Skip to content

Commit c730d95

Browse files
authored
Merge pull request #2202 from drwetter/certupdate_3.0
Cert update (3.0)
2 parents b1c5a33 + b148f68 commit c730d95

File tree

7 files changed

+6512
-5814
lines changed

7 files changed

+6512
-5814
lines changed

etc/Apple.pem

Lines changed: 3799 additions & 4015 deletions
Large diffs are not rendered by default.

etc/DST Root CA X3.txt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
DST Root CA X3
2+
3+
-----BEGIN CERTIFICATE-----
4+
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
5+
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
6+
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
7+
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
8+
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
9+
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
10+
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
11+
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
12+
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
13+
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
14+
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
15+
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
16+
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
17+
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
18+
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
19+
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
20+
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
21+
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
22+
-----END CERTIFICATE----

etc/Java.pem

Lines changed: 322 additions & 130 deletions
Large diffs are not rendered by default.

etc/Linux.pem

Lines changed: 1292 additions & 1300 deletions
Large diffs are not rendered by default.

etc/Microsoft.pem

Lines changed: 696 additions & 182 deletions
Large diffs are not rendered by default.

etc/Mozilla.pem

Lines changed: 374 additions & 181 deletions
Large diffs are not rendered by default.

etc/README.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,18 @@ The certificate trust stores were retrieved from
55

66
* **Linux:** Copied from an up-to-date Debian Linux machine
77
* **Mozilla:** https://curl.haxx.se/docs/caextract.html
8-
* **Java:** extracted (``keytool -list -rfc -keystore lib/security/cacerts | grep -E -v '^$|^\*\*\*\*\*|^Entry |^Creation |^Alias '``) from a JDK 15 from https://jdk.java.net/. (use dos2unix).
9-
* **Microsoft:** Following command pulls all certificates from Windows Update services: ``CertUtil -syncWithWU -f -f . `` (see also http://aka.ms/RootCertDownload, https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions).
8+
* **Java:** extracted (``keytool -list -rfc -keystore lib/security/cacerts | grep -E -v '^$|^\*\*\*\*\*|^Entry |^Creation |^Alias '``) from a JDK LTS version from https://jdk.java.net/. (use dos2unix).
9+
* **Microsoft:** Following command pulls all certificates from Windows Update services: ``CertUtil -syncWithWU -f -f . `` (see also http://aka.ms/RootCertDownload, https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions). They are in DER format. Convert them like ``for f in *.cer; do echo $f >/dev/stderr; openssl x509 -in $f -inform DER -outform PEM ;done >/tmp/Microsoft.pem``
1010
* **Apple:**
1111
1. __System:__ from Apple OS X keychain app. Open Keychain Access utility, i.e.
1212
In the Finder window, under Favorites --> "Applications" --> "Utilities"
13-
(OR perform a Spotlight Search for Keychain Access)
14-
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
13+
(OR perform a Spotlight Search for "Keychain Access")
14+
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System Root"
1515
--> "Category" --> "All Items"
16-
Select all CA certificates except for Developer ID Certification Authority, "File" --> "Export Items"
17-
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
16+
Select all CA certificates except for "Developer ID Certification Authority", omit expired ones, "File" --> "Export Items"
17+
2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in all DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5 --mirror --convert-links --adjust-extension --page-requisites --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-<latest>/certificates/roots/``. Then: ``for f in *.cer *.der *.crt; do echo $f >/dev/stderr; openssl x509 -in $f -inform DER -outform PEM ;done >/tmp/Apple.pem``
1818

19+
**Attention**: You need to remove the DST Root CA X3 which is for your reference in this directory.
1920

2021
Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.
2122

0 commit comments

Comments
 (0)