\320\350\274\122\133\160\040\004\130
-\321\172\311\244\151\274\203\027\144\255\005\213\274\320\130\316
-\215\214\365\353\360\102\111\013\235\227\047\147\062\156\341\256
-\223\025\034\160\274\040\115\057\030\336\222\210\350\154\205\127
-\021\032\351\176\343\046\021\124\242\105\226\125\203\312\060\211
-\350\334\330\243\355\052\200\077\177\171\145\127\076\025\040\146
-\010\057\225\223\277\252\107\057\250\106\227\360\022\342\376\302
-\012\053\121\346\166\346\267\106\267\342\015\246\314\250\303\114
-\131\125\211\346\350\123\134\034\352\235\360\142\026\013\247\311
-\137\014\360\336\302\166\316\257\367\152\362\372\101\246\242\063
-\024\311\345\172\143\323\236\142\067\325\205\145\236\016\346\123
-\044\164\033\136\035\022\123\133\307\054\347\203\111\073\025\256
-\212\150\271\127\227\002\003\001\000\001\060\015\006\011\052\206
-\110\206\367\015\001\001\005\005\000\003\202\001\001\000\021\024
-\226\301\253\222\010\367\077\057\311\262\376\344\132\237\144\336
-\333\041\117\206\231\064\166\066\127\335\320\025\057\305\255\177
-\025\037\067\142\163\076\324\347\137\316\027\003\333\065\372\053
-\333\256\140\011\137\036\137\217\156\273\013\075\352\132\023\036
-\014\140\157\265\300\265\043\042\056\007\013\313\251\164\313\107
-\273\035\301\327\245\153\314\057\322\102\375\111\335\247\211\317
-\123\272\332\000\132\050\277\202\337\370\272\023\035\120\206\202
-\375\216\060\217\051\106\260\036\075\065\332\070\142\026\030\112
-\255\346\266\121\154\336\257\142\353\001\320\036\044\376\172\217
-\022\032\022\150\270\373\146\231\024\024\105\134\256\347\256\151
-\027\201\053\132\067\311\136\052\364\306\342\241\134\124\233\246
-\124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156
-\352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255
-\117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126
-\200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255
-\153\271\012\172\116\117\113\204\356\113\361\175\335\021
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
-# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Not Valid Before: Fri Oct 01 00:00:00 1999
-# Not Valid After : Wed Jul 16 23:59:59 2036
-# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
-# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166
-\140\233\134\306
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\315\150\266\247\307\304\316\165\340\035\117\127\104\141\222\011
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161
-\051\357\127
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34
-# Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
-# Not Valid Before: Sun May 18 00:00:00 2008
-# Not Valid After : Thu May 17 23:59:59 2018
-# Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D
-# Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\114\000\066\033\345\010\053\251\252\316\164\012\005\076
-\373\064
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
-# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51
-# Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
-# Not Valid Before: Sun May 18 00:00:00 2008
-# Not Valid After : Thu May 17 23:59:59 2018
-# Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34
-# Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\076\014\236\207\151\252\225\134\352\043\330\105\236\324
-\133\121
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76
-# Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
-# Not Valid Before: Sun May 18 00:00:00 2008
-# Not Valid After : Thu May 17 23:59:59 2018
-# Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E
-# Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\022\275\046\242\256\063\300\177\044\173\152\130\151\362
-\012\166
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Entrust.net Premium 2048 Secure Server CA"
#
@@ -1059,6 +792,8 @@ CKA_VALUE MULTILINE_OCTAL
\174\136\232\166\351\131\220\305\174\203\065\021\145\121
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Entrust.net Premium 2048 Secure Server CA"
# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
@@ -1197,6 +932,8 @@ CKA_VALUE MULTILINE_OCTAL
\347\201\035\031\303\044\102\352\143\071\251
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Baltimore CyberTrust Root"
# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
@@ -1234,301 +971,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "AddTrust Low-Value Services Root"
-#
-# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:38:31 2000
-# Not Valid After : Sat May 30 10:38:31 2020
-# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
-# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
-\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101
-\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040
-\103\101\040\122\157\157\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
-\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101
-\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040
-\103\101\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\030\060\202\003\000\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024
-\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
-\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101
-\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167
-\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101\144
-\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040\103
-\101\040\122\157\157\164\060\036\027\015\060\060\060\065\063\060
-\061\060\063\070\063\061\132\027\015\062\060\060\065\063\060\061
-\060\063\070\063\061\132\060\145\061\013\060\011\006\003\125\004
-\006\023\002\123\105\061\024\060\022\006\003\125\004\012\023\013
-\101\144\144\124\162\165\163\164\040\101\102\061\035\060\033\006
-\003\125\004\013\023\024\101\144\144\124\162\165\163\164\040\124
-\124\120\040\116\145\164\167\157\162\153\061\041\060\037\006\003
-\125\004\003\023\030\101\144\144\124\162\165\163\164\040\103\154
-\141\163\163\040\061\040\103\101\040\122\157\157\164\060\202\001
-\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
-\003\202\001\017\000\060\202\001\012\002\202\001\001\000\226\226
-\324\041\111\140\342\153\350\101\007\014\336\304\340\334\023\043
-\315\301\065\307\373\326\116\021\012\147\136\365\006\133\153\245
-\010\073\133\051\026\072\347\207\262\064\006\305\274\005\245\003
-\174\202\313\051\020\256\341\210\201\275\326\236\323\376\055\126
-\301\025\316\343\046\235\025\056\020\373\006\217\060\004\336\247
-\264\143\264\377\261\234\256\074\257\167\266\126\305\265\253\242
-\351\151\072\075\016\063\171\062\077\160\202\222\231\141\155\215
-\060\010\217\161\077\246\110\127\031\370\045\334\113\146\134\245
-\164\217\230\256\310\371\300\006\042\347\254\163\337\245\056\373
-\122\334\261\025\145\040\372\065\146\151\336\337\054\361\156\274
-\060\333\054\044\022\333\353\065\065\150\220\313\000\260\227\041
-\075\164\041\043\145\064\053\273\170\131\243\326\341\166\071\232
-\244\111\216\214\164\257\156\244\232\243\331\233\322\070\134\233
-\242\030\314\165\043\204\276\353\342\115\063\161\216\032\360\302
-\370\307\035\242\255\003\227\054\370\317\045\306\366\270\044\061
-\261\143\135\222\177\143\360\045\311\123\056\037\277\115\002\003
-\001\000\001\243\201\322\060\201\317\060\035\006\003\125\035\016
-\004\026\004\024\225\261\264\360\224\266\275\307\332\321\021\011
-\041\276\301\257\111\375\020\173\060\013\006\003\125\035\017\004
-\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
-\005\060\003\001\001\377\060\201\217\006\003\125\035\043\004\201
-\207\060\201\204\200\024\225\261\264\360\224\266\275\307\332\321
-\021\011\041\276\301\257\111\375\020\173\241\151\244\147\060\145
-\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024\060
-\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163\164
-\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101\144
-\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167\157
-\162\153\061\041\060\037\006\003\125\004\003\023\030\101\144\144
-\124\162\165\163\164\040\103\154\141\163\163\040\061\040\103\101
-\040\122\157\157\164\202\001\001\060\015\006\011\052\206\110\206
-\367\015\001\001\005\005\000\003\202\001\001\000\054\155\144\033
-\037\315\015\335\271\001\372\226\143\064\062\110\107\231\256\227
-\355\375\162\026\246\163\107\132\364\353\335\351\365\326\373\105
-\314\051\211\104\135\277\106\071\075\350\356\274\115\124\206\036
-\035\154\343\027\047\103\341\211\126\053\251\157\162\116\111\063
-\343\162\174\052\043\232\274\076\377\050\052\355\243\377\034\043
-\272\103\127\011\147\115\113\142\006\055\370\377\154\235\140\036
-\330\034\113\175\265\061\057\331\320\174\135\370\336\153\203\030
-\170\067\127\057\350\063\007\147\337\036\307\153\052\225\166\256
-\217\127\243\360\364\122\264\251\123\010\317\340\117\323\172\123
-\213\375\273\034\126\066\362\376\262\266\345\166\273\325\042\145
-\247\077\376\321\146\255\013\274\153\231\206\357\077\175\363\030
-\062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173
-\054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200
-\132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317
-\213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344
-\065\341\035\026\034\320\274\053\216\326\161\331
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "AddTrust Low-Value Services Root"
-# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:38:31 2000
-# Not Valid After : Sat May 30 10:38:31 2020
-# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
-# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353
-\044\343\224\235
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\036\102\225\002\063\222\153\271\137\300\177\332\326\262\113\374
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
-\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101
-\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040
-\103\101\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "AddTrust External Root"
-#
-# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:48:38 2000
-# Not Valid After : Sat May 30 10:48:38 2020
-# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
-# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "AddTrust External Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
-\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
-\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
-\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
-\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
-\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
-\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
-\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
-\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
-\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
-\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\066\060\202\003\036\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024
-\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
-\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035\101
-\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141\154
-\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060\040
-\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164\040
-\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157\164
-\060\036\027\015\060\060\060\065\063\060\061\060\064\070\063\070
-\132\027\015\062\060\060\065\063\060\061\060\064\070\063\070\132
-\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
-\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
-\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
-\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
-\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
-\164\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
-\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
-\001\000\267\367\032\063\346\362\000\004\055\071\340\116\133\355
-\037\274\154\017\315\265\372\043\266\316\336\233\021\063\227\244
-\051\114\175\223\237\275\112\274\223\355\003\032\343\217\317\345
-\155\120\132\326\227\051\224\132\200\260\111\172\333\056\225\375
-\270\312\277\067\070\055\036\076\221\101\255\160\126\307\360\117
-\077\350\062\236\164\312\310\220\124\351\306\137\017\170\235\232
-\100\074\016\254\141\252\136\024\217\236\207\241\152\120\334\327
-\232\116\257\005\263\246\161\224\234\161\263\120\140\012\307\023
-\235\070\007\206\002\250\351\250\151\046\030\220\253\114\260\117
-\043\253\072\117\204\330\337\316\237\341\151\157\273\327\102\327
-\153\104\344\307\255\356\155\101\137\162\132\161\010\067\263\171
-\145\244\131\240\224\067\367\000\057\015\302\222\162\332\320\070
-\162\333\024\250\105\304\135\052\175\267\264\326\304\356\254\315
-\023\104\267\311\053\335\103\000\045\372\141\271\151\152\130\043
-\021\267\247\063\217\126\165\131\365\315\051\327\106\267\012\053
-\145\266\323\102\157\025\262\270\173\373\357\351\135\123\325\064
-\132\047\002\003\001\000\001\243\201\334\060\201\331\060\035\006
-\003\125\035\016\004\026\004\024\255\275\230\172\064\264\046\367
-\372\304\046\124\357\003\275\340\044\313\124\032\060\013\006\003
-\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023
-\001\001\377\004\005\060\003\001\001\377\060\201\231\006\003\125
-\035\043\004\201\221\060\201\216\200\024\255\275\230\172\064\264
-\046\367\372\304\046\124\357\003\275\340\044\313\124\032\241\163
-\244\161\060\157\061\013\060\011\006\003\125\004\006\023\002\123
-\105\061\024\060\022\006\003\125\004\012\023\013\101\144\144\124
-\162\165\163\164\040\101\102\061\046\060\044\006\003\125\004\013
-\023\035\101\144\144\124\162\165\163\164\040\105\170\164\145\162
-\156\141\154\040\124\124\120\040\116\145\164\167\157\162\153\061
-\042\060\040\006\003\125\004\003\023\031\101\144\144\124\162\165
-\163\164\040\105\170\164\145\162\156\141\154\040\103\101\040\122
-\157\157\164\202\001\001\060\015\006\011\052\206\110\206\367\015
-\001\001\005\005\000\003\202\001\001\000\260\233\340\205\045\302
-\326\043\342\017\226\006\222\235\101\230\234\331\204\171\201\331
-\036\133\024\007\043\066\145\217\260\330\167\273\254\101\154\107
-\140\203\121\260\371\062\075\347\374\366\046\023\307\200\026\245
-\277\132\374\207\317\170\171\211\041\232\342\114\007\012\206\065
-\274\362\336\121\304\322\226\267\334\176\116\356\160\375\034\071
-\353\014\002\121\024\055\216\275\026\340\301\337\106\165\347\044
-\255\354\364\102\264\205\223\160\020\147\272\235\006\065\112\030
-\323\053\172\314\121\102\241\172\143\321\346\273\241\305\053\302
-\066\276\023\015\346\275\143\176\171\173\247\011\015\100\253\152
-\335\217\212\303\366\366\214\032\102\005\121\324\105\365\237\247
-\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027
-\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236
-\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163
-\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132
-\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202
-\027\132\173\320\274\307\217\116\206\004
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "AddTrust External Root"
-# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
-# Serial Number: 1 (0x1)
-# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
-# Not Valid Before: Tue May 30 10:48:38 2000
-# Not Valid After : Sat May 30 10:48:38 2020
-# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
-# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "AddTrust External Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133
-\150\205\030\150
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\035\065\124\004\205\170\260\077\102\102\115\277\040\163\012\077
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
-\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
-\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
-\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
-\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
-\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
-\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
-\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Entrust Root Certification Authority"
#
@@ -1654,6 +1096,8 @@ CKA_VALUE MULTILINE_OCTAL
\036\177\132\264\074
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Entrust Root Certification Authority"
# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
@@ -1788,6 +1232,11 @@ CKA_VALUE MULTILINE_OCTAL
\302\005\146\200\241\313\346\063
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Wed Jan 01 00:00:00 2020
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\062\060\060\061\060\061\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Global CA"
# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
@@ -1820,7 +1269,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\003\002\064\126
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -1948,6 +1397,11 @@ CKA_VALUE MULTILINE_OCTAL
\244\346\216\330\371\051\110\212\316\163\376\054
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Sun Sep 30 00:00:00 2018
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\070\060\071\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Universal CA"
# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
@@ -1980,7 +1434,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -2108,6 +1562,11 @@ CKA_VALUE MULTILINE_OCTAL
\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Wed Jan 01 00:00:00 2020
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\062\060\060\061\060\061\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Universal CA 2"
# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
@@ -2140,7 +1599,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -2228,6 +1687,8 @@ CKA_VALUE MULTILINE_OCTAL
\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Certum Root CA"
# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
@@ -2374,6 +1835,8 @@ CKA_VALUE MULTILINE_OCTAL
\225\351\066\226\230\156
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Comodo AAA Services root"
# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -2552,6 +2015,8 @@ CKA_VALUE MULTILINE_OCTAL
\112\164\066\371
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "QuoVadis Root CA"
# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
@@ -2721,6 +2186,8 @@ CKA_VALUE MULTILINE_OCTAL
\020\005\145\325\202\020\352\302\061\315\056
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "QuoVadis Root CA 2"
# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
@@ -2901,6 +2368,8 @@ CKA_VALUE MULTILINE_OCTAL
\332
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "QuoVadis Root CA 3"
# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
@@ -3030,6 +2499,8 @@ CKA_VALUE MULTILINE_OCTAL
\057\317\246\356\311\160\042\024\275\375\276\154\013\003
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Security Communication Root CA"
# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
@@ -3141,220 +2612,51 @@ CKA_VALUE MULTILINE_OCTAL
\021\375\141\161\104\277\050\263\072\035\277\263\103\350\237\277
\334\061\010\161\260\235\215\326\064\107\062\220\306\145\044\367
\240\112\174\004\163\217\071\157\027\214\162\265\275\113\310\172
-\370\173\203\303\050\116\234\011\352\147\077\262\147\004\033\303
-\024\332\370\347\111\044\221\320\035\152\372\141\071\357\153\347
-\041\165\006\007\330\022\264\041\040\160\102\161\201\332\074\232
-\066\276\246\133\015\152\154\232\037\221\173\371\371\357\102\272
-\116\116\236\314\014\215\224\334\331\105\234\136\354\102\120\143
-\256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165
-\267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366
-\146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032
-\072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132
-\160\254\337\114
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Sonera Class 2 Root CA"
-# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
-# Serial Number: 29 (0x1d)
-# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
-# Not Valid Before: Fri Apr 06 07:29:40 2001
-# Not Valid After : Tue Apr 06 07:29:40 2021
-# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
-# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Sonera Class 2 Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264
-\362\344\232\047
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\243\354\165\017\056\210\337\372\110\001\116\013\134\110\157\373
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
-\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141
-\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162
-\141\040\103\154\141\163\163\062\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\035
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "UTN USERFirst Email Root CA"
-#
-# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
-# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Not Valid Before: Fri Jul 09 17:28:50 1999
-# Not Valid After : Tue Jul 09 17:36:58 2019
-# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
-# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
-\154
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
-\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
-\311\211
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104
-\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
-\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
-\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003
-\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055
-\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143
-\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060
-\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132
-\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060
-\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004
-\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151
-\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154
-\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
-\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301
-\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230
-\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322
-\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275
-\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362
-\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240
-\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245
-\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147
-\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013
-\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346
-\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274
-\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327
-\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214
-\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323
-\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370
-\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054
-\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003
-\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023
-\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
-\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264
-\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037
-\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160
-\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164
-\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162
-\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056
-\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010
-\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007
-\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112
-\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356
-\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040
-\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126
-\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264
-\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327
-\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057
-\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320
-\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233
-\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003
-\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246
-\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254
-\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174
-\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044
-\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266
-\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303
-\005\323\312\003\112\124
+\370\173\203\303\050\116\234\011\352\147\077\262\147\004\033\303
+\024\332\370\347\111\044\221\320\035\152\372\141\071\357\153\347
+\041\165\006\007\330\022\264\041\040\160\102\161\201\332\074\232
+\066\276\246\133\015\152\154\232\037\221\173\371\371\357\102\272
+\116\116\236\314\014\215\224\334\331\105\234\136\354\102\120\143
+\256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165
+\267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366
+\146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032
+\072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132
+\160\254\337\114
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-# Trust for Certificate "UTN USERFirst Email Root CA"
-# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
-# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Not Valid Before: Fri Jul 09 17:28:50 1999
-# Not Valid After : Tue Jul 09 17:36:58 2019
-# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
-# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
+# Trust for Certificate "Sonera Class 2 Root CA"
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
+CKA_LABEL UTF8 "Sonera Class 2 Root CA"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152
-\104\143\166\212
+\067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264
+\362\344\232\047
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367
+\243\354\165\017\056\210\337\372\110\001\116\013\134\110\157\373
END
CKA_ISSUER MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
-\154
+\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
+\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141
+\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162
+\141\040\103\154\141\163\163\062\040\103\101
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
-\311\211
+\002\001\035
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -3481,6 +2783,8 @@ CKA_VALUE MULTILINE_OCTAL
\334
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Camerfirma Chambers of Commerce Root"
# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
@@ -3641,6 +2945,8 @@ CKA_VALUE MULTILINE_OCTAL
\166\135\165\220\032\365\046\217\360
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Camerfirma Global Chambersign Root"
# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
@@ -3794,6 +3100,8 @@ CKA_VALUE MULTILINE_OCTAL
\264\003\045\274
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "XRamp Global CA Root"
# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
@@ -3941,6 +3249,8 @@ CKA_VALUE MULTILINE_OCTAL
\177\333\275\237
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Go Daddy Class 2 CA"
# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
@@ -4086,6 +3396,8 @@ CKA_VALUE MULTILINE_OCTAL
\037\027\224
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Starfield Class 2 CA"
# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
@@ -4250,6 +3562,11 @@ CKA_VALUE MULTILINE_OCTAL
\245\206\054\174\364\022
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Thu Sep 19 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\071\061\071\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Taiwan GRCA"
# Issuer: O=Government Root Certification Authority,C=TW
@@ -4283,7 +3600,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\136\366
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -4389,6 +3706,8 @@ CKA_VALUE MULTILINE_OCTAL
\346\120\262\247\372\012\105\057\242\360\362
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DigiCert Assured ID Root CA"
# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -4530,6 +3849,8 @@ CKA_VALUE MULTILINE_OCTAL
\225\155\336
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DigiCert Global Root CA"
# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -4672,6 +3993,8 @@ CKA_VALUE MULTILINE_OCTAL
\370\351\056\023\243\167\350\037\112
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DigiCert High Assurance EV Root CA"
# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -4711,136 +4034,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Certplus Class 2 Primary CA"
-#
-# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
-# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Not Valid Before: Wed Jul 07 17:05:00 1999
-# Not Valid After : Sat Jul 06 23:59:59 2019
-# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
-# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
-\245\104\043
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000
-\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021
-\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165
-\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163
-\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036
-\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027
-\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075
-\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060
-\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163
-\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163
-\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001
-\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
-\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120
-\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317
-\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103
-\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221
-\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154
-\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063
-\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213
-\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171
-\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337
-\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235
-\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140
-\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276
-\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254
-\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162
-\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311
-\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064
-\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003
-\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023
-\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035
-\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026
-\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171
-\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370
-\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037
-\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160
-\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056
-\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143
-\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177
-\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104
-\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333
-\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174
-\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076
-\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233
-\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021
-\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006
-\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100
-\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000
-\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157
-\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330
-\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201
-\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366
-\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056
-\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273
-\227\277\242\216\264\124
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Certplus Class 2 Primary CA"
-# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
-# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Not Valid Before: Wed Jul 07 17:05:00 1999
-# Not Valid After : Sat Jul 06 23:59:59 2019
-# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
-# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302
-\201\222\342\273
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
-\245\104\043
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "DST Root CA X3"
#
@@ -4932,6 +4125,8 @@ CKA_VALUE MULTILINE_OCTAL
\013\004\216\007\333\051\266\012\356\235\202\065\065\020
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "DST Root CA X3"
# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
@@ -5099,6 +4294,8 @@ CKA_VALUE MULTILINE_OCTAL
\205\206\171\145\322
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SwissSign Platinum CA - G2"
# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
@@ -5264,6 +4461,8 @@ CKA_VALUE MULTILINE_OCTAL
\111\044\133\311\260\320\127\301\372\076\172\341\227\311
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SwissSign Gold CA - G2"
# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
@@ -5430,6 +4629,8 @@ CKA_VALUE MULTILINE_OCTAL
\156
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SwissSign Silver CA - G2"
# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
@@ -5562,6 +4763,11 @@ CKA_VALUE MULTILINE_OCTAL
\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Tue Apr 30 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\064\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Primary Certification Authority"
# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
@@ -5717,6 +4923,11 @@ CKA_VALUE MULTILINE_OCTAL
\215\126\214\150
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Tue Apr 30 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\064\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "thawte Primary Root CA"
# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
@@ -5892,6 +5103,11 @@ CKA_VALUE MULTILINE_OCTAL
\254\021\326\250\355\143\152
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Tue Apr 30 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\064\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -5933,7 +5149,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\073\112
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -6035,6 +5251,8 @@ CKA_VALUE MULTILINE_OCTAL
\113\035\236\054\302\270\150\274\355\002\356\061
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SecureTrust CA"
# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
@@ -6170,6 +5388,8 @@ CKA_VALUE MULTILINE_OCTAL
\117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Secure Global CA"
# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
@@ -6320,6 +5540,8 @@ CKA_VALUE MULTILINE_OCTAL
\145
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "COMODO Certification Authority"
# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -6466,6 +5688,8 @@ CKA_VALUE MULTILINE_OCTAL
\244\140\114\260\125\240\240\173\127\262
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Network Solutions Certificate Authority"
# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
@@ -6592,6 +5816,8 @@ CKA_VALUE MULTILINE_OCTAL
\334\335\363\377\035\054\072\026\127\331\222\071\326
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "COMODO ECC Certification Authority"
# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -6743,6 +5969,8 @@ CKA_VALUE MULTILINE_OCTAL
\374\276\337\012\015
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "OISTE WISeKey Global Root GA CA"
# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
@@ -6878,6 +6106,8 @@ CKA_VALUE MULTILINE_OCTAL
\300\226\130\057\352\273\106\327\273\344\331\056
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Certigna"
# Issuer: CN=Certigna,O=Dhimyotis,C=FR
@@ -6913,147 +6143,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Deutsche Telekom Root CA 2"
-#
-# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Serial Number: 38 (0x26)
-# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Not Valid Before: Fri Jul 09 12:11:00 1999
-# Not Valid After : Tue Jul 09 23:59:00 2019
-# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
-# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
-\101\040\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
-\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\046
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034
-\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035
-\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143
-\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060
-\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145
-\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101
-\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061
-\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060
-\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104
-\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164
-\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061
-\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145
-\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162
-\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163
-\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164
-\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110
-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
-\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024
-\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225
-\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245
-\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102
-\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053
-\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320
-\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053
-\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110
-\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006
-\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122
-\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062
-\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206
-\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034
-\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310
-\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322
-\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007
-\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060
-\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365
-\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017
-\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060
-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
-\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303
-\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211
-\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051
-\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037
-\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330
-\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132
-\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240
-\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236
-\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345
-\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020
-\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124
-\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376
-\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257
-\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143
-\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224
-\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005
-\126\144\127
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Deutsche Telekom Root CA 2"
-# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Serial Number: 38 (0x26)
-# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Not Valid Before: Fri Jul 09 12:11:00 1999
-# Not Valid After : Tue Jul 09 23:59:00 2019
-# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
-# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375
-\214\336\067\277
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
-\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\046
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Cybertrust Global Root"
#
@@ -7148,6 +6237,8 @@ CKA_VALUE MULTILINE_OCTAL
\246\210\070\316\125
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Cybertrust Global Root"
# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc"
@@ -7315,6 +6406,8 @@ CKA_VALUE MULTILINE_OCTAL
\201\370\021\234
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "ePKI Root Certification Authority"
# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
@@ -7440,6 +6533,8 @@ CKA_VALUE MULTILINE_OCTAL
\366\356\260\132\116\111\104\124\130\137\102\203
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "certSIGN ROOT CA"
# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
@@ -7588,6 +6683,11 @@ CKA_VALUE MULTILINE_OCTAL
\021\055
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Tue Apr 30 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\064\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Primary Certification Authority - G3"
# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
@@ -7626,7 +6726,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\017\037
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -7717,6 +6817,11 @@ CKA_VALUE MULTILINE_OCTAL
\367\130\077\056\162\002\127\243\217\241\024\056
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Sun Sep 30 00:00:00 2018
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\070\060\071\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "thawte Primary Root CA - G2"
# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
@@ -7877,6 +6982,11 @@ CKA_VALUE MULTILINE_OCTAL
\061\324\100\032\142\064\066\077\065\001\256\254\143\240
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Tue Apr 30 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\064\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "thawte Primary Root CA - G3"
# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
@@ -8013,6 +7123,11 @@ CKA_VALUE MULTILINE_OCTAL
\017\212
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Wed Jan 01 00:00:00 2020
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\062\060\060\061\060\061\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GeoTrust Primary Certification Authority - G2"
# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
@@ -8051,7 +7166,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\303\153
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -8183,6 +7298,11 @@ CKA_VALUE MULTILINE_OCTAL
\354\315\202\141\361\070\346\117\227\230\052\132\215
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Tue Apr 30 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\064\063\060\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "VeriSign Universal Root Certification Authority"
# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -8338,6 +7458,11 @@ CKA_VALUE MULTILINE_OCTAL
\055\247\330\206\052\335\056\020
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Thu Jan 31 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\060\061\063\061\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -8379,7 +7504,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
\254\263
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -8498,6 +7623,8 @@ CKA_VALUE MULTILINE_OCTAL
\330\316\304\143\165\077\131\107\261
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "NetLock Arany (Class Gold) FÅ‘tanúsÃtvány"
# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
@@ -8540,175 +7667,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Staat der Nederlanden Root CA - G2"
-#
-# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
-# Serial Number: 10000012 (0x98968c)
-# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
-# Not Valid Before: Wed Mar 26 11:18:17 2008
-# Not Valid After : Wed Mar 25 11:03:10 2020
-# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A
-# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
-\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
-\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
-\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
-\122\157\157\164\040\103\101\040\055\040\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
-\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
-\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
-\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
-\122\157\157\164\040\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\000\230\226\214
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\312\060\202\003\262\240\003\002\001\002\002\004\000
-\230\226\214\060\015\006\011\052\206\110\206\367\015\001\001\013
-\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116
-\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141
-\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
-\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141
-\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
-\156\040\122\157\157\164\040\103\101\040\055\040\107\062\060\036
-\027\015\060\070\060\063\062\066\061\061\061\070\061\067\132\027
-\015\062\060\060\063\062\065\061\061\060\063\061\060\132\060\132
-\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060
-\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145
-\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060
-\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145
-\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157
-\157\164\040\103\101\040\055\040\107\062\060\202\002\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
-\017\000\060\202\002\012\002\202\002\001\000\305\131\347\157\165
-\252\076\113\234\265\270\254\236\013\344\371\331\312\253\135\217
-\265\071\020\202\327\257\121\340\073\341\000\110\152\317\332\341
-\006\103\021\231\252\024\045\022\255\042\350\000\155\103\304\251
-\270\345\037\211\113\147\275\141\110\357\375\322\340\140\210\345
-\271\030\140\050\303\167\053\255\260\067\252\067\336\144\131\052
-\106\127\344\113\271\370\067\174\325\066\347\200\301\266\363\324
-\147\233\226\350\316\327\306\012\123\320\153\111\226\363\243\013
-\005\167\110\367\045\345\160\254\060\024\040\045\343\177\165\132
-\345\110\370\116\173\003\007\004\372\202\141\207\156\360\073\304
-\244\307\320\365\164\076\245\135\032\010\362\233\045\322\366\254
-\004\046\076\125\072\142\050\245\173\262\060\257\370\067\302\321
-\272\326\070\375\364\357\111\060\067\231\046\041\110\205\001\251
-\345\026\347\334\220\125\337\017\350\070\315\231\067\041\117\135
-\365\042\157\152\305\022\026\140\027\125\362\145\146\246\247\060
-\221\070\301\070\035\206\004\204\272\032\045\170\136\235\257\314
-\120\140\326\023\207\122\355\143\037\155\145\175\302\025\030\164
-\312\341\176\144\051\214\162\330\026\023\175\013\111\112\361\050
-\033\040\164\153\305\075\335\260\252\110\011\075\056\202\224\315
-\032\145\331\053\210\232\231\274\030\176\237\356\175\146\174\076
-\275\224\270\201\316\315\230\060\170\301\157\147\320\276\137\340
-\150\355\336\342\261\311\054\131\170\222\252\337\053\140\143\362
-\345\136\271\343\312\372\177\120\206\076\242\064\030\014\011\150
-\050\021\034\344\341\271\134\076\107\272\062\077\030\314\133\204
-\365\363\153\164\304\162\164\341\343\213\240\112\275\215\146\057
-\352\255\065\332\040\323\210\202\141\360\022\042\266\274\320\325
-\244\354\257\124\210\045\044\074\247\155\261\162\051\077\076\127
-\246\177\125\257\156\046\306\376\347\314\100\134\121\104\201\012
-\170\336\112\316\125\277\035\325\331\267\126\357\360\166\377\013
-\171\265\257\275\373\251\151\221\106\227\150\200\024\066\035\263
-\177\273\051\230\066\245\040\372\202\140\142\063\244\354\326\272
-\007\247\156\305\317\024\246\347\326\222\064\330\201\365\374\035
-\135\252\134\036\366\243\115\073\270\367\071\002\003\001\000\001
-\243\201\227\060\201\224\060\017\006\003\125\035\023\001\001\377
-\004\005\060\003\001\001\377\060\122\006\003\125\035\040\004\113
-\060\111\060\107\006\004\125\035\040\000\060\077\060\075\006\010
-\053\006\001\005\005\007\002\001\026\061\150\164\164\160\072\057
-\057\167\167\167\056\160\153\151\157\166\145\162\150\145\151\144
-\056\156\154\057\160\157\154\151\143\151\145\163\057\162\157\157
-\164\055\160\157\154\151\143\171\055\107\062\060\016\006\003\125
-\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
-\035\016\004\026\004\024\221\150\062\207\025\035\211\342\265\361
-\254\066\050\064\215\013\174\142\210\353\060\015\006\011\052\206
-\110\206\367\015\001\001\013\005\000\003\202\002\001\000\250\101
-\112\147\052\222\201\202\120\156\341\327\330\263\071\073\363\002
-\025\011\120\121\357\055\275\044\173\210\206\073\371\264\274\222
-\011\226\271\366\300\253\043\140\006\171\214\021\116\121\322\171
-\200\063\373\235\110\276\354\101\103\201\037\176\107\100\034\345
-\172\010\312\252\213\165\255\024\304\302\350\146\074\202\007\247
-\346\047\202\133\030\346\017\156\331\120\076\212\102\030\051\306
-\264\126\374\126\020\240\005\027\275\014\043\177\364\223\355\234
-\032\121\276\335\105\101\277\221\044\264\037\214\351\137\317\173
-\041\231\237\225\237\071\072\106\034\154\371\315\173\234\220\315
-\050\251\307\251\125\273\254\142\064\142\065\023\113\024\072\125
-\203\271\206\215\222\246\306\364\007\045\124\314\026\127\022\112
-\202\170\310\024\331\027\202\046\055\135\040\037\171\256\376\324
-\160\026\026\225\203\330\065\071\377\122\135\165\034\026\305\023
-\125\317\107\314\165\145\122\112\336\360\260\247\344\012\226\013
-\373\255\302\342\045\204\262\335\344\275\176\131\154\233\360\360
-\330\347\312\362\351\227\070\176\211\276\314\373\071\027\141\077
-\162\333\072\221\330\145\001\031\035\255\120\244\127\012\174\113
-\274\234\161\163\052\105\121\031\205\314\216\375\107\247\164\225
-\035\250\321\257\116\027\261\151\046\302\252\170\127\133\305\115
-\247\345\236\005\027\224\312\262\137\240\111\030\215\064\351\046
-\154\110\036\252\150\222\005\341\202\163\132\233\334\007\133\010
-\155\175\235\327\215\041\331\374\024\040\252\302\105\337\077\347
-\000\262\121\344\302\370\005\271\171\032\214\064\363\236\133\344
-\067\133\153\112\337\054\127\212\100\132\066\272\335\165\104\010
-\067\102\160\014\376\334\136\041\240\243\212\300\220\234\150\332
-\120\346\105\020\107\170\266\116\322\145\311\303\067\337\341\102
-\143\260\127\067\105\055\173\212\234\277\005\352\145\125\063\367
-\071\020\305\050\052\041\172\033\212\304\044\371\077\025\310\232
-\025\040\365\125\142\226\355\155\223\120\274\344\252\170\255\331
-\313\012\145\207\246\146\301\304\201\243\167\072\130\036\013\356
-\203\213\235\036\322\122\244\314\035\157\260\230\155\224\061\265
-\370\161\012\334\271\374\175\062\140\346\353\257\212\001
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Staat der Nederlanden Root CA - G2"
-# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
-# Serial Number: 10000012 (0x98968c)
-# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
-# Not Valid Before: Wed Mar 26 11:18:17 2008
-# Not Valid After : Wed Mar 25 11:03:10 2020
-# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A
-# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\131\257\202\171\221\206\307\264\165\007\313\317\003\127\106\353
-\004\335\267\026
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\174\245\017\370\133\232\175\155\060\256\124\132\343\102\242\212
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
-\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
-\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
-\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
-\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
-\122\157\157\164\040\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\000\230\226\214
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Hongkong Post Root CA 1"
#
@@ -8798,6 +7756,8 @@ CKA_VALUE MULTILINE_OCTAL
\002\153\331\132
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Hongkong Post Root CA 1"
# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
@@ -8929,6 +7889,8 @@ CKA_VALUE MULTILINE_OCTAL
\362
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "SecureSign RootCA11"
# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
@@ -9076,6 +8038,8 @@ CKA_VALUE MULTILINE_OCTAL
\202\042\055\172\124\253\160\303\175\042\145\202\160\226
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Microsec e-Szigno Root CA 2009"
# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
@@ -9208,6 +8172,8 @@ CKA_VALUE MULTILINE_OCTAL
\130\077\137
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "GlobalSign Root CA - R3"
# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
@@ -9381,6 +8347,8 @@ CKA_VALUE MULTILINE_OCTAL
\156\117\022\176\012\074\235\225
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
@@ -9550,6 +8518,8 @@ CKA_VALUE MULTILINE_OCTAL
\333\374\046\210\307
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Izenpe.com"
# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
@@ -9755,6 +8725,8 @@ CKA_VALUE MULTILINE_OCTAL
\167\110\320
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Chambers of Commerce Root - 2008"
# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
@@ -9964,6 +8936,8 @@ CKA_VALUE MULTILINE_OCTAL
\351\233\256\325\124\300\164\200\321\013\102\237\301
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Global Chambersign Root - 2008"
# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
@@ -10112,6 +9086,8 @@ CKA_VALUE MULTILINE_OCTAL
\342\342\104\276\134\367\352\034\365
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Go Daddy Root Certificate Authority - G2"
# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -10262,6 +9238,8 @@ CKA_VALUE MULTILINE_OCTAL
\364
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Starfield Root Certificate Authority - G2"
# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -10414,6 +9392,8 @@ CKA_VALUE MULTILINE_OCTAL
\261\050\272
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Starfield Services Root Certificate Authority - G2"
# Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -10545,6 +9525,8 @@ CKA_VALUE MULTILINE_OCTAL
\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Commercial"
# Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
@@ -10671,6 +9653,8 @@ CKA_VALUE MULTILINE_OCTAL
\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Networking"
# Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US
@@ -10829,6 +9813,8 @@ CKA_VALUE MULTILINE_OCTAL
\051\340\266\270\011\150\031\034\030\103
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Premium"
# Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US
@@ -10935,6 +9921,8 @@ CKA_VALUE MULTILINE_OCTAL
\214\171
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "AffirmTrust Premium ECC"
# Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
@@ -11074,6 +10062,8 @@ CKA_VALUE MULTILINE_OCTAL
\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Certum Trusted Network CA"
# Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
@@ -11210,6 +10200,8 @@ CKA_VALUE MULTILINE_OCTAL
\274\060\376\173\016\063\220\373\355\322\024\221\037\007\257
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "TWCA Root Certification Authority"
# Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
@@ -11693,6 +10685,8 @@ CKA_VALUE MULTILINE_OCTAL
\201\050\174\247\175\047\353\000\256\215\067
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Security Communication RootCA2"
# Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
@@ -11876,6 +10870,11 @@ CKA_VALUE MULTILINE_OCTAL
\371\210\075\176\270\157\156\003\344\102
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Sat Dec 28 00:00:00 2019
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\071\061\062\062\070\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "EC-ACC"
# Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
@@ -12039,6 +11038,8 @@ CKA_VALUE MULTILINE_OCTAL
\113\321\047\327\270
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011"
# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
@@ -12275,6 +11276,8 @@ CKA_VALUE MULTILINE_OCTAL
\216\362\024\212\314\351\265\174\373\154\235\014\245\341\226
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Actalis Authentication Root CA"
# Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
@@ -12406,6 +11409,8 @@ CKA_VALUE MULTILINE_OCTAL
\145\353\127\331\363\127\226\273\110\315\201
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Trustis FPS Root CA"
# Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
@@ -12566,6 +11571,8 @@ CKA_VALUE MULTILINE_OCTAL
\327\201\011\361\311\307\046\015\254\230\026\126\240
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Buypass Class 2 Root CA"
# Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
@@ -12725,6 +11732,8 @@ CKA_VALUE MULTILINE_OCTAL
\061\356\006\274\163\277\023\142\012\237\307\271\227
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Buypass Class 3 Root CA"
# Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
@@ -12867,6 +11876,8 @@ CKA_VALUE MULTILINE_OCTAL
\116\223\303\244\124\024\133
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "T-TeleSec GlobalRoot Class 3"
# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
@@ -13016,6 +12027,11 @@ CKA_VALUE MULTILINE_OCTAL
\307\314\165\301\226\305\235
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+# For Server Distrust After: Fri Sep 01 00:00:00 2017
+CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
+\061\067\060\071\060\061\060\060\060\060\060\060\132
+END
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "EE Certification Centre Root CA"
# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
@@ -13229,6 +12245,8 @@ CKA_VALUE MULTILINE_OCTAL
\164\145\327\134\376\243\342
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "D-TRUST Root Class 3 CA 2 2009"
# Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
@@ -13366,222 +12384,49 @@ CKA_VALUE MULTILINE_OCTAL
\113\120\324\165\230\126\337\267\030\377\103\103\120\256\172\104
\173\360\171\121\327\103\075\247\323\201\323\360\311\117\271\332
\306\227\206\320\202\303\344\102\155\376\260\342\144\116\016\046
-\347\100\064\046\265\010\211\327\010\143\143\070\047\165\036\063
-\352\156\250\335\237\231\117\164\115\201\211\200\113\335\232\227
-\051\134\057\276\201\101\271\214\377\352\175\140\006\236\315\327
-\075\323\056\243\025\274\250\346\046\345\157\303\334\270\003\041
-\352\237\026\361\054\124\265
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "D-TRUST Root Class 3 CA 2 EV 2009"
-# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
-# Serial Number: 623604 (0x983f4)
-# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
-# Not Valid Before: Thu Nov 05 08:50:46 2009
-# Not Valid After : Mon Nov 05 08:50:46 2029
-# Fingerprint (MD5): AA:C6:43:2C:5E:2D:CD:C4:34:C0:50:4F:11:02:4F:B6
-# Fingerprint (SHA1): 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 EV 2009"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\226\311\033\013\225\264\020\230\102\372\320\330\042\171\376\140
-\372\271\026\203
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\252\306\103\054\136\055\315\304\064\300\120\117\021\002\117\266
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
-\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014
-\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
-\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060
-\060\071
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\003\011\203\364
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Swisscom Root CA 2"
-#
-# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
-# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Not Valid Before: Fri Jun 24 08:38:14 2011
-# Not Valid After : Wed Jun 25 07:38:14 2031
-# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
-# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Swisscom Root CA 2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
-\164\040\103\101\040\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
-\164\040\103\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
-\147\266
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036
-\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144
-\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060
-\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155
-\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164
-\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123
-\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003
-\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040
-\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070
-\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063
-\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023
-\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167
-\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023
-\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151
-\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060
-\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155
-\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
-\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235
-\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053
-\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100
-\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030
-\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253
-\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312
-\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226
-\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137
-\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225
-\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333
-\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117
-\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370
-\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052
-\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205
-\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001
-\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266
-\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300
-\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140
-\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377
-\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113
-\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071
-\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156
-\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364
-\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062
-\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216
-\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013
-\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026
-\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215
-\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141
-\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337
-\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374
-\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020
-\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001
-\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060
-\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205
-\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004
-\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016
-\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157
-\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004
-\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241
-\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110
-\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262
-\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021
-\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023
-\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312
-\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357
-\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175
-\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036
-\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110
-\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303
-\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013
-\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161
-\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164
-\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272
-\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357
-\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257
-\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131
-\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023
-\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042
-\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273
-\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147
-\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230
-\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125
-\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126
-\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005
-\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320
-\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215
-\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114
-\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164
-\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166
-\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335
-\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224
-\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071
-\301\053\022\236\246\236\033\305\346\016\331\061\331
+\347\100\064\046\265\010\211\327\010\143\143\070\047\165\036\063
+\352\156\250\335\237\231\117\164\115\201\211\200\113\335\232\227
+\051\134\057\276\201\101\271\214\377\352\175\140\006\236\315\327
+\075\323\056\243\025\274\250\346\046\345\157\303\334\270\003\041
+\352\237\026\361\054\124\265
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-# Trust for "Swisscom Root CA 2"
-# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
-# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Not Valid Before: Fri Jun 24 08:38:14 2011
-# Not Valid After : Wed Jun 25 07:38:14 2031
-# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
-# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
+# Trust for "D-TRUST Root Class 3 CA 2 EV 2009"
+# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
+# Serial Number: 623604 (0x983f4)
+# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Nov 05 08:50:46 2009
+# Not Valid After : Mon Nov 05 08:50:46 2029
+# Fingerprint (MD5): AA:C6:43:2C:5E:2D:CD:C4:34:C0:50:4F:11:02:4F:B6
+# Fingerprint (SHA1): 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Swisscom Root CA 2"
+CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 EV 2009"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225
-\112\212\101\354
+\226\311\033\013\225\264\020\230\102\372\320\330\042\171\376\140
+\372\271\026\203
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031
+\252\306\103\054\136\055\315\304\064\300\120\117\021\002\117\266
END
CKA_ISSUER MULTILINE_OCTAL
-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
-\164\040\103\101\040\062
+\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014
+\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060
+\060\071
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
-\147\266
+\002\003\011\203\364
END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
@@ -13711,6 +12556,8 @@ CKA_VALUE MULTILINE_OCTAL
\363\154\033\165\106\243\345\112\027\351\244\327\013
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "CA Disig Root R2"
# Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
@@ -13911,6 +12758,8 @@ CKA_VALUE MULTILINE_OCTAL
\125\064\106\052\213\206\073
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "ACCVRAIZ1"
# Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
@@ -14071,6 +12920,8 @@ CKA_VALUE MULTILINE_OCTAL
\053\006\320\004\315
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TWCA Global Root CA"
# Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
@@ -14228,6 +13079,8 @@ CKA_VALUE MULTILINE_OCTAL
\245\240\314\277\323\366\165\244\165\226\155\126
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TeliaSonera Root CA v1"
# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
@@ -14416,6 +13269,8 @@ CKA_VALUE MULTILINE_OCTAL
\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "E-Tugra Certification Authority"
# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
@@ -14565,6 +13420,8 @@ CKA_VALUE MULTILINE_OCTAL
\005\047\216\023\241\156\302
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "T-TeleSec GlobalRoot Class 2"
# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
@@ -14696,6 +13553,8 @@ CKA_VALUE MULTILINE_OCTAL
\035\362\376\011\021\260\360\207\173\247\235
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Atos TrustedRoot 2011"
# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
@@ -14856,6 +13715,8 @@ CKA_VALUE MULTILINE_OCTAL
\063\140\345\303
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "QuoVadis Root CA 1 G3"
# Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
@@ -15018,6 +13879,8 @@ CKA_VALUE MULTILINE_OCTAL
\203\336\177\214
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "QuoVadis Root CA 2 G3"
# Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
@@ -15180,6 +14043,8 @@ CKA_VALUE MULTILINE_OCTAL
\130\371\230\364
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "QuoVadis Root CA 3 G3"
# Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
@@ -15317,6 +14182,8 @@ CKA_VALUE MULTILINE_OCTAL
\042\023\163\154\317\046\365\212\051\347
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Assured ID Root G2"
# Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15435,6 +14302,8 @@ CKA_VALUE MULTILINE_OCTAL
\352\226\143\152\145\105\222\225\001\264
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Assured ID Root G3"
# Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15574,6 +14443,8 @@ CKA_VALUE MULTILINE_OCTAL
\062\266
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Global Root G2"
# Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15692,6 +14563,8 @@ CKA_VALUE MULTILINE_OCTAL
\263\047\027
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Global Root G3"
# Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15863,6 +14736,8 @@ CKA_VALUE MULTILINE_OCTAL
\317\363\146\176
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "DigiCert Trusted Root G4"
# Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -16042,6 +14917,8 @@ CKA_VALUE MULTILINE_OCTAL
\065\123\205\006\112\135\237\255\273\033\137\164
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "COMODO RSA Certification Authority"
# Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -16224,6 +15101,8 @@ CKA_VALUE MULTILINE_OCTAL
\250\375
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "USERTrust RSA Certification Authority"
# Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
@@ -16353,6 +15232,8 @@ CKA_VALUE MULTILINE_OCTAL
\127\152\030
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "USERTrust ECC Certification Authority"
# Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
@@ -16465,6 +15346,8 @@ CKA_VALUE MULTILINE_OCTAL
\173\013\370\237\204
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GlobalSign ECC Root CA - R4"
# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
@@ -16578,6 +15461,8 @@ CKA_VALUE MULTILINE_OCTAL
\220\067
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GlobalSign ECC Root CA - R5"
# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
@@ -16743,6 +15628,8 @@ CKA_VALUE MULTILINE_OCTAL
\367\200\173\041\147\047\060\131
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Staat der Nederlanden Root CA - G3"
# Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
@@ -16907,6 +15794,8 @@ CKA_VALUE MULTILINE_OCTAL
\356\354\327\056
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Staat der Nederlanden EV Root CA"
# Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
@@ -17069,6 +15958,8 @@ CKA_VALUE MULTILINE_OCTAL
\272\204\156\207
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "IdenTrust Commercial Root CA 1"
# Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
@@ -17231,6 +16122,8 @@ CKA_VALUE MULTILINE_OCTAL
\267\254\266\255\267\312\076\001\357\234
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "IdenTrust Public Sector Root CA 1"
# Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
@@ -17390,6 +16283,8 @@ CKA_VALUE MULTILINE_OCTAL
\105\366
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Entrust Root Certification Authority - G2"
# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
@@ -17535,6 +16430,8 @@ CKA_VALUE MULTILINE_OCTAL
\231\267\046\101\133\045\140\256\320\110\032\356\006
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Entrust Root Certification Authority - EC1"
# Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
@@ -17708,6 +16605,8 @@ CKA_VALUE MULTILINE_OCTAL
\056
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "CFCA EV ROOT"
# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
@@ -17745,172 +16644,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Certinomis - Root CA"
-#
-# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
-# Serial Number: 1 (0x1)
-# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
-# Not Valid Before: Mon Oct 21 09:17:18 2013
-# Not Valid After : Fri Oct 21 09:17:18 2033
-# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58
-# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certinomis - Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
-\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
-\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060
-\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155
-\151\163\040\055\040\122\157\157\164\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
-\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
-\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060
-\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155
-\151\163\040\055\040\122\157\157\164\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\222\060\202\003\172\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
-\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023
-\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157
-\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060
-\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060\033
-\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155\151
-\163\040\055\040\122\157\157\164\040\103\101\060\036\027\015\061
-\063\061\060\062\061\060\071\061\067\061\070\132\027\015\063\063
-\061\060\062\061\060\071\061\067\061\070\132\060\132\061\013\060
-\011\006\003\125\004\006\023\002\106\122\061\023\060\021\006\003
-\125\004\012\023\012\103\145\162\164\151\156\157\155\151\163\061
-\027\060\025\006\003\125\004\013\023\016\060\060\060\062\040\064
-\063\063\071\071\070\071\060\063\061\035\060\033\006\003\125\004
-\003\023\024\103\145\162\164\151\156\157\155\151\163\040\055\040
-\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
-\202\002\012\002\202\002\001\000\324\314\011\012\054\077\222\366
-\177\024\236\013\234\232\152\035\100\060\144\375\252\337\016\036
-\006\133\237\120\205\352\315\215\253\103\147\336\260\372\176\200
-\226\236\204\170\222\110\326\343\071\356\316\344\131\130\227\345
-\056\047\230\352\223\250\167\233\112\360\357\164\200\055\353\060
-\037\265\331\307\200\234\142\047\221\210\360\112\211\335\334\210
-\346\024\371\325\003\057\377\225\333\275\237\354\054\372\024\025
-\131\225\012\306\107\174\151\030\271\247\003\371\312\166\251\317
-\307\157\264\136\005\376\356\301\122\262\165\062\207\354\355\051
-\146\073\363\112\026\202\366\326\232\333\162\230\351\336\360\305
-\114\245\253\265\352\001\342\214\056\144\177\144\157\375\243\045
-\223\213\310\242\016\111\215\064\360\037\354\130\105\056\064\252
-\204\120\275\347\262\112\023\270\260\017\256\070\135\260\251\033
-\346\163\311\132\241\331\146\100\252\251\115\246\064\002\255\204
-\176\262\043\301\373\052\306\147\364\064\266\260\225\152\063\117
-\161\104\265\255\300\171\063\210\340\277\355\243\240\024\264\234
-\011\260\012\343\140\276\370\370\146\210\315\133\361\167\005\340
-\265\163\156\301\175\106\056\216\113\047\246\315\065\012\375\345
-\115\175\252\052\243\051\307\132\150\004\350\345\326\223\244\142
-\302\305\346\364\117\306\371\237\032\215\202\111\031\212\312\131
-\103\072\350\015\062\301\364\114\023\003\157\156\246\077\221\163
-\313\312\163\157\022\040\213\356\300\202\170\336\113\056\302\111
-\303\035\355\026\366\044\364\047\033\134\127\061\334\125\356\250
-\036\157\154\254\342\105\314\127\127\212\165\127\031\340\265\130
-\231\111\066\061\074\063\001\155\026\112\315\270\052\203\204\206
-\233\371\140\322\037\155\221\003\323\140\246\325\075\232\335\167
-\220\075\065\244\237\017\136\365\122\104\151\271\300\272\334\317
-\175\337\174\331\304\254\206\042\062\274\173\153\221\357\172\370
-\027\150\260\342\123\125\140\055\257\076\302\203\330\331\011\053
-\360\300\144\333\207\213\221\314\221\353\004\375\166\264\225\232
-\346\024\006\033\325\064\035\276\330\377\164\034\123\205\231\340
-\131\122\112\141\355\210\236\153\111\211\106\176\040\132\331\347
-\112\345\152\356\322\145\021\103\002\003\001\000\001\243\143\060
-\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
-\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
-\001\377\060\035\006\003\125\035\016\004\026\004\024\357\221\114
-\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170\164
-\331\060\037\006\003\125\035\043\004\030\060\026\200\024\357\221
-\114\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170
-\164\331\060\015\006\011\052\206\110\206\367\015\001\001\013\005
-\000\003\202\002\001\000\176\075\124\332\042\135\032\130\076\073
-\124\047\272\272\314\310\343\032\152\352\076\371\022\353\126\137
-\075\120\316\340\352\110\046\046\317\171\126\176\221\034\231\077
-\320\241\221\034\054\017\117\230\225\131\123\275\320\042\330\210
-\135\234\067\374\373\144\301\170\214\213\232\140\011\352\325\372
-\041\137\320\164\145\347\120\305\277\056\271\013\013\255\265\260
-\027\246\022\214\324\142\170\352\126\152\354\012\322\100\303\074
-\005\060\076\115\224\267\237\112\003\323\175\047\113\266\376\104
-\316\372\031\063\032\155\244\102\321\335\314\310\310\327\026\122
-\203\117\065\224\263\022\125\175\345\342\102\353\344\234\223\011
-\300\114\133\007\253\307\155\021\240\120\027\224\043\250\265\012
-\222\017\262\172\301\140\054\070\314\032\246\133\377\362\014\343
-\252\037\034\334\270\240\223\047\336\143\343\177\041\237\072\345
-\236\372\340\023\152\165\353\226\134\142\221\224\216\147\123\266
-\211\370\022\011\313\157\122\133\003\162\206\120\225\010\324\215
-\207\206\025\037\225\044\330\244\157\232\316\244\235\233\155\322
-\262\166\006\206\306\126\010\305\353\011\332\066\302\033\133\101
-\276\141\052\343\160\346\270\246\370\266\132\304\275\041\367\377
-\252\137\241\154\166\071\146\326\352\114\125\341\000\063\233\023
-\230\143\311\157\320\001\040\011\067\122\347\014\117\076\315\274
-\365\137\226\047\247\040\002\225\340\056\350\007\101\005\037\025
-\156\326\260\344\031\340\017\002\223\000\047\162\305\213\321\124
-\037\135\112\303\100\227\176\125\246\174\301\063\004\024\001\035
-\111\040\151\013\031\223\235\156\130\042\367\100\014\106\014\043
-\143\363\071\322\177\166\121\247\364\310\241\361\014\166\042\043
-\106\122\051\055\342\243\101\007\126\151\230\322\005\011\274\151
-\307\132\141\315\217\201\140\025\115\200\335\220\342\175\304\120
-\362\214\073\156\112\307\306\346\200\053\074\201\274\021\200\026
-\020\047\327\360\315\077\171\314\163\052\303\176\123\221\326\156
-\370\365\363\307\320\121\115\216\113\245\133\346\031\027\073\326
-\201\011\334\042\334\356\216\271\304\217\123\341\147\273\063\270
-\210\025\106\317\355\151\065\377\165\015\106\363\316\161\341\305
-\153\206\102\006\271\101
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "Certinomis - Root CA"
-# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
-# Serial Number: 1 (0x1)
-# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
-# Not Valid Before: Mon Oct 21 09:17:18 2013
-# Not Valid After : Fri Oct 21 09:17:18 2033
-# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58
-# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certinomis - Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\235\160\273\001\245\244\240\030\021\056\367\034\001\271\062\305
-\064\347\210\250
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\024\012\375\215\250\050\265\070\151\333\126\176\141\042\003\077
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
-\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
-\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060
-\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155
-\151\163\040\055\040\122\157\157\164\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "OISTE WISeKey Global Root GB CA"
#
@@ -18013,6 +16746,8 @@ CKA_VALUE MULTILINE_OCTAL
\065\255\201\307\116\161\272\210\023
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "OISTE WISeKey Global Root GB CA"
# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
@@ -18148,6 +16883,8 @@ CKA_VALUE MULTILINE_OCTAL
\326\040\036\343\163\267
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SZAFIR ROOT CA2"
# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
@@ -18326,6 +17063,8 @@ CKA_VALUE MULTILINE_OCTAL
\016\265\271\276\044\217
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Certum Trusted Network CA 2"
# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
@@ -18513,6 +17252,8 @@ CKA_VALUE MULTILINE_OCTAL
\276\157\152\247\365\054\102\355\062\255\266\041\236\276\274
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Hellenic Academic and Research Institutions RootCA 2015"
# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
@@ -18649,6 +17390,8 @@ CKA_VALUE MULTILINE_OCTAL
\342\174\352\002\130\042\221
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015"
# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
@@ -18818,6 +17561,8 @@ CKA_VALUE MULTILINE_OCTAL
\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "ISRG Root X1"
# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
@@ -18981,6 +17726,8 @@ CKA_VALUE MULTILINE_OCTAL
\072\117\110\366\213\266\263
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "AC RAIZ FNMT-RCM"
# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
@@ -19106,6 +17853,8 @@ CKA_VALUE MULTILINE_OCTAL
\304\220\276\361\271
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 1"
# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
@@ -19263,6 +18012,8 @@ CKA_VALUE MULTILINE_OCTAL
\340\373\011\140\154
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 2"
# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
@@ -19363,6 +18114,8 @@ CKA_VALUE MULTILINE_OCTAL
\143\044\110\034\337\060\175\325\150\073
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 3"
# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
@@ -19467,6 +18220,8 @@ CKA_VALUE MULTILINE_OCTAL
\012\166\324\245\274\020
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Amazon Root CA 4"
# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
@@ -19503,174 +18258,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "LuxTrust Global Root 2"
-#
-# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
-# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
-# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
-# Not Valid Before: Thu Mar 05 13:21:57 2015
-# Not Valid After : Mon Mar 05 13:21:57 2035
-# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
-# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "LuxTrust Global Root 2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061
-\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165
-\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003
-\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141
-\154\040\122\157\157\164\040\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061
-\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165
-\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003
-\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141
-\154\040\122\157\157\164\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270
-\025\323\026\177\273\261
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\303\060\202\003\253\240\003\002\001\002\002\024\012
-\176\246\337\113\104\236\332\152\044\205\236\346\270\025\323\026
-\177\273\261\060\015\006\011\052\206\110\206\367\015\001\001\013
-\005\000\060\106\061\013\060\011\006\003\125\004\006\023\002\114
-\125\061\026\060\024\006\003\125\004\012\014\015\114\165\170\124
-\162\165\163\164\040\123\056\101\056\061\037\060\035\006\003\125
-\004\003\014\026\114\165\170\124\162\165\163\164\040\107\154\157
-\142\141\154\040\122\157\157\164\040\062\060\036\027\015\061\065
-\060\063\060\065\061\063\062\061\065\067\132\027\015\063\065\060
-\063\060\065\061\063\062\061\065\067\132\060\106\061\013\060\011
-\006\003\125\004\006\023\002\114\125\061\026\060\024\006\003\125
-\004\012\014\015\114\165\170\124\162\165\163\164\040\123\056\101
-\056\061\037\060\035\006\003\125\004\003\014\026\114\165\170\124
-\162\165\163\164\040\107\154\157\142\141\154\040\122\157\157\164
-\040\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
-\002\001\000\327\205\227\277\021\230\351\360\142\203\114\074\207
-\371\123\152\067\013\362\017\074\207\316\157\334\046\051\275\305
-\211\272\311\203\075\367\356\312\133\306\155\111\163\264\311\106
-\243\033\064\023\077\301\211\105\127\364\331\261\373\066\145\113
-\373\010\342\110\161\021\310\156\073\236\235\337\211\145\067\246
-\205\366\073\104\030\266\306\067\060\142\104\222\227\151\175\102
-\060\044\344\015\014\211\153\143\336\305\341\337\116\251\024\154
-\123\340\141\316\366\027\057\035\074\275\346\042\114\035\223\365
-\020\304\241\166\354\152\336\305\154\337\226\264\126\100\102\300
-\142\222\060\241\055\025\224\240\322\040\006\011\156\152\155\345
-\353\267\276\324\360\361\025\174\213\346\116\272\023\314\113\047
-\136\231\074\027\135\217\201\177\063\075\117\323\077\033\354\134
-\077\360\074\114\165\156\362\246\325\235\332\055\007\143\002\306
-\162\351\224\274\114\111\225\117\210\122\310\333\350\151\202\370
-\314\064\133\042\360\206\247\211\275\110\012\155\146\201\155\310
-\310\144\373\001\341\364\341\336\331\236\335\333\133\324\052\231
-\046\025\033\036\114\222\051\202\236\325\222\201\222\101\160\031
-\367\244\345\223\113\274\167\147\061\335\034\375\061\160\015\027
-\231\014\371\014\071\031\052\027\265\060\161\125\325\017\256\130
-\341\075\057\064\233\317\237\366\170\205\302\223\172\162\076\146
-\217\234\026\021\140\217\236\211\157\147\276\340\107\132\073\014
-\232\147\213\317\106\306\256\070\243\362\247\274\346\326\205\153
-\063\044\160\042\113\313\010\233\273\310\370\002\051\035\276\040
-\014\106\277\153\207\233\263\052\146\102\065\106\154\252\272\255
-\371\230\173\351\120\125\024\061\277\261\332\055\355\200\255\150
-\044\373\151\253\330\161\023\060\346\147\263\207\100\375\211\176
-\362\103\321\021\337\057\145\057\144\316\137\024\271\261\277\061
-\275\207\170\132\131\145\210\252\374\131\062\110\206\326\114\271
-\051\113\225\323\166\363\167\045\155\102\034\070\203\115\375\243
-\137\233\177\055\254\171\033\016\102\061\227\143\244\373\212\151
-\325\042\015\064\220\060\056\250\264\340\155\266\224\254\274\213
-\116\327\160\374\305\070\216\144\045\341\115\071\220\316\311\207
-\204\130\161\002\003\001\000\001\243\201\250\060\201\245\060\017
-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
-\102\006\003\125\035\040\004\073\060\071\060\067\006\007\053\201
-\053\001\001\001\012\060\054\060\052\006\010\053\006\001\005\005
-\007\002\001\026\036\150\164\164\160\163\072\057\057\162\145\160
-\157\163\151\164\157\162\171\056\154\165\170\164\162\165\163\164
-\056\154\165\060\016\006\003\125\035\017\001\001\377\004\004\003
-\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200\024
-\377\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123
-\370\113\174\263\060\035\006\003\125\035\016\004\026\004\024\377
-\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123\370
-\113\174\263\060\015\006\011\052\206\110\206\367\015\001\001\013
-\005\000\003\202\002\001\000\152\031\024\355\156\171\301\054\207
-\324\015\160\176\327\366\170\311\013\004\116\304\261\316\223\160
-\376\260\124\300\062\315\231\060\144\027\277\017\345\342\063\375
-\007\066\100\162\016\032\266\152\131\326\000\345\150\040\335\056
-\162\015\037\152\144\061\040\204\175\111\246\132\067\353\105\311
-\205\365\324\307\027\231\007\346\233\125\344\014\350\251\264\316
-\214\133\265\021\134\317\212\016\015\326\254\167\201\376\062\234
-\044\236\162\316\124\363\320\157\242\126\326\354\303\067\054\145
-\130\276\127\000\032\362\065\372\353\173\061\135\302\301\022\075
-\226\201\210\226\211\301\131\134\172\346\177\160\064\347\203\342
-\261\341\341\270\130\357\324\225\344\140\234\360\226\227\162\214
-\353\204\002\056\145\217\244\267\322\177\147\335\310\323\236\134
-\252\251\244\240\045\024\006\233\354\117\176\055\013\177\035\165
-\361\063\330\355\316\270\165\155\076\133\271\230\035\061\015\126
-\330\103\017\060\221\262\004\153\335\126\276\225\200\125\147\276
-\330\315\203\331\030\356\056\017\206\055\222\236\160\023\354\336
-\121\311\103\170\002\245\115\310\371\137\304\221\130\106\026\167
-\132\164\252\100\274\007\237\060\271\261\367\022\027\335\343\377
-\044\100\035\172\152\321\117\030\012\252\220\035\353\100\036\337
-\241\036\104\222\020\232\362\215\341\321\113\106\236\350\105\102
-\227\352\105\231\363\354\146\325\002\372\362\246\112\044\252\336
-\316\271\312\371\077\223\157\371\243\272\352\245\076\231\255\375
-\377\173\231\365\145\356\360\131\050\147\327\220\225\244\023\204
-\251\204\301\350\316\316\165\223\143\032\274\074\352\325\144\037
-\055\052\022\071\306\303\132\062\355\107\221\026\016\274\070\301
-\120\336\217\312\052\220\064\034\356\101\224\234\136\031\056\370
-\105\111\231\164\221\260\004\157\343\004\132\261\253\052\253\376
-\307\320\226\266\332\341\112\144\006\156\140\115\275\102\116\377
-\170\332\044\312\033\264\327\226\071\154\256\361\016\252\247\175
-\110\213\040\114\317\144\326\270\227\106\260\116\321\052\126\072
-\240\223\275\257\200\044\340\012\176\347\312\325\312\350\205\125
-\334\066\052\341\224\150\223\307\146\162\104\017\200\041\062\154
-\045\307\043\200\203\012\353
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "LuxTrust Global Root 2"
-# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
-# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
-# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
-# Not Valid Before: Thu Mar 05 13:21:57 2015
-# Not Valid After : Mon Mar 05 13:21:57 2035
-# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
-# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "LuxTrust Global Root 2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\036\016\126\031\012\321\213\045\230\262\004\104\377\146\212\004
-\027\231\137\077
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\262\341\011\000\141\257\367\361\221\157\304\255\215\136\073\174
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061
-\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165
-\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003
-\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141
-\154\040\122\157\157\164\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270
-\025\323\026\177\273\261
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
#
@@ -19783,6 +18370,8 @@ CKA_VALUE MULTILINE_OCTAL
\322\063\340\377\275\321\124\071\051\017
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
@@ -19937,6 +18526,8 @@ CKA_VALUE MULTILINE_OCTAL
\157\374\132\344\202\125\131\257\061\251
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
@@ -19950,279 +18541,13 @@ CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302
-\121\324\035\217
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\066
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261
-\377\101
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
-#
-# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
-# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Not Valid Before: Wed Oct 05 00:00:00 2011
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
-# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\064
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\064
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074
-\304\330
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\041
-\156\063\245\313\323\210\244\157\051\007\264\047\074\304\330\060
-\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013
-\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006
-\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103
-\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003
-\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162
-\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006
-\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103
-\154\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162
-\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040
-\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060
-\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065
-\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002
-\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155
-\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157
-\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141
-\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157
-\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155
-\141\156\164\145\143\040\103\154\141\163\163\040\061\040\120\165
-\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162
-\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
-\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052
-\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
-\004\327\146\265\033\333\256\263\140\356\106\352\210\143\165\073
-\052\224\155\363\137\022\366\343\017\236\266\012\024\123\110\122
-\310\334\072\263\313\110\040\046\022\116\372\211\204\324\337\221
-\344\051\175\050\001\331\333\030\103\151\241\037\265\323\206\026
-\334\307\177\147\043\337\337\061\061\203\003\065\160\261\113\267
-\310\027\273\121\313\334\224\027\333\352\011\073\166\022\336\252
-\265\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
-\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
-\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
-\024\145\300\215\045\365\014\272\227\167\220\077\236\056\340\132
-\365\316\325\341\344\060\012\006\010\052\206\110\316\075\004\003
-\003\003\151\000\060\146\002\061\000\245\256\343\106\123\370\230
-\066\343\042\372\056\050\111\015\356\060\176\063\363\354\077\161
-\136\314\125\211\170\231\254\262\375\334\034\134\063\216\051\271
-\153\027\310\021\150\265\334\203\007\002\061\000\234\310\104\332
-\151\302\066\303\124\031\020\205\002\332\235\107\357\101\347\154
-\046\235\011\075\367\155\220\321\005\104\057\260\274\203\223\150
-\362\014\105\111\071\277\231\004\034\323\020\240
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
-# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
-# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Not Valid Before: Wed Oct 05 00:00:00 2011
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
-# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\204\362\343\335\203\023\076\251\035\031\122\177\002\327\051\277
-\301\137\346\147
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\004\345\200\077\125\377\131\207\244\062\322\025\245\345\252\346
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\064
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074
-\304\330
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
-#
-# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
-# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Not Valid Before: Wed Oct 05 00:00:00 2011
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
-# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\064
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\064
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125
-\246\036
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\064
-\027\145\022\100\073\267\126\200\055\200\313\171\125\246\036\060
-\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013
-\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006
-\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103
-\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003
-\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162
-\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006
-\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103
-\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162
-\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040
-\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060
-\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065
-\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002
-\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155
-\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157
-\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141
-\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157
-\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155
-\141\156\164\145\143\040\103\154\141\163\163\040\062\040\120\165
-\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162
-\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
-\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052
-\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
-\004\321\331\112\216\114\015\204\112\121\272\174\357\323\314\372
-\072\232\265\247\143\023\075\001\340\111\076\372\301\107\311\222
-\263\072\327\376\157\234\367\232\072\017\365\016\012\012\303\077
-\310\347\022\024\216\325\325\155\230\054\263\161\062\012\353\052
-\275\366\327\152\040\013\147\105\234\322\262\277\123\042\146\011
-\135\333\021\363\361\005\063\130\243\342\270\317\174\315\202\233
-\275\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
-\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
-\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
-\024\075\062\363\072\251\014\220\204\371\242\214\151\006\141\124
-\057\207\162\376\005\060\012\006\010\052\206\110\316\075\004\003
-\003\003\151\000\060\146\002\061\000\310\246\251\257\101\177\265
-\311\021\102\026\150\151\114\134\270\047\030\266\230\361\300\177
-\220\155\207\323\214\106\027\360\076\117\374\352\260\010\304\172
-\113\274\010\057\307\342\247\157\145\002\061\000\326\131\336\206
-\316\137\016\312\124\325\306\320\025\016\374\213\224\162\324\216
-\000\130\123\317\176\261\113\015\345\120\206\353\236\153\337\377
-\051\246\330\107\331\240\226\030\333\362\105\263
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
-# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
-# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Not Valid Before: Wed Oct 05 00:00:00 2011
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
-# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4"
+CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054
-\251\165\375\053
+\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302
+\121\324\035\217
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226
+\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -20234,11 +18559,11 @@ CKA_ISSUER MULTILINE_OCTAL
\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\064
+\164\171\040\055\040\107\066
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125
-\246\036
+\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261
+\377\101
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
@@ -20348,6 +18673,8 @@ CKA_VALUE MULTILINE_OCTAL
\137\134
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "D-TRUST Root CA 3 2013"
# Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE
@@ -20510,6 +18837,8 @@ CKA_VALUE MULTILINE_OCTAL
\237\042\136\242\017\241\343
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
# Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
@@ -20685,6 +19014,8 @@ CKA_VALUE MULTILINE_OCTAL
\250\267\101\154\007\335\275\074\206\227\057\322
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GDCA TrustAUTH R5 ROOT"
# Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
@@ -20840,6 +19171,8 @@ CKA_VALUE MULTILINE_OCTAL
\132\171\054\031
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TrustCor RootCert CA-1"
# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
@@ -21031,6 +19364,8 @@ CKA_VALUE MULTILINE_OCTAL
\326\354\011
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TrustCor RootCert CA-2"
# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
@@ -21187,6 +19522,8 @@ CKA_VALUE MULTILINE_OCTAL
\264\237\327\346
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "TrustCor ECA-1"
# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
@@ -21366,6 +19703,8 @@ CKA_VALUE MULTILINE_OCTAL
\271
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com Root Certification Authority RSA"
# Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21490,6 +19829,8 @@ CKA_VALUE MULTILINE_OCTAL
\145
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com Root Certification Authority ECC"
# Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21669,6 +20010,8 @@ CKA_VALUE MULTILINE_OCTAL
\040\022\215\264\254\127\261\105\143\241\254\166\251\302\373
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com EV Root Certification Authority RSA R2"
# Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21796,6 +20139,8 @@ CKA_VALUE MULTILINE_OCTAL
\371\007\340\142\232\214\134\112
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "SSL.com EV Root Certification Authority ECC"
# Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21962,6 +20307,8 @@ CKA_VALUE MULTILINE_OCTAL
\147\203\005\132\311\244\020
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GlobalSign Root CA - R6"
# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6
@@ -22079,6 +20426,8 @@ CKA_VALUE MULTILINE_OCTAL
\242\355\357\173\260\200\117\130\017\113\123\071\275
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "OISTE WISeKey Global Root GC CA"
# Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
@@ -22242,6 +20591,8 @@ CKA_VALUE MULTILINE_OCTAL
\361\306\143\107\125\034\272\245\010\121\165\246\110\045
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R1"
# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
@@ -22403,6 +20754,8 @@ CKA_VALUE MULTILINE_OCTAL
\267\375\054\010\122\117\202\335\243\360\324\206\011\002
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R2"
# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US
@@ -22511,6 +20864,8 @@ CKA_VALUE MULTILINE_OCTAL
\232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R3"
# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US
@@ -22619,6 +20974,8 @@ CKA_VALUE MULTILINE_OCTAL
\161\314\362\260\115\326\376\231\310\224\251\165\242\343
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "GTS Root R4"
# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US
@@ -22777,6 +21134,8 @@ CKA_VALUE MULTILINE_OCTAL
\120\037\212\373\006\365\302\031\360\320
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "UCA Global G2 Root"
# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN
@@ -22937,6 +21296,8 @@ CKA_VALUE MULTILINE_OCTAL
\177\275\145\040\262\311\301\053\166\030\166\237\126\261
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "UCA Extended Validation Root"
# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN
@@ -23116,6 +21477,8 @@ CKA_VALUE MULTILINE_OCTAL
\045\124\377\242\332\117\212\141\071\136\256\075\112\214\275
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Certigna Root CA"
# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
@@ -23253,6 +21616,8 @@ CKA_VALUE MULTILINE_OCTAL
\210\336\272\314\037\200\176\112
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign Root CA - G1"
# Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
@@ -23370,6 +21735,8 @@ CKA_VALUE MULTILINE_OCTAL
\054\243
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign ECC Root CA - G3"
# Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
@@ -23503,6 +21870,8 @@ CKA_VALUE MULTILINE_OCTAL
\361\337\312\276\203\015\102
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign Root CA - C1"
# Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
@@ -23614,6 +21983,8 @@ CKA_VALUE MULTILINE_OCTAL
\276\201\007\125\060\120\040\024\365\127\070\012\250\061\121
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "emSign ECC Root CA - C3"
# Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
@@ -23789,6 +22160,8 @@ CKA_VALUE MULTILINE_OCTAL
\232\233\364
END
CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
# Trust for "Hongkong Post Root CA 3"
# Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
@@ -23828,3 +22201,779 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Entrust Root Certification Authority - G4"
+#
+# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
+# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Wed May 27 11:11:16 2015
+# Not Valid After : Sun Dec 27 11:41:16 2037
+# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
+# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125
+\145\255\130
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\113\060\202\004\063\240\003\002\001\002\002\021\000
+\331\265\103\177\257\251\071\017\000\000\000\000\125\145\255\130
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165\163
+\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162\155
+\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040
+\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111\156
+\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162\151
+\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060\060
+\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040\122
+\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107\064
+\060\036\027\015\061\065\060\065\062\067\061\061\061\061\061\066
+\132\027\015\063\067\061\062\062\067\061\061\064\061\061\066\132
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\261\354\054\102\356\342\321\060\377\245\222\107\342\055
+\303\272\144\227\155\312\367\015\265\131\301\263\313\250\150\031
+\330\257\204\155\060\160\135\176\363\056\322\123\231\341\376\037
+\136\331\110\257\135\023\215\333\377\143\063\115\323\000\002\274
+\304\370\321\006\010\224\171\130\212\025\336\051\263\375\375\304
+\117\350\252\342\240\073\171\315\277\153\103\062\335\331\164\020
+\271\367\364\150\324\273\320\207\325\252\113\212\052\157\052\004
+\265\262\246\307\240\172\346\110\253\322\321\131\314\326\176\043
+\346\227\154\360\102\345\334\121\113\025\101\355\111\112\311\336
+\020\227\326\166\301\357\245\265\066\024\227\065\330\170\042\065
+\122\357\103\275\333\047\333\141\126\202\064\334\313\210\140\014
+\013\132\345\054\001\306\124\257\327\252\301\020\173\322\005\132
+\270\100\236\206\247\303\220\206\002\126\122\011\172\234\322\047
+\202\123\112\145\122\152\365\074\347\250\362\234\257\213\275\323
+\016\324\324\136\156\207\236\152\075\105\035\321\135\033\364\351
+\012\254\140\231\373\211\264\377\230\054\317\174\035\351\002\252
+\004\232\036\270\334\210\156\045\263\154\146\367\074\220\363\127
+\301\263\057\365\155\362\373\312\241\370\051\235\106\213\263\152
+\366\346\147\007\276\054\147\012\052\037\132\262\076\127\304\323
+\041\041\143\145\122\221\033\261\231\216\171\176\346\353\215\000
+\331\132\252\352\163\350\244\202\002\107\226\376\133\216\124\141
+\243\353\057\113\060\260\213\043\165\162\174\041\074\310\366\361
+\164\324\034\173\243\005\125\356\273\115\073\062\276\232\167\146
+\236\254\151\220\042\007\037\141\072\226\276\345\232\117\314\005
+\074\050\131\323\301\014\124\250\131\141\275\310\162\114\350\334
+\237\207\177\275\234\110\066\136\225\243\016\271\070\044\125\374
+\165\146\353\002\343\010\064\051\112\306\343\053\057\063\240\332
+\243\206\245\022\227\375\200\053\332\024\102\343\222\275\076\362
+\135\136\147\164\056\034\210\107\051\064\137\342\062\250\234\045
+\067\214\272\230\000\227\213\111\226\036\375\045\212\254\334\332
+\330\135\164\156\146\260\377\104\337\241\030\306\276\110\057\067
+\224\170\370\225\112\077\177\023\136\135\131\375\164\206\103\143
+\163\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
+\125\035\016\004\026\004\024\237\070\304\126\043\303\071\350\240
+\161\154\350\124\114\344\350\072\261\277\147\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\022
+\345\102\246\173\213\017\014\344\106\245\266\140\100\207\214\045
+\176\255\270\150\056\133\306\100\166\074\003\370\311\131\364\363
+\253\142\316\020\215\264\132\144\214\150\300\260\162\103\064\322
+\033\013\366\054\123\322\312\220\113\206\146\374\252\203\042\364
+\213\032\157\046\110\254\166\167\010\277\305\230\134\364\046\211
+\236\173\303\271\144\062\001\177\323\303\335\130\155\354\261\253
+\204\125\164\167\204\004\047\122\153\206\114\316\335\271\145\377
+\326\306\136\237\232\020\231\113\165\152\376\152\351\227\040\344
+\344\166\172\306\320\044\252\220\315\040\220\272\107\144\373\177
+\007\263\123\170\265\012\142\362\163\103\316\101\053\201\152\056
+\205\026\224\123\324\153\137\162\042\253\121\055\102\325\000\234
+\231\277\336\273\224\073\127\375\232\365\206\313\126\073\133\210
+\001\345\174\050\113\003\371\111\203\174\262\177\174\343\355\216
+\241\177\140\123\216\125\235\120\064\022\017\267\227\173\154\207
+\112\104\347\365\155\354\200\067\360\130\031\156\112\150\166\360
+\037\222\344\352\265\222\323\141\121\020\013\255\247\331\137\307
+\137\334\037\243\134\214\241\176\233\267\236\323\126\157\146\136
+\007\226\040\355\013\164\373\146\116\213\021\025\351\201\111\176
+\157\260\324\120\177\042\327\137\145\002\015\246\364\205\036\330
+\256\006\113\112\247\322\061\146\302\370\316\345\010\246\244\002
+\226\104\150\127\304\325\063\317\031\057\024\304\224\034\173\244
+\331\360\237\016\261\200\342\321\236\021\144\251\210\021\072\166
+\202\345\142\302\200\330\244\203\355\223\357\174\057\220\260\062
+\114\226\025\150\110\122\324\231\010\300\044\350\034\343\263\245
+\041\016\222\300\220\037\317\040\137\312\073\070\307\267\155\072
+\363\346\104\270\016\061\153\210\216\160\353\234\027\122\250\101
+\224\056\207\266\347\246\022\305\165\337\133\300\012\156\173\244
+\344\136\206\371\066\224\337\167\303\351\015\300\071\361\171\273
+\106\216\253\103\131\047\267\040\273\043\351\126\100\041\354\061
+\075\145\252\103\362\075\337\160\104\341\272\115\046\020\073\230
+\237\363\310\216\033\070\126\041\152\121\223\323\221\312\106\332
+\211\267\075\123\203\054\010\037\213\217\123\335\377\254\037
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Entrust Root Certification Authority - G4"
+# Issuer: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number:00:d9:b5:43:7f:af:a9:39:0f:00:00:00:00:55:65:ad:58
+# Subject: CN=Entrust Root Certification Authority - G4,OU="(c) 2015 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Wed May 27 11:11:16 2015
+# Not Valid After : Sun Dec 27 11:41:16 2037
+# Fingerprint (SHA-256): DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
+# Fingerprint (SHA1): 14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\024\210\116\206\046\067\260\046\257\131\142\134\100\167\354\065
+\051\272\226\001
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\211\123\361\203\043\267\174\216\005\361\214\161\070\116\037\210
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\065\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\331\265\103\177\257\251\071\017\000\000\000\000\125
+\145\255\130
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Microsoft ECC Root Certificate Authority 2017"
+#
+# Issuer: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Serial Number:66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec
+# Subject: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Not Valid Before: Wed Dec 18 23:06:45 2019
+# Not Valid After : Fri Jul 18 23:16:04 2042
+# Fingerprint (SHA-256): 35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02
+# Fingerprint (SHA1): 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsoft ECC Root Certificate Authority 2017"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163
+\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163
+\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\040\062\060\061\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163
+\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163
+\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\040\062\060\061\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\146\362\075\257\207\336\213\261\112\352\014\127\061\001
+\302\354
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\131\060\202\001\337\240\003\002\001\002\002\020\146
+\362\075\257\207\336\213\261\112\352\014\127\061\001\302\354\060
+\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\036\060\034\006\003
+\125\004\012\023\025\115\151\143\162\157\163\157\146\164\040\103
+\157\162\160\157\162\141\164\151\157\156\061\066\060\064\006\003
+\125\004\003\023\055\115\151\143\162\157\163\157\146\164\040\105
+\103\103\040\122\157\157\164\040\103\145\162\164\151\146\151\143
+\141\164\145\040\101\165\164\150\157\162\151\164\171\040\062\060
+\061\067\060\036\027\015\061\071\061\062\061\070\062\063\060\066
+\064\065\132\027\015\064\062\060\067\061\070\062\063\061\066\060
+\064\132\060\145\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\036\060\034\006\003\125\004\012\023\025\115\151\143\162
+\157\163\157\146\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\066\060\064\006\003\125\004\003\023\055\115\151\143\162
+\157\163\157\146\164\040\105\103\103\040\122\157\157\164\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171\040\062\060\061\067\060\166\060\020\006\007\052
+\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
+\004\324\274\075\002\102\165\101\023\043\315\200\004\206\002\121
+\057\152\250\201\142\013\145\314\366\312\235\036\157\112\146\121
+\242\003\331\235\221\372\266\026\261\214\156\336\174\315\333\171
+\246\057\316\273\316\161\057\345\245\253\050\354\143\004\146\231
+\370\372\362\223\020\005\341\201\050\102\343\306\150\364\346\033
+\204\140\112\211\257\355\171\017\073\316\361\366\104\365\001\170
+\300\243\124\060\122\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
+\024\310\313\231\162\160\122\014\370\346\276\262\004\127\051\052
+\317\102\020\355\065\060\020\006\011\053\006\001\004\001\202\067
+\025\001\004\003\002\001\000\060\012\006\010\052\206\110\316\075
+\004\003\003\003\150\000\060\145\002\060\130\362\115\352\014\371
+\137\136\356\140\051\313\072\362\333\326\062\204\031\077\174\325
+\057\302\261\314\223\256\120\273\011\062\306\306\355\176\311\066
+\224\022\344\150\205\006\242\033\320\057\002\061\000\231\351\026
+\264\016\372\126\110\324\244\060\026\221\170\333\124\214\145\001
+\212\347\120\146\302\061\267\071\272\270\032\042\007\116\374\153
+\124\026\040\377\053\265\347\114\014\115\246\117\163
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Microsoft ECC Root Certificate Authority 2017"
+# Issuer: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Serial Number:66:f2:3d:af:87:de:8b:b1:4a:ea:0c:57:31:01:c2:ec
+# Subject: CN=Microsoft ECC Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Not Valid Before: Wed Dec 18 23:06:45 2019
+# Not Valid After : Fri Jul 18 23:16:04 2042
+# Fingerprint (SHA-256): 35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02
+# Fingerprint (SHA1): 99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsoft ECC Root Certificate Authority 2017"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\231\232\144\303\177\364\175\237\253\225\361\107\151\211\024\140
+\356\304\303\305
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\335\241\003\346\112\223\020\321\277\360\031\102\313\376\355\147
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163
+\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163
+\157\146\164\040\105\103\103\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\040\062\060\061\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\146\362\075\257\207\336\213\261\112\352\014\127\061\001
+\302\354
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Microsoft RSA Root Certificate Authority 2017"
+#
+# Issuer: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Serial Number:1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3
+# Subject: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Not Valid Before: Wed Dec 18 22:51:22 2019
+# Not Valid After : Fri Jul 18 23:00:23 2042
+# Fingerprint (SHA-256): C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0
+# Fingerprint (SHA1): 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsoft RSA Root Certificate Authority 2017"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163
+\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163
+\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\040\062\060\061\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163
+\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163
+\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\040\062\060\061\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\036\323\227\011\137\330\264\263\107\160\036\252\276\177
+\105\263
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\250\060\202\003\220\240\003\002\001\002\002\020\036
+\323\227\011\137\330\264\263\107\160\036\252\276\177\105\263\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\145
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\036\060
+\034\006\003\125\004\012\023\025\115\151\143\162\157\163\157\146
+\164\040\103\157\162\160\157\162\141\164\151\157\156\061\066\060
+\064\006\003\125\004\003\023\055\115\151\143\162\157\163\157\146
+\164\040\122\123\101\040\122\157\157\164\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+\040\062\060\061\067\060\036\027\015\061\071\061\062\061\070\062
+\062\065\061\062\062\132\027\015\064\062\060\067\061\070\062\063
+\060\060\062\063\132\060\145\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\036\060\034\006\003\125\004\012\023\025\115
+\151\143\162\157\163\157\146\164\040\103\157\162\160\157\162\141
+\164\151\157\156\061\066\060\064\006\003\125\004\003\023\055\115
+\151\143\162\157\163\157\146\164\040\122\123\101\040\122\157\157
+\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165
+\164\150\157\162\151\164\171\040\062\060\061\067\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\312\133\276
+\224\063\214\051\225\221\026\012\225\275\107\142\301\211\363\231
+\066\337\106\220\311\245\355\170\152\157\107\221\150\370\047\147
+\120\063\035\241\246\373\340\345\103\243\204\002\127\001\135\234
+\110\100\202\123\020\274\277\307\073\150\220\266\202\055\345\364
+\145\320\314\155\031\314\225\371\173\254\112\224\255\016\336\113
+\103\035\207\007\222\023\220\200\203\144\065\071\004\374\345\351
+\154\263\266\037\120\224\070\145\120\134\027\106\271\266\205\265
+\034\265\027\350\326\105\235\330\262\046\260\312\304\160\112\256
+\140\244\335\263\331\354\374\073\325\127\162\274\077\310\311\262
+\336\113\153\370\043\154\003\300\005\275\225\307\315\163\073\146
+\200\144\343\032\254\056\371\107\005\362\006\266\233\163\365\170
+\063\133\307\241\373\047\052\241\264\232\221\214\221\323\072\202
+\076\166\100\264\315\122\141\121\160\050\077\305\305\132\362\311
+\214\111\273\024\133\115\310\377\147\115\114\022\226\255\365\376
+\170\250\227\207\327\375\136\040\200\334\241\113\042\373\324\211
+\255\272\316\107\227\107\125\173\217\105\310\147\050\204\225\034
+\150\060\357\357\111\340\065\173\144\347\230\260\224\332\115\205
+\073\076\125\304\050\257\127\363\236\023\333\106\047\237\036\242
+\136\104\203\244\245\312\325\023\263\113\077\304\343\302\346\206
+\141\244\122\060\271\172\040\117\157\017\070\123\313\063\014\023
+\053\217\326\232\275\052\310\055\261\034\175\113\121\312\107\321
+\110\047\162\135\207\353\325\105\346\110\145\235\257\122\220\272
+\133\242\030\145\127\022\237\150\271\324\025\153\224\304\151\042
+\230\364\063\340\355\371\121\216\101\120\311\064\117\166\220\254
+\374\070\301\330\341\173\271\343\343\224\341\106\151\313\016\012
+\120\153\023\272\254\017\067\132\267\022\265\220\201\036\126\256
+\127\042\206\331\311\322\321\327\121\343\253\073\306\125\375\036
+\016\323\164\012\321\332\252\352\151\270\227\050\217\110\304\007
+\370\122\103\072\364\312\125\065\054\260\246\152\300\234\371\362
+\201\341\022\152\300\105\331\147\263\316\377\043\242\211\012\124
+\324\024\271\052\250\327\354\371\253\315\045\130\062\171\217\220
+\133\230\071\304\010\006\301\254\177\016\075\000\245\002\003\001
+\000\001\243\124\060\122\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\011\313\131\177\206\262\160\217\032\303\071\343\300\331
+\351\277\273\115\262\043\060\020\006\011\053\006\001\004\001\202
+\067\025\001\004\003\002\001\000\060\015\006\011\052\206\110\206
+\367\015\001\001\014\005\000\003\202\002\001\000\254\257\076\135
+\302\021\226\211\216\243\347\222\326\227\025\270\023\242\246\102
+\056\002\315\026\005\131\047\312\040\350\272\270\350\032\354\115
+\250\227\126\256\145\103\261\217\000\233\122\315\125\315\123\071
+\155\142\114\213\015\133\174\056\104\277\203\020\217\363\123\202
+\200\303\117\072\307\156\021\077\346\343\026\221\204\373\155\204
+\177\064\164\255\211\247\316\271\327\327\237\204\144\222\276\225
+\241\255\011\123\063\335\356\012\352\112\121\216\157\125\253\272
+\265\224\106\256\214\177\330\242\120\045\145\140\200\106\333\063
+\004\256\154\265\230\164\124\045\334\223\344\370\343\125\025\075
+\270\155\303\012\244\022\301\151\205\156\337\144\361\123\231\341
+\112\165\040\235\225\017\344\326\334\003\361\131\030\350\107\211
+\262\127\132\224\266\251\330\027\053\027\111\345\166\313\301\126
+\231\072\067\261\377\151\054\221\221\223\341\337\114\243\067\166
+\115\241\237\370\155\036\035\323\372\354\373\364\105\035\023\155
+\317\367\131\345\042\047\162\053\206\363\127\273\060\355\044\115
+\334\175\126\273\243\263\370\064\171\211\301\340\362\002\141\367
+\246\374\017\273\034\027\013\256\101\331\174\275\047\243\375\056
+\072\321\223\224\261\163\035\044\213\257\133\040\211\255\267\147
+\146\171\365\072\306\246\226\063\376\123\222\310\106\261\021\221
+\306\231\177\217\311\326\146\061\040\101\020\207\055\014\326\301
+\257\064\230\312\144\203\373\023\127\321\301\360\074\172\214\245
+\301\375\225\041\240\161\301\223\147\161\022\352\217\210\012\151
+\031\144\231\043\126\373\254\052\056\160\276\146\304\014\204\357
+\345\213\363\223\001\370\152\220\223\147\113\262\150\243\265\142
+\217\351\077\214\172\073\136\017\347\214\270\306\174\357\067\375
+\164\342\310\117\063\162\341\224\071\155\275\022\257\276\014\116
+\160\174\033\157\215\263\062\223\163\104\026\155\350\364\367\340
+\225\200\217\226\135\070\244\364\253\336\012\060\207\223\330\115
+\000\161\142\105\047\113\072\102\204\133\177\145\267\147\064\122
+\055\234\026\153\252\250\330\173\243\102\114\161\307\014\312\076
+\203\344\246\357\267\001\060\136\121\243\171\365\160\151\246\101
+\104\017\206\260\054\221\306\075\352\256\017\204
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Microsoft RSA Root Certificate Authority 2017"
+# Issuer: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Serial Number:1e:d3:97:09:5f:d8:b4:b3:47:70:1e:aa:be:7f:45:b3
+# Subject: CN=Microsoft RSA Root Certificate Authority 2017,O=Microsoft Corporation,C=US
+# Not Valid Before: Wed Dec 18 22:51:22 2019
+# Not Valid After : Fri Jul 18 23:00:23 2042
+# Fingerprint (SHA-256): C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0
+# Fingerprint (SHA1): 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsoft RSA Root Certificate Authority 2017"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\163\245\346\112\073\377\203\026\377\016\334\314\141\212\220\156
+\116\256\115\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\020\377\000\377\317\311\370\307\172\300\356\065\216\311\017\107
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\036\060\034\006\003\125\004\012\023\025\115\151\143\162\157\163
+\157\146\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\066\060\064\006\003\125\004\003\023\055\115\151\143\162\157\163
+\157\146\164\040\122\123\101\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\040\062\060\061\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\036\323\227\011\137\330\264\263\107\160\036\252\276\177
+\105\263
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "e-Szigno Root CA 2017"
+#
+# Issuer: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:01:54:48:ef:21:fd:97:59:0d:f5:04:0a
+# Subject: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Aug 22 12:07:06 2017
+# Not Valid After : Fri Aug 22 12:07:06 2042
+# Fingerprint (SHA-256): BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99
+# Fingerprint (SHA1): 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "e-Szigno Root CA 2017"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
+\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
+\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055
+\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062
+\060\061\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
+\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
+\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055
+\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062
+\060\061\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\001\124\110\357\041\375\227\131\015\365\004\012
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\100\060\202\001\345\240\003\002\001\002\002\014\001
+\124\110\357\041\375\227\131\015\365\004\012\060\012\006\010\052
+\206\110\316\075\004\003\002\060\161\061\013\060\011\006\003\125
+\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007\014
+\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003\125
+\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164\144
+\056\061\027\060\025\006\003\125\004\141\014\016\126\101\124\110
+\125\055\062\063\065\070\064\064\071\067\061\036\060\034\006\003
+\125\004\003\014\025\145\055\123\172\151\147\156\157\040\122\157
+\157\164\040\103\101\040\062\060\061\067\060\036\027\015\061\067
+\060\070\062\062\061\062\060\067\060\066\132\027\015\064\062\060
+\070\062\062\061\062\060\067\060\066\132\060\161\061\013\060\011
+\006\003\125\004\006\023\002\110\125\061\021\060\017\006\003\125
+\004\007\014\010\102\165\144\141\160\145\163\164\061\026\060\024
+\006\003\125\004\012\014\015\115\151\143\162\157\163\145\143\040
+\114\164\144\056\061\027\060\025\006\003\125\004\141\014\016\126
+\101\124\110\125\055\062\063\065\070\064\064\071\067\061\036\060
+\034\006\003\125\004\003\014\025\145\055\123\172\151\147\156\157
+\040\122\157\157\164\040\103\101\040\062\060\061\067\060\131\060
+\023\006\007\052\206\110\316\075\002\001\006\010\052\206\110\316
+\075\003\001\007\003\102\000\004\226\334\075\212\330\260\173\157
+\306\047\276\104\220\261\263\126\025\173\216\103\044\175\032\204
+\131\356\143\150\262\306\136\207\320\025\110\036\250\220\255\275
+\123\242\332\336\072\220\246\140\137\150\062\265\206\101\337\207
+\133\054\173\305\376\174\172\332\243\143\060\141\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\207\021\025\010\321\252\301\170
+\014\261\257\316\306\311\220\357\277\060\004\300\060\037\006\003
+\125\035\043\004\030\060\026\200\024\207\021\025\010\321\252\301
+\170\014\261\257\316\306\311\220\357\277\060\004\300\060\012\006
+\010\052\206\110\316\075\004\003\002\003\111\000\060\106\002\041
+\000\265\127\335\327\212\125\013\066\341\206\104\372\324\331\150
+\215\270\334\043\212\212\015\324\057\175\352\163\354\277\115\154
+\250\002\041\000\313\245\264\022\372\347\265\350\317\176\223\374
+\363\065\217\157\116\132\174\264\274\116\262\374\162\252\133\131
+\371\347\334\061
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "e-Szigno Root CA 2017"
+# Issuer: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:01:54:48:ef:21:fd:97:59:0d:f5:04:0a
+# Subject: CN=e-Szigno Root CA 2017,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Aug 22 12:07:06 2017
+# Not Valid After : Fri Aug 22 12:07:06 2042
+# Fingerprint (SHA-256): BE:B0:0B:30:83:9B:9B:C3:2C:32:E4:44:79:05:95:06:41:F2:64:21:B1:5E:D0:89:19:8B:51:8A:E2:EA:1B:99
+# Fingerprint (SHA1): 89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "e-Szigno Root CA 2017"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\211\324\203\003\117\236\232\110\200\137\162\067\324\251\246\357
+\313\174\037\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\336\037\366\236\204\256\247\264\041\316\036\130\175\321\204\230
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\161\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
+\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
+\064\071\067\061\036\060\034\006\003\125\004\003\014\025\145\055
+\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040\062
+\060\061\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\001\124\110\357\041\375\227\131\015\365\004\012
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "certSIGN Root CA G2"
+#
+# Issuer: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO
+# Serial Number:11:00:34:b6:4e:c6:36:2d:36
+# Subject: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO
+# Not Valid Before: Mon Feb 06 09:27:35 2017
+# Not Valid After : Thu Feb 06 09:27:35 2042
+# Fingerprint (SHA-256): 65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05
+# Fingerprint (SHA1): 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "certSIGN Root CA G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061
+\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111
+\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023
+\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101
+\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061
+\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111
+\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023
+\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101
+\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\021\000\064\266\116\306\066\055\066
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\107\060\202\003\057\240\003\002\001\002\002\011\021
+\000\064\266\116\306\066\055\066\060\015\006\011\052\206\110\206
+\367\015\001\001\013\005\000\060\101\061\013\060\011\006\003\125
+\004\006\023\002\122\117\061\024\060\022\006\003\125\004\012\023
+\013\103\105\122\124\123\111\107\116\040\123\101\061\034\060\032
+\006\003\125\004\013\023\023\143\145\162\164\123\111\107\116\040
+\122\117\117\124\040\103\101\040\107\062\060\036\027\015\061\067
+\060\062\060\066\060\071\062\067\063\065\132\027\015\064\062\060
+\062\060\066\060\071\062\067\063\065\132\060\101\061\013\060\011
+\006\003\125\004\006\023\002\122\117\061\024\060\022\006\003\125
+\004\012\023\013\103\105\122\124\123\111\107\116\040\123\101\061
+\034\060\032\006\003\125\004\013\023\023\143\145\162\164\123\111
+\107\116\040\122\117\117\124\040\103\101\040\107\062\060\202\002
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\002\017\000\060\202\002\012\002\202\002\001\000\300\305
+\165\031\221\175\104\164\164\207\376\016\073\226\334\330\001\026
+\314\356\143\221\347\013\157\316\073\012\151\032\174\302\343\257
+\202\216\206\327\136\217\127\353\323\041\131\375\071\067\102\060
+\276\120\352\266\017\251\210\330\056\055\151\041\347\321\067\030
+\116\175\221\325\026\137\153\133\000\302\071\103\015\066\205\122
+\271\123\145\017\035\102\345\217\317\005\323\356\334\014\032\331
+\270\213\170\042\147\344\151\260\150\305\074\344\154\132\106\347
+\315\307\372\357\304\354\113\275\152\244\254\375\314\050\121\357
+\222\264\051\253\253\065\232\114\344\304\010\306\046\314\370\151
+\237\344\234\360\051\323\134\371\306\026\045\236\043\303\040\301
+\075\017\077\070\100\260\376\202\104\070\252\132\032\212\153\143
+\130\070\264\025\323\266\021\151\173\036\124\356\214\032\042\254
+\162\227\077\043\131\233\311\042\204\301\007\117\314\177\342\127
+\312\022\160\273\246\145\363\151\165\143\275\225\373\033\227\315
+\344\250\257\366\321\116\250\331\212\161\044\315\066\075\274\226
+\304\361\154\251\256\345\317\015\156\050\015\260\016\265\312\121
+\173\170\024\303\040\057\177\373\024\125\341\021\231\375\325\012
+\241\236\002\343\142\137\353\065\113\054\270\162\350\076\075\117
+\254\054\273\056\206\342\243\166\217\345\223\052\317\245\253\310
+\134\215\113\006\377\022\106\254\170\313\024\007\065\340\251\337
+\213\351\257\025\117\026\211\133\275\366\215\306\131\256\210\205
+\016\301\211\353\037\147\305\105\216\377\155\067\066\053\170\146
+\203\221\121\053\075\377\121\167\166\142\241\354\147\076\076\201
+\203\340\126\251\120\037\037\172\231\253\143\277\204\027\167\361
+\015\073\337\367\234\141\263\065\230\212\072\262\354\074\032\067
+\077\176\217\222\317\331\022\024\144\332\020\002\025\101\377\117
+\304\353\034\243\311\372\231\367\106\351\341\030\331\261\270\062
+\055\313\024\014\120\330\203\145\203\356\271\134\317\313\005\132
+\114\372\031\227\153\326\135\023\323\302\134\124\274\062\163\240
+\170\365\361\155\036\313\237\245\246\237\042\334\321\121\236\202
+\171\144\140\051\023\076\243\375\117\162\152\253\342\324\345\270
+\044\125\054\104\113\212\210\104\234\312\204\323\052\073\002\003
+\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004
+\026\004\024\202\041\055\146\306\327\240\340\025\353\316\114\011
+\167\304\140\236\124\156\003\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\002\001\000\140\336\032\270\347
+\362\140\202\325\003\063\201\313\006\212\361\042\111\351\350\352
+\221\177\306\063\136\150\031\003\206\073\103\001\317\007\160\344
+\010\036\145\205\221\346\021\042\267\365\002\043\216\256\271\036
+\175\037\176\154\346\275\045\325\225\032\362\005\246\257\205\002
+\157\256\370\326\061\377\045\311\112\310\307\212\251\331\237\113
+\111\233\021\127\231\222\103\021\336\266\063\244\314\327\215\144
+\175\324\315\074\050\054\264\232\226\352\115\365\304\104\304\045
+\252\040\200\330\051\125\367\340\101\374\006\046\377\271\066\365
+\103\024\003\146\170\341\021\261\332\040\137\106\000\170\000\041
+\245\036\000\050\141\170\157\250\001\001\217\235\064\232\377\364
+\070\220\373\270\321\263\162\006\311\161\346\201\305\171\355\013
+\246\171\362\023\013\234\367\135\016\173\044\223\264\110\333\206
+\137\336\120\206\170\347\100\346\061\250\220\166\160\141\257\234
+\067\054\021\265\202\267\252\256\044\064\133\162\014\151\015\315
+\131\237\366\161\257\234\013\321\012\070\371\006\042\203\123\045
+\014\374\121\304\346\276\342\071\225\013\044\255\257\321\225\344
+\226\327\164\144\153\161\116\002\074\252\205\363\040\243\103\071
+\166\133\154\120\376\232\234\024\036\145\024\212\025\275\243\202
+\105\132\111\126\152\322\234\261\143\062\345\141\340\123\042\016
+\247\012\111\352\313\176\037\250\342\142\200\366\020\105\122\230
+\006\030\336\245\315\057\177\252\324\351\076\010\162\354\043\003
+\002\074\246\252\330\274\147\164\075\024\027\373\124\113\027\343
+\323\171\075\155\153\111\311\050\016\056\164\120\277\014\331\106
+\072\020\206\311\247\077\351\240\354\177\353\245\167\130\151\161
+\346\203\012\067\362\206\111\152\276\171\010\220\366\002\026\144
+\076\345\332\114\176\014\064\311\371\137\266\263\050\121\247\247
+\053\252\111\372\215\145\051\116\343\153\023\247\224\243\055\121
+\155\170\014\104\313\337\336\010\157\316\243\144\253\323\225\204
+\324\271\122\124\162\173\226\045\314\274\151\343\110\156\015\320
+\307\235\047\232\252\370\023\222\335\036\337\143\237\065\251\026
+\066\354\214\270\203\364\075\211\217\315\264\027\136\327\263\027
+\101\020\135\047\163\140\205\127\111\042\007
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "certSIGN Root CA G2"
+# Issuer: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO
+# Serial Number:11:00:34:b6:4e:c6:36:2d:36
+# Subject: OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO
+# Not Valid Before: Mon Feb 06 09:27:35 2017
+# Not Valid After : Thu Feb 06 09:27:35 2042
+# Fingerprint (SHA-256): 65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05
+# Fingerprint (SHA1): 26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "certSIGN Root CA G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\046\371\223\264\355\075\050\047\260\271\113\247\351\025\035\243
+\215\222\345\062
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\214\361\165\212\306\031\317\224\267\367\145\040\207\303\227\307
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\101\061\013\060\011\006\003\125\004\006\023\002\122\117\061
+\024\060\022\006\003\125\004\012\023\013\103\105\122\124\123\111
+\107\116\040\123\101\061\034\060\032\006\003\125\004\013\023\023
+\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103\101
+\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\021\000\064\266\116\306\066\055\066
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff --git a/certdata2pem.py b/certdata2pem.py
new file mode 100644
index 0000000..a52ce9c
--- /dev/null
+++ b/certdata2pem.py
@@ -0,0 +1,413 @@
+#!/usr/bin/python
+# vim:set et sw=4:
+#
+# certdata2pem.py - splits certdata.txt into multiple files
+#
+# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
+# Copyright (C) 2013 Kai Engert <kaie@redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
+# USA.
+
+import base64
+import os.path
+import re
+import sys
+import textwrap
+import urllib.request, urllib.parse, urllib.error
+import subprocess
+
+objects = []
+
+def printable_serial(obj):
+ return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']])
+
+# Dirty file parser.
+in_data, in_multiline, in_obj = False, False, False
+field, ftype, value, binval, obj = None, None, None, bytearray(), dict()
+for line in open('certdata.txt', 'r'):
+ # Ignore the file header.
+ if not in_data:
+ if line.startswith('BEGINDATA'):
+ in_data = True
+ continue
+ # Ignore comment lines.
+ if line.startswith('#'):
+ continue
+ # Empty lines are significant if we are inside an object.
+ if in_obj and len(line.strip()) == 0:
+ objects.append(obj)
+ obj = dict()
+ in_obj = False
+ continue
+ if len(line.strip()) == 0:
+ continue
+ if in_multiline:
+ if not line.startswith('END'):
+ if ftype == 'MULTILINE_OCTAL':
+ line = line.strip()
+ for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
+ integ = int(i.group(1), 8)
+ binval.extend((integ).to_bytes(1, sys.byteorder))
+ obj[field] = binval
+ else:
+ value += line
+ obj[field] = value
+ continue
+ in_multiline = False
+ continue
+ if line.startswith('CKA_CLASS'):
+ in_obj = True
+ line_parts = line.strip().split(' ', 2)
+ if len(line_parts) > 2:
+ field, ftype = line_parts[0:2]
+ value = ' '.join(line_parts[2:])
+ elif len(line_parts) == 2:
+ field, ftype = line_parts
+ value = None
+ else:
+ raise NotImplementedError('line_parts < 2 not supported.\n' + line)
+ if ftype == 'MULTILINE_OCTAL':
+ in_multiline = True
+ value = ""
+ binval = bytearray()
+ continue
+ obj[field] = value
+if len(list(obj.items())) > 0:
+ objects.append(obj)
+
+# Build up trust database.
+trustmap = dict()
+for obj in objects:
+ if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
+ continue
+ key = obj['CKA_LABEL'] + printable_serial(obj)
+ trustmap[key] = obj
+ print(" added trust", key)
+
+# Build up cert database.
+certmap = dict()
+for obj in objects:
+ if obj['CKA_CLASS'] != 'CKO_CERTIFICATE':
+ continue
+ key = obj['CKA_LABEL'] + printable_serial(obj)
+ certmap[key] = obj
+ print(" added cert", key)
+
+def obj_to_filename(obj):
+ label = obj['CKA_LABEL'][1:-1]
+ label = label.replace('/', '_')\
+ .replace(' ', '_')\
+ .replace('(', '=')\
+ .replace(')', '=')\
+ .replace(',', '_')
+ labelbytes = bytearray()
+ i = 0
+ imax = len(label)
+ while i < imax:
+ if i < imax-3 and label[i] == '\\' and label[i+1] == 'x':
+ labelbytes.extend(bytes.fromhex(label[i+2:i+4]))
+ i += 4
+ continue
+ labelbytes.extend(str.encode(label[i]))
+ i = i+1
+ continue
+ label = labelbytes.decode('utf-8')
+ serial = printable_serial(obj)
+ return label + ":" + serial
+
+def write_cert_ext_to_file(f, oid, value, public_key):
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL'])
+ f.write("\n")
+ f.write("class: x-certificate-extension\n");
+ f.write("object-id: " + oid + "\n")
+ f.write("value: \"" + value + "\"\n")
+ f.write("modifiable: false\n");
+ f.write(public_key)
+
+trust_types = {
+ "CKA_TRUST_DIGITAL_SIGNATURE": "digital-signature",
+ "CKA_TRUST_NON_REPUDIATION": "non-repudiation",
+ "CKA_TRUST_KEY_ENCIPHERMENT": "key-encipherment",
+ "CKA_TRUST_DATA_ENCIPHERMENT": "data-encipherment",
+ "CKA_TRUST_KEY_AGREEMENT": "key-agreement",
+ "CKA_TRUST_KEY_CERT_SIGN": "cert-sign",
+ "CKA_TRUST_CRL_SIGN": "crl-sign",
+ "CKA_TRUST_SERVER_AUTH": "server-auth",
+ "CKA_TRUST_CLIENT_AUTH": "client-auth",
+ "CKA_TRUST_CODE_SIGNING": "code-signing",
+ "CKA_TRUST_EMAIL_PROTECTION": "email-protection",
+ "CKA_TRUST_IPSEC_END_SYSTEM": "ipsec-end-system",
+ "CKA_TRUST_IPSEC_TUNNEL": "ipsec-tunnel",
+ "CKA_TRUST_IPSEC_USER": "ipsec-user",
+ "CKA_TRUST_TIME_STAMPING": "time-stamping",
+ "CKA_TRUST_STEP_UP_APPROVED": "step-up-approved",
+}
+
+legacy_trust_types = {
+ "LEGACY_CKA_TRUST_SERVER_AUTH": "server-auth",
+ "LEGACY_CKA_TRUST_CODE_SIGNING": "code-signing",
+ "LEGACY_CKA_TRUST_EMAIL_PROTECTION": "email-protection",
+}
+
+legacy_to_real_trust_types = {
+ "LEGACY_CKA_TRUST_SERVER_AUTH": "CKA_TRUST_SERVER_AUTH",
+ "LEGACY_CKA_TRUST_CODE_SIGNING": "CKA_TRUST_CODE_SIGNING",
+ "LEGACY_CKA_TRUST_EMAIL_PROTECTION": "CKA_TRUST_EMAIL_PROTECTION",
+}
+
+openssl_trust = {
+ "CKA_TRUST_SERVER_AUTH": "serverAuth",
+ "CKA_TRUST_CLIENT_AUTH": "clientAuth",
+ "CKA_TRUST_CODE_SIGNING": "codeSigning",
+ "CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
+}
+
+cert_distrust_types = {
+ "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
+ "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
+}
+
+for tobj in objects:
+ if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
+ key = tobj['CKA_LABEL'] + printable_serial(tobj)
+ print("producing trust for " + key)
+ trustbits = []
+ distrustbits = []
+ openssl_trustflags = []
+ openssl_distrustflags = []
+ legacy_trustbits = []
+ legacy_openssl_trustflags = []
+ for t in list(trust_types.keys()):
+ if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ trustbits.append(t)
+ if t in openssl_trust:
+ openssl_trustflags.append(openssl_trust[t])
+ if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
+ distrustbits.append(t)
+ if t in openssl_trust:
+ openssl_distrustflags.append(openssl_trust[t])
+
+ for t in list(legacy_trust_types.keys()):
+ if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ real_t = legacy_to_real_trust_types[t]
+ legacy_trustbits.append(real_t)
+ if real_t in openssl_trust:
+ legacy_openssl_trustflags.append(openssl_trust[real_t])
+ if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
+ raise NotImplementedError('legacy distrust not supported.\n' + line)
+
+ fname = obj_to_filename(tobj)
+ try:
+ obj = certmap[key]
+ except:
+ obj = None
+
+ # optional debug code, that dumps the parsed input to files
+ #fulldump = "dump-" + fname
+ #dumpf = open(fulldump, 'w')
+ #dumpf.write(str(obj));
+ #dumpf.write(str(tobj));
+ #dumpf.close();
+
+ is_legacy = 0
+ if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj:
+ is_legacy = 1
+ if obj == None:
+ raise NotImplementedError('found legacy trust without certificate.\n' + line)
+
+ legacy_fname = "legacy-default/" + fname + ".crt"
+ f = open(legacy_fname, 'w')
+ f.write("# alias=%s\n"%tobj['CKA_LABEL'])
+ f.write("# trust=" + " ".join(legacy_trustbits) + "\n")
+ if legacy_openssl_trustflags:
+ f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
+ f.write("-----BEGIN CERTIFICATE-----\n")
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ f.write("\n".join(temp_wrapped))
+ f.write("\n-----END CERTIFICATE-----\n")
+ f.close()
+
+ if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj:
+ legacy_fname = "legacy-disable/" + fname + ".crt"
+ f = open(legacy_fname, 'w')
+ f.write("# alias=%s\n"%tobj['CKA_LABEL'])
+ f.write("# trust=" + " ".join(trustbits) + "\n")
+ if openssl_trustflags:
+ f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
+ f.write("-----BEGIN CERTIFICATE-----\n")
+ f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+ f.write("\n-----END CERTIFICATE-----\n")
+ f.close()
+
+ # don't produce p11-kit output for legacy certificates
+ continue
+
+ pk = ''
+ cert_comment = ''
+ if obj != None:
+ # must extract the public key from the cert, let's use openssl
+ cert_fname = "cert-" + fname
+ fc = open(cert_fname, 'w')
+ fc.write("-----BEGIN CERTIFICATE-----\n")
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ fc.write("\n".join(temp_wrapped))
+ fc.write("\n-----END CERTIFICATE-----\n")
+ fc.close();
+ pk_fname = "pubkey-" + fname
+ fpkout = open(pk_fname, "w")
+ dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"]
+ subprocess.call(dump_pk_command, stdout=fpkout)
+ fpkout.close()
+ with open (pk_fname, "r") as myfile:
+ pk=myfile.read()
+ # obtain certificate information suitable as a comment
+ comment_fname = "comment-" + fname
+ fcout = open(comment_fname, "w")
+ comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"]
+ subprocess.call(comment_command, stdout=fcout)
+ fcout.close()
+ sed_command = ["sed", "--in-place", "s/^/#/", comment_fname]
+ subprocess.call(sed_command)
+ with open (comment_fname, "r", errors = 'replace') as myfile:
+ cert_comment=myfile.read()
+
+ fname += ".tmp-p11-kit"
+ f = open(fname, 'w')
+
+ if obj != None:
+ is_distrusted = False
+ has_server_trust = False
+ has_email_trust = False
+ has_code_trust = False
+
+ if 'CKA_TRUST_SERVER_AUTH' in tobj:
+ if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_server_trust = True
+
+ if 'CKA_TRUST_EMAIL_PROTECTION' in tobj:
+ if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_email_trust = True
+
+ if 'CKA_TRUST_CODE_SIGNING' in tobj:
+ if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED':
+ is_distrusted = True
+ elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
+ has_code_trust = True
+
+ if is_distrusted:
+ trust_ext_oid = "1.3.6.1.4.1.3319.6.10.1"
+ trust_ext_value = "0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
+
+ trust_ext_oid = "2.5.29.37"
+ if has_server_trust:
+ if has_email_trust:
+ if has_code_trust:
+ # server + email + code
+ trust_ext_value = "0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # server + email
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01"
+ else:
+ if has_code_trust:
+ # server + code
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # server
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01"
+ else:
+ if has_email_trust:
+ if has_code_trust:
+ # email + code
+ trust_ext_value = "0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # email
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04"
+ else:
+ if has_code_trust:
+ # code
+ trust_ext_value = "0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03"
+ else:
+ # none
+ trust_ext_value = "0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10"
+
+ # no 2.5.29.37 for neutral certificates
+ if (is_distrusted or has_server_trust or has_email_trust or has_code_trust):
+ write_cert_ext_to_file(f, trust_ext_oid, trust_ext_value, pk)
+
+ pk = ''
+ f.write("\n")
+
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL'])
+ f.write("\n")
+ if is_distrusted:
+ f.write("x-distrusted: true\n")
+ elif has_server_trust or has_email_trust or has_code_trust:
+ f.write("trusted: true\n")
+ else:
+ f.write("trusted: false\n")
+
+ # requires p11-kit >= 0.23.4
+ f.write("nss-mozilla-ca-policy: true\n")
+ f.write("modifiable: false\n");
+
+ # requires p11-kit >= 0.23.19
+ for t in list(cert_distrust_types.keys()):
+ if t in obj:
+ value = obj[t]
+ if value == 'CK_FALSE':
+ value = bytearray(1)
+ f.write(cert_distrust_types[t] + ": \"")
+ f.write(urllib.parse.quote(value));
+ f.write("\"\n")
+
+ f.write("-----BEGIN CERTIFICATE-----\n")
+ temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
+ temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
+ f.write("\n".join(temp_wrapped))
+ f.write("\n-----END CERTIFICATE-----\n")
+ f.write(cert_comment)
+ f.write("\n")
+
+ else:
+ f.write("[p11-kit-object-v1]\n")
+ f.write("label: ");
+ f.write(tobj['CKA_LABEL']);
+ f.write("\n")
+ f.write("class: certificate\n")
+ f.write("certificate-type: x-509\n")
+ f.write("modifiable: false\n");
+ f.write("issuer: \"");
+ f.write(urllib.parse.quote(tobj['CKA_ISSUER']));
+ f.write("\"\n")
+ f.write("serial-number: \"");
+ f.write(urllib.parse.quote(tobj['CKA_SERIAL_NUMBER']));
+ f.write("\"\n")
+ if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'):
+ f.write("x-distrusted: true\n")
+ f.write("\n\n")
+ f.close()
+ print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags))
diff --git a/generate-cacerts-fix-entrustsslca.patch b/generate-cacerts-fix-entrustsslca.patch
deleted file mode 100644
index e6fa1a2..0000000
--- a/generate-cacerts-fix-entrustsslca.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- generate-cacerts.pl 2008-07-05 09:11:11.000000000 +0300
-+++ generate-cacerts.pl.1 2008-07-05 19:59:02.000000000 +0300
-@@ -116,7 +116,7 @@
- {
- $cert_alias = "entrust2048ca";
- }
-- elsif ($cert =~ /www.entrust.net\/CPS /)
-+ elsif ($cert =~ /www.entrust.net\/CPS is incorp\. by/)
- {
- $cert_alias = "entrustsslca";
- }
-@@ -285,7 +285,6 @@
- /A6:0F:34:C8:62:6C:81:F6:8B:F7:7D:A9:F6:67:58:8A:90:3F:7D:36/)
- {
- $write_current_cert = 0;
-- $pem_file_count--;
- }
- elsif ($cert eq "-----BEGIN CERTIFICATE-----\n")
- {
diff --git a/generate-cacerts-mandriva.patch b/generate-cacerts-mandriva.patch
deleted file mode 100644
index 89fe70c..0000000
--- a/generate-cacerts-mandriva.patch
+++ /dev/null
@@ -1,65 +0,0 @@
---- generate-cacerts.pl 2008-07-05 19:59:02.000000000 +0300
-+++ generate-cacerts.pl.2 2008-07-05 20:06:42.000000000 +0300
-@@ -76,16 +76,14 @@
- {
- $cert_alias = "verisignclass2g3ca";
- }
-- elsif ($cert =~ /Class 3 Public Primary Certification Authority$/)
-- {
-- $cert_alias = "verisignclass3ca";
-- }
-+ # "Class 3 Public Primary Certification Authority" is duplicated,
-+ # so using serial number to match it.
-+
- # Version 1 of Class 3 Public Primary Certification Authority
- # - G2 is added. Version 3 is excluded. See below.
-- elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2/)
-- {
-- $cert_alias = "verisignclass3g2ca";
-- }
-+
-+ # "Class 3 Public Primary Certification Authority - G2" is duplicated,
-+ # so using serial number to match it.
- elsif ($cert =~
- /VeriSign Class 3 Public Primary Certification Authority - G3/)
- {
-@@ -234,6 +232,14 @@
- # trustcenterclass2caii
- # trustcenterclass4caii
- # trustcenteruniversalcai
-+ elsif ($cert_alias eq "VERISIGNCLASS3CA")
-+ {
-+ $cert_alias = "verisignclass3ca";
-+ }
-+ elsif ($cert_alias eq "VERISIGNCLASS3G2CA")
-+ {
-+ $cert_alias = "verisignclass3g2ca";
-+ }
- else
- {
- # Generate an alias using the OU and CN attributes of the
-@@ -264,6 +270,14 @@
- $cert_alias = "extra-$_";
- }
- }
-+ elsif ($cert =~ /70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf/)
-+ {
-+ $cert_alias = "VERISIGNCLASS3CA";
-+ }
-+ elsif ($cert =~ /7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6/)
-+ {
-+ $cert_alias = "VERISIGNCLASS3G2CA";
-+ }
- # When it attempts to parse:
- #
- # Class 3 Public Primary Certification Authority - G2, Version 3
-@@ -308,7 +322,8 @@
- print PEM $cert;
- close(PEM);
- }
-- $write_current_cert = 1
-+ $write_current_cert = 1;
-+ $cert_alias .= "-alt";
- }
- else
- {
diff --git a/generate-cacerts-rename-duplicates.patch b/generate-cacerts-rename-duplicates.patch
deleted file mode 100644
index fce32fa..0000000
--- a/generate-cacerts-rename-duplicates.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- generate-cacerts.pl.2 2009-03-23 18:01:32.000000000 +0100
-+++ generate-cacerts.pl 2009-03-23 18:23:14.000000000 +0100
-@@ -310,6 +310,7 @@
- if ($write_current_cert == 1)
- {
- $pem_file_count++;
-+ $cert_alias .= "-alt" while -e "$cert_alias.pem";
- open(PEM, ">$cert_alias.pem");
- print PEM $cert;
- }
diff --git a/generate-cacerts.pl b/generate-cacerts.pl
deleted file mode 100644
index c89cce1..0000000
--- a/generate-cacerts.pl
+++ /dev/null
@@ -1,348 +0,0 @@
-#!/usr/bin/perl
-
-# Copyright (C) 2007, 2008 Red Hat, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# generate-cacerts.pl generates a JKS keystore named 'cacerts' from
-# OpenSSL's certificate bundle using OpenJDK's keytool.
-
-# First extract each of OpenSSL's bundled certificates into its own
-# aliased filename.
-$file = $ARGV[1];
-open(CERTS, $file);
-@certs = <CERTS>;
-close(CERTS);
-
-$pem_file_count = 0;
-$in_cert_block = 0;
-$write_current_cert = 1;
-foreach $cert (@certs)
-{
- if ($cert =~ /Issuer: /)
- {
- $_ = $cert;
- if ($cert =~ /personal-freemail/)
- {
- $cert_alias = "thawtepersonalfreemailca";
- }
- elsif ($cert =~ /personal-basic/)
- {
- $cert_alias = "thawtepersonalbasicca";
- }
- elsif ($cert =~ /personal-premium/)
- {
- $cert_alias = "thawtepersonalpremiumca";
- }
- elsif ($cert =~ /server-certs/)
- {
- $cert_alias = "thawteserverca";
- }
- elsif ($cert =~ /premium-server/)
- {
- $cert_alias = "thawtepremiumserverca";
- }
- elsif ($cert =~ /Class 1 Public Primary Certification Authority$/)
- {
- $cert_alias = "verisignclass1ca";
- }
- elsif ($cert =~ /Class 1 Public Primary Certification Authority - G2/)
- {
- $cert_alias = "verisignclass1g2ca";
- }
- elsif ($cert =~
- /VeriSign Class 1 Public Primary Certification Authority - G3/)
- {
- $cert_alias = "verisignclass1g3ca";
- }
- elsif ($cert =~ /Class 2 Public Primary Certification Authority$/)
- {
- $cert_alias = "verisignclass2ca";
- }
- elsif ($cert =~ /Class 2 Public Primary Certification Authority - G2/)
- {
- $cert_alias = "verisignclass2g2ca";
- }
- elsif ($cert =~
- /VeriSign Class 2 Public Primary Certification Authority - G3/)
- {
- $cert_alias = "verisignclass2g3ca";
- }
- elsif ($cert =~ /Class 3 Public Primary Certification Authority$/)
- {
- $cert_alias = "verisignclass3ca";
- }
- # Version 1 of Class 3 Public Primary Certification Authority
- # - G2 is added. Version 3 is excluded. See below.
- elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2/)
- {
- $cert_alias = "verisignclass3g2ca";
- }
- elsif ($cert =~
- /VeriSign Class 3 Public Primary Certification Authority - G3/)
- {
- $cert_alias = "verisignclass3g3ca";
- }
- elsif ($cert =~
- /RSA Data Security.*Secure Server Certification Authority/)
- {
- $cert_alias = "verisignserverca";
- }
- elsif ($cert =~ /GTE CyberTrust Global Root/)
- {
- $cert_alias = "gtecybertrustglobalca";
- }
- elsif ($cert =~ /Baltimore CyberTrust Root/)
- {
- $cert_alias = "baltimorecybertrustca";
- }
- elsif ($cert =~ /www.entrust.net\/Client_CA_Info\/CPS/)
- {
- $cert_alias = "entrustclientca";
- }
- elsif ($cert =~ /www.entrust.net\/GCCA_CPS/)
- {
- $cert_alias = "entrustglobalclientca";
- }
- elsif ($cert =~ /www.entrust.net\/CPS_2048/)
- {
- $cert_alias = "entrust2048ca";
- }
- elsif ($cert =~ /www.entrust.net\/CPS /)
- {
- $cert_alias = "entrustsslca";
- }
- elsif ($cert =~ /www.entrust.net\/SSL_CPS/)
- {
- $cert_alias = "entrustgsslca";
- }
- elsif ($cert =~ /The Go Daddy Group/)
- {
- $cert_alias = "godaddyclass2ca";
- }
- elsif ($cert =~ /Starfield Class 2 Certification Authority/)
- {
- $cert_alias = "starfieldclass2ca";
- }
- elsif ($cert =~ /ValiCert Class 2 Policy Validation Authority/)
- {
- $cert_alias = "valicertclass2ca";
- }
- elsif ($cert =~ /GeoTrust Global CA$/)
- {
- $cert_alias = "geotrustglobalca";
- }
- elsif ($cert =~ /Equifax Secure Certificate Authority/)
- {
- $cert_alias = "equifaxsecureca";
- }
- elsif ($cert =~ /Equifax Secure eBusiness CA-1/)
- {
- $cert_alias = "equifaxsecureebusinessca1";
- }
- elsif ($cert =~ /Equifax Secure eBusiness CA-2/)
- {
- $cert_alias = "equifaxsecureebusinessca2";
- }
- elsif ($cert =~ /Equifax Secure Global eBusiness CA-1/)
- {
- $cert_alias = "equifaxsecureglobalebusinessca1";
- }
- elsif ($cert =~ /Sonera Class1 CA/)
- {
- $cert_alias = "soneraclass1ca";
- }
- elsif ($cert =~ /Sonera Class2 CA/)
- {
- $cert_alias = "soneraclass2ca";
- }
- elsif ($cert =~ /AAA Certificate Services/)
- {
- $cert_alias = "comodoaaaca";
- }
- elsif ($cert =~ /AddTrust Class 1 CA Root/)
- {
- $cert_alias = "addtrustclass1ca";
- }
- elsif ($cert =~ /AddTrust External CA Root/)
- {
- $cert_alias = "addtrustexternalca";
- }
- elsif ($cert =~ /AddTrust Qualified CA Root/)
- {
- $cert_alias = "addtrustqualifiedca";
- }
- elsif ($cert =~ /UTN-USERFirst-Hardware/)
- {
- $cert_alias = "utnuserfirsthardwareca";
- }
- elsif ($cert =~ /UTN-USERFirst-Client Authentication and Email/)
- {
- $cert_alias = "utnuserfirstclientauthemailca";
- }
- elsif ($cert =~ /UTN - DATACorp SGC/)
- {
- $cert_alias = "utndatacorpsgcca";
- }
- elsif ($cert =~ /UTN-USERFirst-Object/)
- {
- $cert_alias = "utnuserfirstobjectca";
- }
- elsif ($cert =~ /America Online Root Certification Authority 1/)
- {
- $cert_alias = "aolrootca1";
- }
- elsif ($cert =~ /DigiCert Assured ID Root CA/)
- {
- $cert_alias = "digicertassuredidrootca";
- }
- elsif ($cert =~ /DigiCert Global Root CA/)
- {
- $cert_alias = "digicertglobalrootca";
- }
- elsif ($cert =~ /DigiCert High Assurance EV Root CA/)
- {
- $cert_alias = "digicerthighassuranceevrootca";
- }
- elsif ($cert =~ /GlobalSign Root CA$/)
- {
- $cert_alias = "globalsignca";
- }
- elsif ($cert =~ /GlobalSign Root CA - R2/)
- {
- $cert_alias = "globalsignr2ca";
- }
- elsif ($cert =~ /Elektronik.*Kas.*2005/)
- {
- $cert_alias = "extra-elektronikkas2005";
- }
- elsif ($cert =~ /Elektronik/)
- {
- $cert_alias = "extra-elektronik2005";
- }
- # Mozilla does not provide these certificates:
- # baltimorecodesigningca
- # gtecybertrust5ca
- # trustcenterclass2caii
- # trustcenterclass4caii
- # trustcenteruniversalcai
- else
- {
- # Generate an alias using the OU and CN attributes of the
- # Issuer field if both are present, otherwise use only the
- # CN attribute. The Issuer field must have either the OU
- # or the CN attribute.
- $_ = $cert;
- if ($cert =~ /OU=/)
- {
- s/Issuer:.*?OU=//;
- # Remove other occurrences of OU=.
- s/OU=.*CN=//;
- # Remove CN= if there were not other occurrences of OU=.
- s/CN=//;
- s/\/emailAddress.*//;
- s/Certificate Authority/ca/g;
- s/Certification Authority/ca/g;
- }
- elsif ($cert =~ /CN=/)
- {
- s/Issuer:.*CN=//;
- s/\/emailAddress.*//;
- s/Certificate Authority/ca/g;
- s/Certification Authority/ca/g;
- }
- s/\W//g;
- tr/A-Z/a-z/;
- $cert_alias = "extra-$_";
- }
- }
- # When it attempts to parse:
- #
- # Class 3 Public Primary Certification Authority - G2, Version 3
- #
- # keytool says:
- #
- # #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
- # Unparseable AuthorityInfoAccess extension due to
- # java.io.IOException: Invalid encoding of URI
- #
- # If we do not exclude this file
- # openjdk/jdk/test/lib/security/cacerts/VerifyCACerts.java fails
- # on this cert, printing:
- #
- # Couldn't verify: java.security.SignatureException: Signature
- # does not match.
- #
- elsif ($cert =~
- /A6:0F:34:C8:62:6C:81:F6:8B:F7:7D:A9:F6:67:58:8A:90:3F:7D:36/)
- {
- $write_current_cert = 0;
- $pem_file_count--;
- }
- elsif ($cert eq "-----BEGIN CERTIFICATE-----\n")
- {
- if ($in_cert_block != 0)
- {
- die "$file is malformed.";
- }
- $in_cert_block = 1;
- if ($write_current_cert == 1)
- {
- $pem_file_count++;
- open(PEM, ">$cert_alias.pem");
- print PEM $cert;
- }
- }
- elsif ($cert eq "-----END CERTIFICATE-----\n")
- {
- $in_cert_block = 0;
- if ($write_current_cert == 1)
- {
- print PEM $cert;
- close(PEM);
- }
- $write_current_cert = 1
- }
- else
- {
- if ($in_cert_block == 1 && $write_current_cert == 1)
- {
- print PEM $cert;
- }
- }
-}
-
-# Check that the correct number of .pem files were produced.
-@pem_files = <*.pem>;
-if (@pem_files != $pem_file_count)
-{
- print "$pem_file_count";
- die "Number of .pem files produced does not match".
- " number of certs read from $file.";
-}
-
-# Now store each cert in the 'cacerts' file using keytool.
-$certs_written_count = 0;
-foreach $pem_file (@pem_files)
-{
- system "/bin/echo yes | $ARGV[0] -import".
- " -alias `basename $pem_file .pem`".
- " -keystore cacerts -storepass 'changeit' -file $pem_file";
- unlink($pem_file);
- $certs_written_count++;
-}
-
-# Check that the correct number of certs were added to the keystore.
-if ($certs_written_count != $pem_file_count)
-{
- die "Number of certs added to keystore does not match".
- " number of certs read from $file.";
-}
diff --git a/nssckbi.h b/nssckbi.h
new file mode 100644
index 0000000..ace248f
--- /dev/null
+++ b/nssckbi.h
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCKBI_H
+#define NSSCKBI_H
+
+/*
+ * NSS BUILTINS Version numbers.
+ *
+ * These are the version numbers for the builtins module packaged with
+ * this release on NSS. To determine the version numbers of the builtin
+ * module you are using, use the appropriate PKCS #11 calls.
+ *
+ * These version numbers detail changes to the PKCS #11 interface. They map
+ * to the PKCS #11 spec versions.
+ */
+#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
+#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
+
+/* These version numbers detail the changes
+ * to the list of trusted certificates.
+ *
+ * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
+ * whenever we change the list of trusted certificates.
+ *
+ * Please use the following rules when increasing the version number:
+ *
+ * - starting with version 2.14, NSS_BUILTINS_LIBRARY_VERSION_MINOR
+ * must always be an EVEN number (e.g. 16, 18, 20 etc.)
+ *
+ * - whenever possible, if older branches require a modification to the
+ * list, these changes should be made on the main line of development (trunk),
+ * and the older branches should update to the most recent list.
+ *
+ * - ODD minor version numbers are reserved to indicate a snapshot that has
+ * deviated from the main line of development, e.g. if it was necessary
+ * to modify the list on a stable branch.
+ * Once the version has been changed to an odd number (e.g. 2.13) on a branch,
+ * it should remain unchanged on that branch, even if further changes are
+ * made on that branch.
+ *
+ * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
+ * whether we may use its full range (0-255) or only 0-99 because
+ * of the comment in the CK_VERSION type definition.
+ * It's recommend to switch back to 0 after having reached version 98/99.
+ */
+#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
+#define NSS_BUILTINS_LIBRARY_VERSION "2.42"
+
+/* These version numbers detail the semantic changes to the ckfw engine. */
+#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
+#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
+
+/* These version numbers detail the semantic changes to ckbi itself
+ * (new PKCS #11 objects), etc. */
+#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
+#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
+
+#endif /* NSSCKBI_H */
diff --git a/rootcerts-fix-mkcerts-to-work-with-new-openssl.patch b/rootcerts-fix-mkcerts-to-work-with-new-openssl.patch
deleted file mode 100644
index 95c3eb4..0000000
--- a/rootcerts-fix-mkcerts-to-work-with-new-openssl.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-diff -uNr rootcerts/mkcerts.pl rootcertsp/mkcerts.pl
---- rootcerts/mkcerts.pl 2001-04-07 23:30:26.000000000 +0200
-+++ rootcertsp/mkcerts.pl 2017-08-22 11:06:27.301556528 +0300
-@@ -67,7 +67,7 @@
- # Ok, now standardize the filename by grabbing the subject, and going
- # from there.
-
-- open (D, "openssl x509 -subject <$filename |") || die "$!\n";
-+ open (D, "openssl x509 -subject -nameopt compat <$filename |") || die "$!\n";
-
- $subject="";
-
-@@ -82,7 +82,7 @@
-
- my %var;
-
-- $subject =~ s/\/([a-zA-Z]*=)/\n$1/g;
-+ $subject =~ s/\s?([a-zA-Z]*=)/\n$1/g;
-
- grep { $var{$1}=$2 if /^([A-Z]*)=(.*)/; } split (/\n/, $subject);
-
-@@ -95,6 +95,7 @@
- # Put everything to lower case. Replace non-alnum with dashes. Collapse
- # multiple dashes.
-
-+ $n =~ s/,//g;
- $n =~ tr/[A-Z]/[a-z]/;
- $n =~ s/[^0-9a-z]/-/g;
- $n =~ s/--*/-/g;
diff --git a/rootcerts-igp-brasil.txt b/rootcerts-igp-brasil.txt
deleted file mode 100644
index eb06b79..0000000
--- a/rootcerts-igp-brasil.txt
+++ /dev/null
@@ -1,153 +0,0 @@
-#
-# Certificate "ICP-Brasil"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "ICP-Brasil"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\264\061\013\060\011\006\003\125\004\006\023\002\102\122
-\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102
-\162\141\163\151\154\061\075\060\073\006\003\125\004\013\023\064
-\111\156\163\164\151\164\165\164\157\040\116\141\143\151\157\156
-\141\154\040\144\145\040\124\145\143\156\157\154\157\147\151\141
-\040\144\141\040\111\156\146\157\162\155\141\143\141\157\040\055
-\040\111\124\111\061\021\060\017\006\003\125\004\007\023\010\102
-\162\141\163\151\154\151\141\061\013\060\011\006\003\125\004\010
-\023\002\104\106\061\061\060\057\006\003\125\004\003\023\050\101
-\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151\146
-\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162\141
-\163\151\154\145\151\162\141
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\264\061\013\060\011\006\003\125\004\006\023\002\102\122
-\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102
-\162\141\163\151\154\061\075\060\073\006\003\125\004\013\023\064
-\111\156\163\164\151\164\165\164\157\040\116\141\143\151\157\156
-\141\154\040\144\145\040\124\145\143\156\157\154\157\147\151\141
-\040\144\141\040\111\156\146\157\162\155\141\143\141\157\040\055
-\040\111\124\111\061\021\060\017\006\003\125\004\007\023\010\102
-\162\141\163\151\154\151\141\061\013\060\011\006\003\125\004\010
-\023\002\104\106\061\061\060\057\006\003\125\004\003\023\050\101
-\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151\146
-\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162\141
-\163\151\154\145\151\162\141
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\004
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\270\060\202\003\240\240\003\002\001\002\002\001\004
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\264\061\013\060\011\006\003\125\004\006\023\002\102\122\061
-\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102\162
-\141\163\151\154\061\075\060\073\006\003\125\004\013\023\064\111
-\156\163\164\151\164\165\164\157\040\116\141\143\151\157\156\141
-\154\040\144\145\040\124\145\143\156\157\154\157\147\151\141\040
-\144\141\040\111\156\146\157\162\155\141\143\141\157\040\055\040
-\111\124\111\061\021\060\017\006\003\125\004\007\023\010\102\162
-\141\163\151\154\151\141\061\013\060\011\006\003\125\004\010\023
-\002\104\106\061\061\060\057\006\003\125\004\003\023\050\101\165
-\164\157\162\151\144\141\144\145\040\103\145\162\164\151\146\151
-\143\141\144\157\162\141\040\122\141\151\172\040\102\162\141\163
-\151\154\145\151\162\141\060\036\027\015\060\061\061\061\063\060
-\061\062\065\070\060\060\132\027\015\061\061\061\061\063\060\062
-\063\065\071\060\060\132\060\201\264\061\013\060\011\006\003\125
-\004\006\023\002\102\122\061\023\060\021\006\003\125\004\012\023
-\012\111\103\120\055\102\162\141\163\151\154\061\075\060\073\006
-\003\125\004\013\023\064\111\156\163\164\151\164\165\164\157\040
-\116\141\143\151\157\156\141\154\040\144\145\040\124\145\143\156
-\157\154\157\147\151\141\040\144\141\040\111\156\146\157\162\155
-\141\143\141\157\040\055\040\111\124\111\061\021\060\017\006\003
-\125\004\007\023\010\102\162\141\163\151\154\151\141\061\013\060
-\011\006\003\125\004\010\023\002\104\106\061\061\060\057\006\003
-\125\004\003\023\050\101\165\164\157\162\151\144\141\144\145\040
-\103\145\162\164\151\146\151\143\141\144\157\162\141\040\122\141
-\151\172\040\102\162\141\163\151\154\145\151\162\141\060\202\001
-\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
-\003\202\001\017\000\060\202\001\012\002\202\001\001\000\300\363
-\056\167\005\377\206\371\276\122\035\233\376\124\000\160\165\100
-\212\306\246\150\271\026\166\114\017\367\364\277\264\342\210\201
-\032\313\350\354\276\144\201\245\071\107\135\352\346\055\223\323
-\032\377\172\124\246\007\037\064\010\364\275\211\271\202\314\243
-\102\217\136\232\307\076\307\251\270\125\154\044\366\052\214\145
-\040\212\344\104\044\002\257\324\267\211\373\052\342\304\327\350
-\035\176\334\035\042\014\137\122\303\355\340\054\215\255\216\164
-\101\136\173\050\315\224\117\314\171\256\271\263\022\072\373\114
-\200\206\245\045\000\227\150\025\251\356\261\152\050\276\156\146
-\021\325\012\346\131\240\122\000\156\175\056\271\053\216\266\055
-\155\030\105\156\205\003\173\120\312\373\244\374\263\222\372\223
-\307\074\242\112\133\036\226\275\275\343\063\264\065\102\366\303
-\311\353\103\026\136\036\232\235\122\250\325\107\013\161\265\021
-\310\107\215\275\231\336\125\022\200\001\116\250\273\007\143\016
-\374\045\261\242\262\164\122\260\171\335\023\241\016\073\156\145
-\012\201\311\276\301\135\336\115\031\067\351\103\247\117\002\003
-\001\000\001\243\201\322\060\201\317\060\116\006\003\125\035\040
-\004\107\060\105\060\103\006\005\140\114\001\001\000\060\072\060
-\070\006\010\053\006\001\005\005\007\002\001\026\054\150\164\164
-\160\072\057\057\141\143\162\141\151\172\056\151\143\160\142\162
-\141\163\151\154\056\147\157\166\056\142\162\057\104\120\103\141
-\143\162\141\151\172\056\160\144\146\060\075\006\003\125\035\037
-\004\066\060\064\060\062\240\060\240\056\206\054\150\164\164\160
-\072\057\057\141\143\162\141\151\172\056\151\143\160\142\162\141
-\163\151\154\056\147\157\166\056\142\162\057\114\103\122\141\143
-\162\141\151\172\056\143\162\154\060\035\006\003\125\035\016\004
-\026\004\024\212\372\361\127\204\021\023\065\220\102\372\127\111
-\124\151\015\244\304\360\067\060\017\006\003\125\035\023\001\001
-\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001
-\001\377\004\004\003\002\001\006\060\015\006\011\052\206\110\206
-\367\015\001\001\005\005\000\003\202\001\001\000\031\003\227\065
-\123\370\140\042\036\216\162\002\300\176\042\140\025\152\157\230
-\066\126\252\125\167\323\366\307\026\230\374\210\032\033\045\051
-\271\270\072\155\355\070\253\142\035\124\305\355\337\101\241\245
-\142\062\136\373\334\335\372\054\317\105\260\152\134\365\120\003
-\176\004\135\314\044\342\252\126\271\375\141\036\270\226\175\332
-\361\360\007\052\112\252\372\012\344\005\301\052\373\344\132\054
-\113\071\160\014\000\332\357\111\223\357\006\143\002\144\041\235
-\234\166\304\236\260\175\151\123\365\124\037\113\377\311\141\342
-\034\354\133\236\330\223\113\167\115\024\071\043\014\152\042\277
-\267\277\136\234\243\107\020\015\237\272\221\367\274\110\240\177
-\221\041\341\265\100\067\225\150\206\264\346\350\306\071\337\036
-\327\101\226\153\324\301\073\153\236\145\024\111\322\171\075\056
-\232\123\200\215\035\246\001\273\322\063\225\371\241\046\115\256
-\147\255\167\074\223\217\147\345\010\317\002\013\263\013\151\275
-\044\221\331\340\104\211\124\004\141\305\327\364\271\236\143\333
-\053\357\100\343\253\035\337\172\052\053\311\374
-END
-
-# Trust for Certificate "ICP-Brasil"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "ICP-Brasil"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\216\375\312\274\223\346\036\222\135\115\035\355\030\032\103\040
-\244\147\241\071
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\226\211\175\141\321\125\053\047\342\132\071\264\052\154\104\157
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\264\061\013\060\011\006\003\125\004\006\023\002\102\122
-\061\023\060\021\006\003\125\004\012\023\012\111\103\120\055\102
-\162\141\163\151\154\061\075\060\073\006\003\125\004\013\023\064
-\111\156\163\164\151\164\165\164\157\040\116\141\143\151\157\156
-\141\154\040\144\145\040\124\145\143\156\157\154\157\147\151\141
-\040\144\141\040\111\156\146\157\162\155\141\143\141\157\040\055
-\040\111\124\111\061\021\060\017\006\003\125\004\007\023\010\102
-\162\141\163\151\154\151\141\061\013\060\011\006\003\125\004\010
-\023\002\104\106\061\061\060\057\006\003\125\004\003\023\050\101
-\165\164\157\162\151\144\141\144\145\040\103\145\162\164\151\146
-\151\143\141\144\157\162\141\040\122\141\151\172\040\102\162\141
-\163\151\154\145\151\162\141
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\004
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
diff --git a/rootcerts.spec b/rootcerts.spec
index 59dad30..165eba1 100644
--- a/rootcerts.spec
+++ b/rootcerts.spec
@@ -7,63 +7,66 @@
%bcond_without java
%endif
-Summary: Bundle of CA Root Certificates
-Name: rootcerts
+%define pkidir %{_sysconfdir}/pki
+%define catrustdir %{_sysconfdir}/pki/ca-trust
+%define classic_tls_bundle ca-bundle.crt
+%define openssl_format_trust_bundle ca-bundle.trust.crt
+%define p11_format_bundle ca-bundle.trust.p11-kit
+%define legacy_default_bundle ca-bundle.legacy.default.crt
+%define legacy_disable_bundle ca-bundle.legacy.disable.crt
+%define java_bundle java/cacerts
+
+Summary: Bundle of CA Root Certificates
+Name: rootcerts
# <mrl> Use this versioning style in order to be easily backportable.
# Note that the release is the last two digits on the version.
# All BuildRequires for rootcerts should be done this way:
# BuildRequires: rootcerts >= 0:20070402.00, for example
# - NEVER specifying the %%{release}
-Epoch: 1
-Version: 20191011.00
-Release: 1
-License: GPL
-Group: System/Servers
-URL: %{disturl}
-# S0 originates from http://switch.dl.sourceforge.net/sourceforge/courier/courier-0.52.1.tar.bz2
-Source0: rootcerts.tar.bz2
-# http://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt
-Source1: certdata.txt
-Source2: rootcerts-igp-brasil.txt
-# http://www.cacert.org/certs/root.der
-Source3: cacert.org.der
-# http://qa.mandriva.com/show_bug.cgi?id=29612
-# https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
-Source4: verisign-class-3-secure-server-ca.pem
-#http://www.cacert.org/certs/root.crt
-Source5: cacert.org.crt
-# Java JKS keystore generator:
-# http://cvs.fedora.redhat.com/viewcvs/devel/ca-certificates/generate-cacerts.pl
-Source6: generate-cacerts.pl
-# http://www.cacert.org/certs/class3.der
-Source7: cacert_class3.der
-# certificates from signet
-# http://www.signet.pl/repository/index.html
-Source8: http://www.signet.pl/repository/signetrootca/rootca_der.crt
-Source9: http://www.signet.pl/repository/publicca/publicxca_der.crt
-# certificates from https://letsencrypt.org
-Source10: https://letsencrypt.org/certs/isrgrootx1.der
-# Fix overwriting issue with generate-cacerts.pl
-Patch0: generate-cacerts-fix-entrustsslca.patch
-# Some hacks to make generate-cacerts.pl work with some of our certificates
-Patch1: generate-cacerts-mandriva.patch
-# Just rename identically named certificates that are not handled by mandriva.cpatch
-Patch2: generate-cacerts-rename-duplicates.patch
-%if %{mdvver} > 3000000
-Patch3: rootcerts-fix-mkcerts-to-work-with-new-openssl.patch
-Patch4: use-openssl-rehash-instead-of-c_rehash.patch
-%endif
-BuildRequires: perl
-BuildRequires: openssl
-BuildRequires: nss
-BuildRequires: automake
-BuildRequires: libtool
+Epoch: 1
+Version: 20200704.00
+Release: 1
+License: GPL
+Group: System/Servers
+URL: %{disturl}
+# For Source0, the NSS commit trunk version of this file is here:
+# https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
+# See https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt for new versions
+# The version tag for this package should come from the commit date of the version used from the NSS repository above
+# To choose which NSS commit version to use, we can check the certdata.txt file used in either...
+# the current Mozilla release:
+# https://hg.mozilla.org/releases/mozilla-release/log/default/security/nss/lib/ckfw/builtins/certdata.txt
+# or the Mozilla development commit trunk:
+# https://hg.mozilla.org/mozilla-central/log/default/security/nss/lib/ckfw/builtins/certdata.txt
+# Ideally, it should correspond to the version shipped in the NSS release we are using
+Source0: certdata.txt
+# Similarly, Source1 comes from:
+# https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
+# Check the log to see if it needs to be updated:
+# https://hg.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/nssckbi.h
+Source1: nssckbi.h
+Source2: update-ca-trust
+Source3: trust-fixes
+Source4: certdata2pem.py
+Source5: ca-legacy.conf
+Source6: ca-legacy
+Source9: ca-legacy.8.txt
+Source10: update-ca-trust.8.txt
+BuildRequires: python3
+BuildRequires: openssl
+BuildRequires: nss
+BuildRequires: automake
+BuildRequires: libtool
%if %{with java}
-BuildRequires: java-devel
-BuildRequires: javapackages-tools
+BuildRequires: java-devel
+BuildRequires: javapackages-tools
%endif
-BuildArch: noarch
-Provides: ca-certificates
+BuildRequires: docbook-xsl
+BuildRequires: asciidoc
+BuildRequires: xsltproc
+
+BuildArch: noarch
+Provides: ca-certificates
%description
This is a bundle of X.509 certificates of public Certificate
@@ -75,8 +78,8 @@ configure this file as the SSLCACertificateFile.
%if %{with java}
%package java
-Summary: Bundle of CA Root Certificates for Java
-Group: Development/Java
+Summary: Bundle of CA Root Certificates for Java
+Group: Development/Java
%description java
Bundle of X.509 certificates of public Certificate Authorities (CA)
@@ -84,80 +87,126 @@ in a format used by Java Runtime Environment.
%endif
%prep
-%setup -q -n rootcerts
-
-mkdir -p builtins
-cp %{SOURCE1} builtins/certdata.txt
-
-# extract the license
-head -4 builtins/certdata.txt > LICENSE
-
-# add additional CA's here, needs to have the mozilla format...
-cat %{SOURCE2} >> builtins/certdata.txt
-
-# CAcert
-cp %{SOURCE3} .
-cp %{SOURCE5} .
-cp %{SOURCE6} .
-cp %{SOURCE7} .
-cp %{SOURCE8} .
-cp %{SOURCE9} .
-cp %{SOURCE10} .
-
-%patch0 -p0
-%patch1 -p0
-%patch2 -p0
-%if %{mdvver} > 3000000
-%patch3 -p1
-%patch4 -p1
-%endif
+rm -rf %{name}
+mkdir -p %{name}/certs/legacy-default
+mkdir %{name}/certs/legacy-disable
+mkdir %{name}/java
%build
-rm -f configure
-libtoolize --copy --force; aclocal; autoconf; automake --foreign --add-missing --copy
-
-# CAcert
-# http://wiki.cacert.org/wiki/NSSLib
-addbuiltin -n "CAcert Inc." -t "CT,C,C" < cacert.org.der >> builtins/certdata.txt
-addbuiltin -n "CAcert Inc. Class 3" -t "CT,C,C" < cacert_class3.der >> builtins/certdata.txt
-
-# new verisign intermediate certificate
-# -t trust trust flags (cCTpPuw).
-openssl x509 -in %{SOURCE4} -inform PEM -outform DER | \
- addbuiltin -n "VeriSign Class 3 Secure Server CA" \
- -t "CT,C,C" >> builtins/certdata.txt
-
-perl mkcerts.pl > certs.sh
-
-%configure --with-certdb=%{_sysconfdir}/pki/tls/rootcerts
-
-%make_build
+pushd %{name}/certs
+ cp %{SOURCE0} certdata.txt
+ python3 %{SOURCE4} >c2p.log 2>c2p.err
+popd
+pushd %{name}
+ (
+ cat <<EOF
+# This is a bundle of X.509 certificates of public Certificate
+# Authorities. It was generated from the Mozilla root CA list.
+# These certificates and trust/distrust attributes use the file format accepted
+# by the p11-kit-trust module.
+#
+# Source: nss/lib/ckfw/builtins/certdata.txt
+# Source: nss/lib/ckfw/builtins/nssckbi.h
+#
+# Generated from:
+EOF
+ cat %{SOURCE1} |grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}';
+ echo '#';
+ ) > %{p11_format_bundle}
+
+ touch %{legacy_default_bundle}
+ NUM_LEGACY_DEFAULT=`find certs/legacy-default -type f | wc -l`
+ if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then
+ for f in certs/legacy-default/*.crt; do
+ echo "processing $f"
+ tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
+ alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
+ targs=""
+ if [ -n "$tbits" ]; then
+ for t in $tbits; do
+ targs="${targs} -addtrust $t"
+ done
+ fi
+ if [ -n "$targs" ]; then
+ echo "legacy default flags $targs for $f" >> info.trust
+ openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_default_bundle}
+ fi
+ done
+ fi
+
+ touch %{legacy_disable_bundle}
+ NUM_LEGACY_DISABLE=`find certs/legacy-disable -type f | wc -l`
+ if [ $NUM_LEGACY_DISABLE -ne 0 ]; then
+ for f in certs/legacy-disable/*.crt; do
+ echo "processing $f"
+ tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
+ alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
+ targs=""
+ if [ -n "$tbits" ]; then
+ for t in $tbits; do
+ targs="${targs} -addtrust $t"
+ done
+ fi
+ if [ -n "$targs" ]; then
+ echo "legacy disable flags $targs for $f" >> info.trust
+ openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_disable_bundle}
+ fi
+ done
+ fi
+
+ P11FILES=`find certs -name \*.tmp-p11-kit | wc -l`
+ if [ $P11FILES -ne 0 ]; then
+ for p in certs/*.tmp-p11-kit; do
+ cat "$p" >> %{p11_format_bundle}
+ done
+ fi
+ # Append our trust fixes
+ cat %{SOURCE3} >> %{p11_format_bundle}
+popd
+
+#manpage
+cp %{SOURCE10} %{name}/update-ca-trust.8.txt
+asciidoc.py -v -d manpage -b docbook %{name}/update-ca-trust.8.txt
+xsltproc --nonet -o %{name}/update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl %{name}/update-ca-trust.8.xml
+
+cp %{SOURCE9} %{name}/ca-legacy.8.txt
+asciidoc.py -v -d manpage -b docbook %{name}/ca-legacy.8.txt
+xsltproc --nonet -o %{name}/ca-legacy.8 /etc/asciidoc/docbook-xsl/manpage.xsl %{name}/ca-legacy.8.xml
-cat pem/*.pem > ca-bundle.crt
-cat %{SOURCE4} >> ca-bundle.crt
-
-%if %{with java}
-mkdir java
-cd java
-LC_ALL=C perl ../generate-cacerts.pl %{java_home}/bin/keytool ../ca-bundle.crt
-cd ..
-%endif
%install
-%make_install
-
+mkdir -p -m 755 %{buildroot}%{pkidir}/java
+mkdir -p -m 755 %{buildroot}%{catrustdir}/source
+mkdir -p -m 755 %{buildroot}%{catrustdir}/source/anchors
+mkdir -p -m 755 %{buildroot}%{catrustdir}/source/blacklist
+mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted
+mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/pem
+mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/openssl
+mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/java
+mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/edk2
+mkdir -p -m 755 %{buildroot}%{_mandir}/man8
+install -p -m 644 %{name}/update-ca-trust.8 %{buildroot}%{_mandir}/man8
+install -p -m 644 %{name}/ca-legacy.8 %{buildroot}%{_mandir}/man8
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
+install -d %{buildroot}%{_sysconfdir}/pki/tls/certs/source
install -d %{buildroot}%{_sysconfdir}/pki/tls/mozilla
install -d %{buildroot}%{_bindir}
+install -p -m 644 %{SOURCE5} %{buildroot}%{catrustdir}/ca-legacy.conf
+install -p -m 755 %{SOURCE2} %{buildroot}%{_bindir}/update-ca-trust
+install -p -m 755 %{SOURCE6} %{buildroot}%{_bindir}/ca-legacy
-install -m0644 ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/certs/
-ln -s certs/ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/cert.pem
+install -m0644 %{name}/certs/certdata.txt %{buildroot}%{_sysconfdir}/pki/tls/mozilla/
-install -m0644 builtins/certdata.txt %{buildroot}%{_sysconfdir}/pki/tls/mozilla/
+mkdir -p -m 755 %{buildroot}%{catrustdir}/source
+mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source
+install -p -m 644 %{name}/%{p11_format_bundle} %{buildroot}%{_datadir}/pki/ca-trust-source/%{p11_format_bundle}
-%if %{with java}
+mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-legacy
+install -p -m 644 %{name}/%{legacy_default_bundle} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle}
+install -p -m 644 %{name}/%{legacy_disable_bundle} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle}
+
+%if %with java
install -d %{buildroot}%{_sysconfdir}/pki/java
-install -m0644 java/cacerts %{buildroot}%{_sysconfdir}/pki/java/
%endif
cat > README << EOF
@@ -181,17 +230,72 @@ for d in certs private; do
ln -sf %{_sysconfdir}/pki/tls/$d %{buildroot}%{_sysconfdir}/ssl/
done
+
+# touch ghosted files that will be extracted dynamically
+# Set chmod 444 to use identical permission
+touch %{buildroot}%{catrustdir}/extracted/pem/tls-ca-bundle.pem
+chmod 444 %{buildroot}%{catrustdir}/extracted/pem/tls-ca-bundle.pem
+touch %{buildroot}%{catrustdir}/extracted/pem/email-ca-bundle.pem
+chmod 444 %{buildroot}%{catrustdir}/extracted/pem/email-ca-bundle.pem
+touch %{buildroot}%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
+chmod 444 %{buildroot}%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
+touch %{buildroot}%{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
+chmod 444 %{buildroot}%{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
+touch %{buildroot}%{catrustdir}/extracted/%{java_bundle}
+chmod 444 %{buildroot}%{catrustdir}/extracted/%{java_bundle}
+touch %{buildroot}%{catrustdir}/extracted/edk2/cacerts.bin
+chmod 444 %{buildroot}%{catrustdir}/extracted/edk2/cacerts.bin
+
+# legacy filenames
+ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
+ %{buildroot}%{pkidir}/tls/cert.pem
+ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
+ %{buildroot}%{pkidir}/tls/certs/%{classic_tls_bundle}
+ln -s %{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle} \
+ %{buildroot}%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
+ln -s %{catrustdir}/extracted/%{java_bundle} \
+ %{buildroot}%{pkidir}/%{java_bundle}
+
+%post
+%{_bindir}/ca-legacy install
+%{_bindir}/update-ca-trust
+
%files
-%doc README LICENSE
+%doc README
+%dir %{catrustdir}/source
+%dir %{catrustdir}/source/anchors
+%dir %{catrustdir}/source/blacklist
%{_sysconfdir}/pki/tls/cert.pem
-%config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
-%config(noreplace) %{_sysconfdir}/pki/tls/rootcerts/*
+%{_mandir}/man8/ca-legacy.8.*
+%{_mandir}/man8/update-ca-trust.8.*
%config(noreplace) %{_sysconfdir}/pki/tls/mozilla/certdata.txt
%{_sysconfdir}/ssl/certs
%{_sysconfdir}/ssl/private
+# symlinks for old locations
+%{pkidir}/tls/certs/%{classic_tls_bundle}
+%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
+# master bundle file with trust
+%{_datadir}/pki/ca-trust-source/%{p11_format_bundle}
+
+%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle}
+%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle}
+# update/extract tool
+%config(noreplace) %{catrustdir}/ca-legacy.conf
+%{_bindir}/update-ca-trust
+%{_bindir}/ca-legacy
+%ghost %{catrustdir}/source/ca-bundle.legacy.crt
+# files extracted files
+%ghost %{catrustdir}/extracted/pem/tls-ca-bundle.pem
+%ghost %{catrustdir}/extracted/pem/email-ca-bundle.pem
+%ghost %{catrustdir}/extracted/pem/objsign-ca-bundle.pem
+%ghost %{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle}
+%ghost %{catrustdir}/extracted/%{java_bundle}
+%ghost %{catrustdir}/extracted/edk2/cacerts.bin
+
%if %{with java}
%files java
%dir %{_sysconfdir}/pki/java
%config(noreplace) %{_sysconfdir}/pki/java/cacerts
%endif
+
diff --git a/trust-fixes b/trust-fixes
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/trust-fixes
@@ -0,0 +1 @@
+
diff --git a/update-ca-trust b/update-ca-trust
new file mode 100644
index 0000000..fe03ed2
--- /dev/null
+++ b/update-ca-trust
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+#set -vx
+
+# At this time, while this script is trivial, we ignore any parameters given.
+# However, for backwards compatibility reasons, future versions of this script must
+# support the syntax "update-ca-trust extract" trigger the generation of output
+# files in $DEST.
+
+DEST=/etc/pki/ca-trust/extracted
+
+# Prevent p11-kit from reading user configuration files.
+export P11_KIT_NO_USER_CONFIG=1
+
+# OpenSSL PEM bundle that includes trust flags
+# (BEGIN TRUSTED CERTIFICATE)
+/usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt
+/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem
+/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem
+/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
+/usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
+/usr/bin/p11-kit extract --format=edk2-cacerts --filter=ca-anchors --overwrite --purpose=server-auth $DEST/edk2/cacerts.bin
diff --git a/update-ca-trust.8.txt b/update-ca-trust.8.txt
new file mode 100644
index 0000000..93143da
--- /dev/null
+++ b/update-ca-trust.8.txt
@@ -0,0 +1,254 @@
+////
+Copyright (C) 2013 Red Hat, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+////
+
+
+update-ca-trust(8)
+==================
+:doctype: manpage
+:man source: update-ca-trust
+
+
+NAME
+----
+update-ca-trust - manage consolidated and dynamic configuration of CA
+certificates and associated trust
+
+
+SYNOPSIS
+--------
+*update-ca-trust* ['COMMAND']
+
+
+DESCRIPTION
+-----------
+update-ca-trust(8) is used to manage a consolidated and dynamic configuration
+feature of Certificate Authority (CA) certificates and associated trust.
+
+The feature is available for new applications that read the
+consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
+or that load the PKCS#11 module p11-kit-trust.so
+
+Parts of the new feature are also provided in a way to make it useful
+for legacy applications.
+
+Many legacy applications expect CA certificates and trust configuration
+in a fixed location, contained in files with particular path and name,
+or by referring to a classic PKCS#11 trust module provided by the
+NSS cryptographic library.
+
+The dynamic configuration feature provides functionally compatible replacements
+for classic configuration files and for the classic NSS trust module named libnssckbi.
+
+In order to enable legacy applications, that read the classic files or
+access the classic module, to make use of the new consolidated and dynamic configuration
+feature, the classic filenames have been changed to symbolic links.
+The symbolic links refer to dynamically created and consolidated
+output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
+
+The output is produced using the 'update-ca-trust' command (without parameters),
+or using the 'update-ca-trust extract' command.
+In order to produce the output, a flexible set of source configuration
+is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
+
+In addition, the classic PKCS#11 module
+is replaced with a new PKCS#11 module (p11-kit-trust.so) that dynamically
+reads the same source configuration.
+
+
+[[sourceconf]]
+SOURCE CONFIGURATION
+--------------------
+The dynamic configuration feature uses several source directories that
+will be scanned for any number of source files. *It is important to select
+the correct subdirectory for adding files, as the subdirectory defines how
+contained certificates will be trusted or distrusted, and which file formats are read.*
+
+Files in *subdirectories below the directory hierarchy /usr/share/pki/ca-trust-source/* contain CA certificates and
+trust settings in the PEM file format. The trust settings found here will be
+interpreted with a *low priority*.
+
+Files in *subdirectories below the directory hierarchy /etc/pki/ca-trust/source/* contain CA certificates and
+trust settings in the PEM file format. The trust settings found here will be
+interpreted with a *high priority*.
+
+.You may use the following rules of thumb to decide, whether your configuration files should be added to the /etc or rather to the /usr directory hierarchy:
+* If you are manually adding a configuration file to a system, you probably
+want it to override any other default configuration, and you most likely should
+add it to the respective subdirectory in the /etc hierarchy.
+* If you are creating a package that provides additional root CA certificates,
+that is intended for distribution to several computer systems, but you still
+want to allow the administrator to override your list, then your package should
+add your files to the respective subdirectory in the /usr hierarchy.
+* If you are creating a package that is supposed to override the default system
+trust settings, that is intended for distribution to several computer systems, then your package should install the files to the respective
+subdirectory in the /etc hierarchy.
+
+.*QUICK HELP 1*: To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system:
+* add it as a new file to directory /etc/pki/ca-trust/source/anchors/
+* run 'update-ca-trust extract'
+
+.*QUICK HELP 2*: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:
+* add it as a new file to directory /etc/pki/ca-trust/source/
+* run 'update-ca-trust extract'
+
+.In order to offer simplicity and flexibility, the way certificate files are treated depends on the subdirectory they are installed to.
+* simple trust anchors subdirectory: /usr/share/pki/ca-trust-source/anchors/ or /etc/pki/ca-trust/source/anchors/
+* simple blacklist (distrust) subdirectory: /usr/share/pki/ca-trust-source/blacklist/ or /etc/pki/ca-trust/source/blacklist/
+* extended format directory: /usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/
+
+.In the main directories /usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/ you may install one or multiple files in the following file formats:
+* certificate files that include trust flags,
+ in the BEGIN/END TRUSTED CERTIFICATE file format
+ (any file name), which have been created using the openssl x509 tool
+ and the -addreject -addtrust options.
+ Bundle files with multiple certificates are supported.
+* files in the p11-kit file format using the .p11-kit file name
+ extension, which can (e.g.) be used to distrust certificates
+ based on serial number and issuer name, without having the
+ full certificate available.
+ (This is currently an undocumented format, to be extended later.
+ For examples of the supported formats, see the files
+ shipped with the ca-certificates package.)
+* certificate files without trust flags in either the DER file format or in
+ the PEM (BEGIN/END CERTIFICATE) file format (any file name). Such files
+ will be added with neutral trust, neither trusted nor distrusted.
+ They will simply be known to the system, which might be helpful to
+ assist cryptographic software in constructing chains of certificates.
+ (If you want a CA certificate in these file formats to be trusted, you
+ should remove it from this directory and move it to the
+ ./anchors subdirectory instead.)
+
+In the anchors subdirectories /usr/share/pki/ca-trust-source/anchors/ or /etc/pki/ca-trust/source/anchors/
+you may install one or multiple certificates in either the DER file
+format or in the PEM (BEGIN/END CERTIFICATE) file format.
+Each certificate will be treated as *trusted* for all purposes.
+
+In the blacklist subdirectories /usr/share/pki/ca-trust-source/blacklist/ or /etc/pki/ca-trust/source/blacklist/
+you may install one or multiple certificates in either the DER file
+format or in the PEM (BEGIN/END CERTIFICATE) file format.
+Each certificate will be treated as *distrusted* for all purposes.
+
+Please refer to the x509(1) manual page for the documentation of the
+BEGIN/END CERTIFICATE and BEGIN/END TRUSTED CERTIFICATE file formats.
+
+Applications that rely on a static file for a list of trusted CAs
+may load one of the files found in the /etc/pki/ca-trust/extracted
+directory. After modifying any file in the
+/usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/
+directories or in any of their subdirectories, or after adding a file,
+it is necessary to run the 'update-ca-trust extract' command,
+in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
+
+Applications that load the classic PKCS#11 module using filename libnssckbi.so
+(which has been converted into a symbolic link pointing to the new module)
+and any application capable of
+loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
+the dynamically merged set of certificates and trust information stored in the
+/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/ directories.
+
+
+[[extractconf]]
+EXTRACTED CONFIGURATION
+-----------------------
+The directory /etc/pki/ca-trust/extracted/ contains generated CA certificate
+bundle files which are created and updated, based on the <<sourceconf,SOURCE CONFIGURATION>>
+by running the 'update-ca-trust extract' command.
+
+If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
+then you can use these files in your application to load a list of global
+root CA certificates.
+
+Please never manually edit the files stored in this directory,
+because your changes will be lost and the files automatically overwritten,
+each time the 'update-ca-trust extract' command gets executed.
+
+In order to install new trusted or distrusted certificates,
+please rather install them in the respective subdirectory below the
+/usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/
+directories, as described in the <<sourceconf,SOURCE CONFIGURATION>> section.
+
+The directory /etc/pki/ca-trust/extracted/java/ contains
+a CA certificate bundle in the java keystore file format.
+Distrust information cannot be represented in this file format,
+and distrusted certificates are missing from these files.
+File cacerts contains CA certificates trusted for TLS server authentication.
+
+The directory /etc/pki/ca-trust/extracted/openssl/ contains
+CA certificate bundle files in the extended BEGIN/END TRUSTED CERTIFICATE file format,
+as described in the x509(1) manual page.
+File ca-bundle.trust.crt contains the full set of all trusted
+or distrusted certificates, including the associated trust flags.
+
+The directory /etc/pki/ca-trust/extracted/pem/ contains
+CA certificate bundle files in the simple BEGIN/END CERTIFICATE file format,
+as described in the x509(1) manual page.
+Distrust information cannot be represented in this file format,
+and distrusted certificates are missing from these files.
+File tls-ca-bundle.pem contains CA certificates
+trusted for TLS server authentication.
+File email-ca-bundle.pem contains CA certificates
+trusted for E-Mail protection.
+File objsign-ca-bundle.pem contains CA certificates
+trusted for code signing.
+
+The directory /etc/pki/ca-trust/extracted/edk2/ contains a CA
+certificate bundle ("cacerts.bin") in the "sequence of
+EFI_SIGNATURE_LISTs" format, defined in the UEFI-2.7 specification,
+sections "31.4.1 Signature Database" and
+"EFI_CERT_X509_GUID". Distrust information cannot be represented in
+this file format, and distrusted certificates are missing from these
+files. File "cacerts.bin" contains CA certificates trusted for TLS
+server authentication.
+
+
+COMMANDS
+--------
+(absent/empty command)::
+ Same as the *extract* command described below. (However, the command may
+ print fewer warnings, as this command is being run during rpm package
+ installation, where non-fatal status output is undesired.)
+
+*extract*::
+ Instruct update-ca-trust to scan the <<sourceconf,SOURCE CONFIGURATION>> and produce
+ updated versions of the consolidated configuration files stored below
+ the /etc/pki/ca-trust/extracted directory hierarchy.
+
+FILES
+-----
+/etc/pki/tls/certs/ca-bundle.crt::
+ Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
+ This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
+
+/etc/pki/tls/certs/ca-bundle.trust.crt::
+ Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
+ This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
+
+/etc/pki/java/cacerts::
+ Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
+ This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
+
+/usr/share/pki/ca-trust-source::
+ Contains multiple, low priority source configuration files as explained in section <<sourceconf,SOURCE CONFIGURATION>>. Please pay attention to the specific meanings of the respective subdirectories.
+
+/etc/pki/ca-trust/source::
+ Contains multiple, high priority source configuration files as explained in section <<sourceconf,SOURCE CONFIGURATION>>. Please pay attention to the specific meanings of the respective subdirectories.
+
+/etc/pki/ca-trust/extracted::
+ Contains consolidated and automatically generated configuration files for consumption by applications,
+ which are created using the 'update-ca-trust extract' command. Don't edit files in this directory, because they will be overwritten.
+ See section <<extractconf,EXTRACTED CONFIGURATION>> for additional details.
+
+AUTHOR
+------
+Written by Kai Engert and Stef Walter.
diff --git a/use-openssl-rehash-instead-of-c_rehash.patch b/use-openssl-rehash-instead-of-c_rehash.patch
deleted file mode 100644
index f5e5e40..0000000
--- a/use-openssl-rehash-instead-of-c_rehash.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-diff -up ./configure.in.orig ./configure.in
---- ./configure.in.orig 2018-05-13 08:59:07.547223413 +0300
-+++ ./configure.in 2018-05-13 08:59:24.106274751 +0300
-@@ -12,7 +12,6 @@ AM_INIT_AUTOMAKE(rootcerts, 0.50)
-
- EXTRA_PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin
- AC_PATH_PROG(OPENSSL, openssl, "", $EXTRA_PATH)
--AC_PATH_PROG(REHASH, c_rehash, "", $EXTRA_PATH)
- AC_PATH_PROGS(PERL, perl5 perl, "", $EXTRA_PATH)
-
- if test "$PERL" = ""
-@@ -46,20 +46,6 @@ echo "dir=\"$certdb\"" >rootcertsdir.cnf
- AC_SUBST(certdb)
- AC_SUBST(OPENSSL)
-
--if test "$OPENSSL" != ""
--then
-- if test "$REHASH" = ""
-- then
-- AC_MSG_WARN(Unable to locate OpenSSL's c_rehash script in the current)
-- AC_MSG_WARN(PATH. The c_rehash script is included in the OpenSSL)
-- AC_MSG_WARN(package but may not be installed on your system. Please)
-- AC_MSG_WARN(install the c_rehash script from OpenSSL and rerun this)
-- AC_MSG_WARN(configure script.)
-- AC_MSG_ERROR(openssl found but c_rehash was not found.)
-- fi
--fi
--AC_SUBST(c_rehash)
--
- AM_CONDITIONAL(HAVE_OPENSSL, test "$OPENSSL" != "")
-
- AC_OUTPUT(Makefile)
-diff -up ./Makefile.am.orig ./Makefile.am
---- ./Makefile.am.orig 2018-05-13 09:00:52.069546806 +0300
-+++ ./Makefile.am 2018-05-13 09:01:09.424600369 +0300
-@@ -19,7 +19,7 @@ rootcerts.cnf: config.status certs.sh
- rm -rf certs
- mkdir certs
- @SHELL@ $(srcdir)/certs.sh
-- @REHASH@ certs >/dev/null
-+ @OPENSSL@ rehash -v certs
- echo 'files="'`ls certs`'"' >rootcerts.cnf
-
- install-data-hook: rootcerts.cnf
diff --git a/verisign-class-3-secure-server-ca.pem b/verisign-class-3-secure-server-ca.pem
deleted file mode 100644
index 6a60f56..0000000
--- a/verisign-class-3-secure-server-ca.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf
-MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
-LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
-HhcNMDUwMTE5MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBsDELMAkGA1UEBhMCVVMx
-FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
-dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu
-dmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMhVmVyaVNpZ24gQ2xhc3Mg
-MyBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAlcMhEo5AxQ0BX3ZeZpTZcyxYGSK4yfx6OZAqd3J8HT732FXjr0LLhzAC3Fus
-cOa4RLQrNeuT0hcFfstG1lxToDJRnXRkWPkMmgDqXkRJZHL0zRDihQr5NO6ziGap
-paRa0A6Yf1gNK1K7hql+LvqySHyN2y1fAXWijQY7i7RhB8m+Ipn4G9G1V2YETTX0
-kXGWtZkIJZuXyDrzILHdnpgMSmO3ps6wAc74k2rzDG6fsemEe4GYQeaB3D0s57Rr
-4578CBbXs9W5ZhKZfG1xyE2+xw/j+zet1XWHIWuG0EQUWlR5OZZpVsm5Mc2JYVjh
-2XYFBa33uQKvp/1HkaIiNFox0QIDAQABo4IBgTCCAX0wEgYDVR0TAQH/BAgwBgEB
-/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0
-dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0
-cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBEG
-CWCGSAGG+EIBAQQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQ2xhc3Mz
-Q0EyMDQ4LTEtNDUwHQYDVR0OBBYEFG/sr6DdiqTv9SoQZy0/VYK81+8lMIGABgNV
-HSMEeTB3oWOkYTBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu
-Yy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHmCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQEFBQADgYEA
-w34IRl2RNs9n3Nenr6+4IsOLBHTTsWC85v63RBKBWzFzFGNWxnIu0RoDQ1w4ClBK
-Tc3athmo9JkNr+P32PF1KGX2av6b9L1S2T/L2hbLpZ4ujmZSeD0m+v6UNohKlV4q
-TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=
------END CERTIFICATE-----