ca-certificates

Author	SHA1	Message	Date
Krenzelok Frantisek	f4b01a3d59	Migrate STI to tmt Resolves: FC-1842	2025-09-29 17:24:56 +02:00
Krenzelok Frantisek	dddbd7ffaa	Adding: # Certificate "TWCA CYBER Root CA" # Certificate "TWCA Global Root CA G2" # Certificate "SecureSign Root CA12" # Certificate "SecureSign Root CA14" # Certificate "SecureSign Root CA15" # Certificate "D-TRUST BR Root CA 2 2023" # Certificate "TrustAsia SMIME ECC Root CA" # Certificate "TrustAsia SMIME RSA Root CA" # Certificate "TrustAsia TLS ECC Root CA" # Certificate "TrustAsia TLS RSA Root CA" # Certificate "D-TRUST EV Root CA 2 2023" # Certificate "SwissSign RSA SMIME Root CA 2022 - 1" # Certificate "SwissSign RSA TLS Root CA 2022 - 1"	2025-08-26 13:34:29 +02:00
Krenzelok Frantisek	a173c80540	update-ca-trust: Added a compat extract option The removal of legacy certificate symlinks, such as /etc/ssl/cert.pem, in a previous update caused regressions in older software that has not yet adapted to finding trust bundles in standard system locations. This patch introduces a temporary compatibility option, --rhbz2387674, to the `update-ca-trust extract` command. When used, this flag restores the legacy symlinks to their previous locations, allowing affected software to function correctly. A prominent warning is displayed whenever the flag is used to discourage its use in automated scripts and to prompt users/maintainers to file bugs against their packages. The spec file is also updated to ensure these symlinks are cleaned up on package removal.	2025-08-14 14:56:28 +02:00
Fedora Release Engineering	450f63c6dc	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-23 18:01:15 +00:00
Krenzelok Frantisek	f4d9a70117	Drop /etc/pki/tls/cert.pem and bundles in .../tls/certs/ - Resolves: rhbz#2360110 - Change: Dropping of cert.pem file (Resolves: rhbz#2360110) https://fedoraproject.org/wiki/Changes/dropingOfCertPemFile - Remove the following symlinks: - # /etc/pki/tls/cert.pem - # /etc/pki/tls/certs/ca-certificates.crt - # /etc/pki/tls/certs/ca-bundle.trust.crt - # /etc/pki/tls/certs/ca-bundle.crt - # /etc/ssl/cert.pem - # /etc/ssl/certs/ca-certificates.crt - # /etc/ssl/certs/ca-bundle.trust.crt - # /etc/ssl/certs/ca-bundle.crt - Directory /etc/pki/ca-trust/extracted/openssl is being deprecated, it is removed upon updating unless there are files present inside it. Signed-off-by: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>	2025-07-22 14:07:19 +02:00
Fedora Release Engineering	2ec1d54e12	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-16 13:09:21 +00:00
Krenzelok Frantisek	c480442de0	Revert droping of /etc/pki/tls/certs/ca-certificates.crt	2024-12-17 09:52:12 +01:00
Frantisek Krenzelok	a3407acb86	Revert the droping of /etc/pki/tls/cert.pem bring the file back and do a fedora proposal change	2024-09-27 18:50:47 +02:00
Michel Lind	ea33ee673a	Add missing Requires(post) on findutils for update-ca-trust Signed-off-by: Michel Lind <salimma@fedoraproject.org>	2024-09-27 11:01:37 -05:00
Frantisek Krenzelok	5fc41a4954	Update to CKBI 2.69_v8.0.401 from NSS 3.103 Adding: # Certificate "Sectigo Public Code Signing Root R46" # Certificate "Sectigo Public Code Signing Root E46"	2024-09-23 14:50:44 +02:00
Frantisek Krenzelok	7dc60cbc6b	update-ca-trust: make a copy of directory-hash symlinks in ../tls/certs - update-ca-trust: copy directory-hash symlinks to /etc/pki/tls/certs - Remove /etc/pki/tls/cert.pem symlink so that it isn't loaded by default	2024-09-17 17:12:42 +02:00
Frantisek Krenzelok	91af9300e9	update-ca-trust: return errors on a unsupported argument	2024-09-17 17:12:34 +02:00
Frantisek Krenzelok	350e68e9e3	Track the directory-hash files - Temporarily generate the directory-hash files in %%install ...(next item) - Add list of ghost files from directory-hash to %%files	2024-09-17 15:46:26 +02:00
Daiki Ueno	9a6a981832	Populate directory-hash at %install This generates the contents of /etc/pki/ca-trust/extracted/pem/directory-hash at %install, only taking into account of the generated bundle, not the one already present on the build system. This is done by creating a temporary module configuration file for p11-kit-trust.so. Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-09-17 15:32:47 +02:00
Frantisek Krenzelok	810b5018c2	Own the Directory-hash directory	2024-09-17 15:32:41 +02:00
Krenzelok Frantisek	9df6df0fd5	Add libffi to required packages Resolves: FC-1254	2024-07-31 09:13:42 +02:00
Daiki Ueno	437cefa157	upcate-ca-trust: Use "trust" command instead of "p11-kit extract" The main motivation behind this is to allow the p11-kit utilities to be split into a subpackage (p11-kit-tools). As ca-certificates only uses "p11-kit extract" command invocation, which can be replaced with "trust" command, we only need the p11-kit-trust package at installation time. Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-07-29 17:21:33 +09:00
Krenzelok Frantisek	fd3aae84f3	Remove blacklist use blocklists only	2024-07-18 10:19:49 +02:00
Fedora Release Engineering	db453352b4	Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild	2024-07-17 18:49:27 +00:00
Frantisek Krenzelok	971799e691	Update to CKBI 2.68_v8.0.302 from NSS 3.101 Removing: # Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Certificate "Verisign Class 2 Public Primary Certification Authority - G3" # Certificate "Security Communication Root CA" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Symantec Class 1 Public Primary Certification Authority - G6" # Certificate "Symantec Class 2 Public Primary Certification Authority - G6" # Certificate "TrustCor RootCert CA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor ECA-1" Adding: # Certificate "TrustAsia Global Root CA G3" # Certificate "TrustAsia Global Root CA G4" # Certificate "CommScope Public Trust ECC Root-01" # Certificate "CommScope Public Trust ECC Root-02" # Certificate "CommScope Public Trust RSA Root-01" # Certificate "CommScope Public Trust RSA Root-02" # Certificate "D-Trust SBR Root CA 1 2022" # Certificate "D-Trust SBR Root CA 2 2022" # Certificate "Telekom Security SMIME ECC Root 2021" # Certificate "Telekom Security TLS ECC Root 2020" # Certificate "Telekom Security SMIME RSA Root 2023" # Certificate "Telekom Security TLS RSA Root 2023" # Certificate "FIRMAPROFESIONAL CA ROOT-A WEB" # Certificate "SECOM Trust.net" # Certificate "VeriSign Class 2 Public Primary Certification Authority - G3" # Certificate "SSL.com Code Signing RSA Root CA 2022" # Certificate "SSL.com Code Signing ECC Root CA 2022"	2024-06-24 11:51:27 +02:00
Fedora Release Engineering	ad028945f2	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-23 01:04:43 +00:00
Fedora Release Engineering	302dbabf4e	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 14:55:25 +00:00
Robert Relyea	44da037acb	update-ca-trust: Fix bug in update-ca-trust so we don't depened on util-unix rhbz#2242727	2023-10-09 17:23:28 -07:00
Adam Williamson	f04a9cf58d	Skip %post if getopt is missing	2023-10-07 08:59:46 -07:00
Robert Relyea	65515a4fba	fix version pasting	2023-10-04 14:37:44 -07:00
Robert Relyea	fe9aee3d97	- Update fetch to handle merging microsoft code signing certs. - Update fetchobjsign.sh and merge2certdata.py to their ca-certificate-scripts equivalent. - Update to CKBI 2.62-v7.0.401 from NSS 3.93 Removing: # Certificate "Camerfirma Chambers of Commerce Root" # Certificate "Hongkong Post Root CA 1" # Certificate "FNMT-RCM" Adding: # Certificate "LAWtrust Root CA2 (4096)" # Certificate "Sectigo Public Email Protection Root E46" # Certificate "Sectigo Public Email Protection Root R46" # Certificate "Sectigo Public Server Authentication Root E46" # Certificate "Sectigo Public Server Authentication Root R46" # Certificate "SSL.com TLS RSA Root CA 2022" # Certificate "SSL.com TLS ECC Root CA 2022" # Certificate "SSL.com Client ECC Root CA 2022" # Certificate "SSL.com Client RSA Root CA 2022" # Certificate "Atos TrustedRoot Root CA ECC G2 2020" # Certificate "Atos TrustedRoot Root CA RSA G2 2020" # Certificate "Atos TrustedRoot Root CA ECC TLS 2021" # Certificate "Atos TrustedRoot Root CA RSA TLS 2021" # Certificate "Chambers of Commerce Root"	2023-10-04 14:31:59 -07:00
Clemens Lang	e004a0c69f	update-ca-trust: Support --output and non-root operation Add the --output option to update-ca-trust so that trust stores can be written to a different output directory. This is useful to prepare trust store directories that can be used in containers. Additionally, fix running update-ca-trust as non-root user (specifically, without CAP_DAC_OVERRIDE) which was previously required to create two symbolic links. Quote all uses of $DEST since a user-specified path could contain spaces. Resolves: rhbz#2241240	2023-10-02 11:54:29 +02:00
Robert Relyea	ebc3273b93	update License: field to SPDX	2023-09-11 09:44:36 -07:00
Robert Relyea	19f1fee1e6	Update to CKBI 2.60_v7.0.306 from NSS 3.91 Removing: # Certificate "OpenTrust Root CA G1" # Certificate "Swedish Government Root Authority v1" # Certificate "DigiNotar Root CA G2" # Certificate "Federal Common Policy CA" # Certificate "TC TrustCenter Universal CA III" # Certificate "CCA India 2007" # Certificate "ipsCA Global CA Root" # Certificate "ipsCA Main CA Root" # Certificate "Macao Post eSignTrust Root Certification Authority" # Certificate "InfoNotary CSP Root" # Certificate "DigiNotar Root CA" # Certificate "Root CA" # Certificate "GPKIRootCA" # Certificate "D-TRUST Qualified Root CA 1 2007:PN" # Certificate "TC TrustCenter Universal CA I" # Certificate "TC TrustCenter Universal CA II" # Certificate "TC TrustCenter Class 2 CA II" # Certificate "TC TrustCenter Class 4 CA II" # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "CertRSA01" # Certificate "KISA RootCA 3" # Certificate "A-CERT ADVANCED" # Certificate "A-Trust-Qual-01" # Certificate "A-Trust-nQual-01" # Certificate "Serasa Certificate Authority II" # Certificate "TDC Internet" # Certificate "America Online Root Certification Authority 2" # Certificate "RSA Security Inc" # Certificate "Public Notary Root" # Certificate "Autoridade Certificadora Raiz Brasileira" # Certificate "Post.Trust Root CA" # Certificate "Entrust.net Secure Server Certification Authority" # Certificate "ePKI EV SSL Certification Authority - G1" Adding: # Certificate "BJCA Global Root CA1" # Certificate "BJCA Global Root CA2" # Certificate "Symantec Enterprise Mobile Root for Microsoft" # Certificate "A-Trust-Root-05" # Certificate "ADOCA02" # Certificate "StartCom Certification Authority G2" # Certificate "ATHEX Root CA" # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "GeoTrust Primary Certification Authority" # Certificate "thawte Primary Root CA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Certificate "America Online Root Certification Authority 1" # Certificate "Juur-SK" # Certificate "ComSign CA" # Certificate "ComSign Secured CA" # Certificate "ComSign Advanced Security CA" # Certificate "Sonera Class2 CA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "VeriSign, Inc." # Certificate "GTE CyberTrust Global Root" # Certificate "Equifax Secure Global eBusiness CA-1" # Certificate "Equifax" # Certificate "Class 1 Primary CA" # Certificate "Swiss Government Root CA III" # Certificate "Application CA G4 Root" # Certificate "SSC GDL CA Root A" # Certificate "GlobalSign Code Signing Root E45" # Certificate "GlobalSign Code Signing Root R45" # Certificate "Entrust Code Signing Root Certification Authority - CSBR1"	2023-08-01 10:11:53 -07:00
Robert Relyea	0ea28921fe	Bump version and rebuild for f39 mass rebuild	2023-07-25 15:04:05 -07:00
Yaakov Selkowitz	5a328d3079	Adapt to asciidoc 10 changes asciidoc 10 includes a number of packaging changes, including the removal of asciidoc.py aliases and the relocation of resources. Instead of trying to manage the latter in a compatible way, use xmlto instead for the xml-to-man conversion.	2023-06-26 17:07:05 -04:00
Frantisek Krenzelok	baa0ace302	Update to CKBI 2.60 from NSS 3.86 Removing: # Certificate "Camerfirma Global Chambersign Root" # Certificate "Staat der Nederlanden EV Root CA" Adding: # Certificate "DigiCert TLS ECC P384 Root G5" # Certificate "DigiCert TLS RSA4096 Root G5" # Certificate "DigiCert SMIME ECC P384 Root G5" # Certificate "DigiCert SMIME RSA4096 Root G5" # Certificate "Certainly Root R1" # Certificate "Certainly Root E1" # Certificate "E-Tugra Global Root CA RSA v3" # Certificate "E-Tugra Global Root CA ECC v3" # Certificate "DIGITALSIGN GLOBAL ROOT RSA CA" # Certificate "DIGITALSIGN GLOBAL ROOT ECDSA CA" # Certificate "Global Chambersign Root"	2023-01-20 20:06:00 +01:00
Fedora Release Engineering	65fd29ac02	Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-01-18 23:22:38 +00:00
Bob Relyea	3e24439003	Update to CKBI 2.54 from NSS 3.79 Removing: # Certificate "TrustCor ECA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor RootCert CA-1" # Certificate "Network Solutions Certificate Authority" # Certificate "COMODO Certification Authority" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "Microsec e-Szigno Root CA 2009" # Certificate "TWCA Root Certification Authority" # Certificate "Izenpe.com" # Certificate "state-institutions" # Certificate "GlobalSign" # Certificate "Common Policy" # Certificate "A-Trust-nQual-03" # Certificate "A-Trust-Qual-02" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Government Root Certification Authority" # Certificate "AC Raíz Certicámara S.A."	2022-07-28 12:10:46 -07:00
Bob Relyea	d4451d31cd	Update to CKBI 2.54 from NSS 3.79	2022-07-27 16:05:04 -07:00
Fedora Release Engineering	082ca8530e	Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-07-20 22:27:16 +00:00
Bob Relyea	f6b8f45e83	Update to CKBI 2.54 from NSS 3.79 Removing: # Certificate "GlobalSign Root CA - R2" # Certificate "DST Root CA X3" # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" Adding: # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "vTrus ECC Root CA" # Certificate "vTrus Root CA" # Certificate "ISRG Root X2" # Certificate "HiPKI Root CA - G1" # Certificate "Telia Root CA v2" # Certificate "D-TRUST BR Root CA 1 2020" # Certificate "D-TRUST EV Root CA 1 2020" # Certificate "CAEDICOM Root" # Certificate "I.CA Root CA/RSA" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Certification Authority of WoSign G2" # Certificate "CA WoSign ECC Root" # Certificate "CCA India 2015 SPL" # Certificate "Swedish Government Root Authority v3" # Certificate "Swedish Government Root Authority v2" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "OpenTrust Root CA G1" # Certificate "OpenTrust Root CA G2" # Certificate "OpenTrust Root CA G3" # Certificate "Certplus Root CA G1" # Certificate "Certplus Root CA G2" # Certificate "Government Root Certification Authority" # Certificate "A-Trust-Qual-02" # Certificate "Thailand National Root Certification Authority - G1" # Certificate "TrustCor ECA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor RootCert CA-1" # Certificate "Certification Authority of WoSign" # Certificate "CA 沃通根证书" # Certificate "SSC GDL CA Root B" # Certificate "SAPO Class 2 Root CA" # Certificate "SAPO Class 3 Root CA" # Certificate "SAPO Class 4 Root CA" # Certificate "CA Disig Root R1" # Certificate "Autoridad Certificadora Raíz Nacional de Uruguay" # Certificate "ApplicationCA2 Root" # Certificate "GlobalSign" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "Symantec Class 3 Public Primary Certification Authority - G4" # Certificate "Halcom Root CA" # Certificate "Swisscom Root EV CA 2" # Certificate "CFCA GT CA" # Certificate "Digidentity L3 Root CA - G2" # Certificate "SITHS Root CA v1" # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" # Certificate "Autoridade Certificadora Raiz Brasileira v2" # Certificate "Swisscom Root CA 2" # Certificate "IGC/A AC racine Etat francais" # Certificate "PersonalID Trustworthy RootCA 2011" # Certificate "Swedish Government Root Authority v1" # Certificate "Swiss Government Root CA II" # Certificate "Swiss Government Root CA I" # Certificate "Network Solutions Certificate Authority" # Certificate "COMODO Certification Authority" # Certificate "LuxTrust Global Root" # Certificate "AC1 RAIZ MTIN" # Certificate "Microsoft Root Certificate Authority 2011" # Certificate "CCA India 2011" # Certificate "ANCERT Certificados Notariales V2" # Certificate "ANCERT Certificados CGN V2" # Certificate "EE Certification Centre Root CA" # Certificate "DigiNotar Root CA G2" # Certificate "Federal Common Policy CA" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "China Internet Network Information Center EV Certificates Root" # Certificate "Verizon Global Root CA" # Certificate "SwissSign Silver Root CA - G3" # Certificate "SwissSign Platinum Root CA - G3" # Certificate "SwissSign Gold Root CA - G3" # Certificate "Microsec e-Szigno Root CA 2009" # Certificate "SITHS CA v3" # Certificate "Certinomis - Autorité Racine" # Certificate "ANF Server CA" # Certificate "Thawte Premium Server CA" # Certificate "Thawte Server CA" # Certificate "TC TrustCenter Universal CA III" # Certificate "KEYNECTIS ROOT CA" # Certificate "I.CA - Standard Certification Authority, 09/2009" # Certificate "I.CA - Qualified Certification Authority, 09/2009" # Certificate "VI Registru Centras RCSC (RootCA)" # Certificate "CCA India 2007" # Certificate "Autoridade Certificadora Raiz Brasileira v1" # Certificate "ipsCA Global CA Root" # Certificate "ipsCA Main CA Root" # Certificate "Actalis Authentication CA G1" # Certificate "A-Trust-Qual-03" # Certificate "AddTrust External CA Root" # Certificate "ECRaizEstado" # Certificate "Configuration" # Certificate "FNMT-RCM" # Certificate "StartCom Certification Authority" # Certificate "TWCA Root Certification Authority" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "thawte Primary Root CA - G2" # Certificate "GeoTrust Primary Certification Authority - G2" # Certificate "VeriSign Universal Root Certification Authority" # Certificate "thawte Primary Root CA - G3" # Certificate "GeoTrust Primary Certification Authority - G3" # Certificate "E-ME SSI (RCA)" # Certificate "ACEDICOM Root" # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" # Certificate "Correo Uruguayo - Root CA" # Certificate "CNNIC ROOT" # Certificate "Common Policy" # Certificate "Macao Post eSignTrust Root Certification Authority" # Certificate "Staat der Nederlanden Root CA - G2" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "AC Raíz Certicámara S.A." # Certificate "Cisco Root CA 2048" # Certificate "CA Disig" # Certificate "InfoNotary CSP Root" # Certificate "UCA Global Root" # Certificate "UCA Root" # Certificate "DigiNotar Root CA" # Certificate "Starfield Services Root Certificate Authority" # Certificate "I.CA - Qualified root certificate" # Certificate "I.CA - Standard root certificate" # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" # Certificate "Japanese Government" # Certificate "AdminCA-CD-T01" # Certificate "Admin-Root-CA" # Certificate "Izenpe.com" # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" # Certificate "Halcom CA FO" # Certificate "Halcom CA PO 2" # Certificate "Root CA" # Certificate "GPKIRootCA" # Certificate "ACNLB" # Certificate "state-institutions" # Certificate "state-institutions" # Certificate "SECOM Trust Systems CO.,LTD." # Certificate "D-TRUST Qualified Root CA 1 2007:PN" # Certificate "D-TRUST Root Class 2 CA 2007" # Certificate "D-TRUST Root Class 3 CA 2007" # Certificate "SSC Root CA A" # Certificate "SSC Root CA B" # Certificate "SSC Root CA C" # Certificate "Autoridad de Certificacion de la Abogacia" # Certificate "Root CA Generalitat Valenciana" # Certificate "VAS Latvijas Pasts SSI(RCA)" # Certificate "ANCERT Certificados CGN" # Certificate "ANCERT Certificados Notariales" # Certificate "ANCERT Corporaciones de Derecho Publico" # Certificate "GLOBALTRUST" # Certificate "Certipost E-Trust TOP Root CA" # Certificate "Certipost E-Trust Primary Qualified CA" # Certificate "Certipost E-Trust Primary Normalised CA" # Certificate "GlobalSign" # Certificate "IGC/A" # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN" # Certificate "TC TrustCenter Universal CA I" # Certificate "TC TrustCenter Universal CA II" # Certificate "TC TrustCenter Class 2 CA II" # Certificate "TC TrustCenter Class 4 CA II" # Certificate "Swisscom Root CA 1" # Certificate "Microsec e-Szigno Root CA" # Certificate "LGPKI" # Certificate "AC RAIZ DNIE" # Certificate "Common Policy" # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "A-Trust-nQual-03" # Certificate "A-Trust-nQual-03" # Certificate "CertRSA01" # Certificate "KISA RootCA 1" # Certificate "KISA RootCA 3" # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" # Certificate "A-CERT ADVANCED" # Certificate "A-Trust-Qual-01" # Certificate "A-Trust-nQual-01" # Certificate "A-Trust-Qual-02" # Certificate "Staat der Nederlanden Root CA" # Certificate "Serasa Certificate Authority II" # Certificate "TDC Internet" # Certificate "America Online Root Certification Authority 2" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Government Root Certification Authority" # Certificate "RSA Security Inc" # Certificate "Public Notary Root" # Certificate "GeoTrust Global CA" # Certificate "GeoTrust Global CA 2" # Certificate "GeoTrust Universal CA" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root Certification Authority" # Certificate "Autoridade Certificadora Raiz Brasileira" # Certificate "Post.Trust Root CA" # Certificate "Microsoft Root Authority" # Certificate "Microsoft Root Certificate Authority" # Certificate "Microsoft Root Certificate Authority 2010" # Certificate "Entrust.net Secure Server Certification Authority" # Certificate "UTN-USERFirst-Object" # Certificate "BYTE Root Certification Authority 001" # Certificate "CISRCA1" # Certificate "ePKI Root Certification Authority - G2" # Certificate "ePKI EV SSL Certification Authority - G1" # Certificate "AC Raíz Certicámara S.A." # Certificate "SSL.com EV Root Certification Authority RSA" # Certificate "LuxTrust Global Root 2" # Certificate "ACA ROOT" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" # Certificate "Network Solutions RSA Certificate Authority" # Certificate "Network Solutions ECC Certificate Authority" # Certificate "Australian Defence Public Root CA" # Certificate "SI-TRUST Root" # Certificate "Halcom Root Certificate Authority" # Certificate "Application CA G3 Root" # Certificate "GLOBALTRUST 2015" # Certificate "Microsoft ECC Product Root Certificate Authority 2018" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2" # Certificate "Microsoft ECC TS Root Certificate Authority 2018" # Certificate "DigiCert CS ECC P384 Root G5" # Certificate "DigiCert CS RSA4096 Root G5" # Certificate "DigiCert RSA4096 Root G5" # Certificate "DigiCert ECC P384 Root G5" # Certificate "HARICA Code Signing RSA Root CA 2021" # Certificate "HARICA Code Signing ECC Root CA 2021" # Certificate "Microsoft Identity Verification Root Certificate Authority 2020"	2022-07-15 10:08:43 -07:00
Fedora Release Engineering	421e34b661	- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-01-19 22:46:28 +00:00
Bob Relyea	662998d9d7	Update to CKBI 2.52 from NSS 3.72 Adding: # Certificate "TunTrust Root CA" # Certificate "HARICA TLS RSA Root CA 2021" # Certificate "HARICA TLS ECC Root CA 2021" # Certificate "HARICA Client RSA Root CA 2021" # Certificate "HARICA Client ECC Root CA 2021"	2021-12-13 09:07:38 -08:00
Bob Relyea	1c8b67fb5a	Resolves: rhbz#1053883 rhbz#1396811 Add debian compatible certificate trust hash directory and links for less aware packages.	2021-12-06 15:49:38 -08:00
Bob Relyea	40ecfc5f64	remove blacklist directory now that pk11-kit is using blocklist	2021-11-01 16:45:20 -07:00
Fedora Release Engineering	dff1c3cf33	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 19:02:20 +00:00
Fedora Release Engineering	ea71242686	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 14:05:01 +00:00
Bob Relyea	6d222498e8	Update to CKBI 2.50 from NSS 3.67 Removing: # Certificate "Trustis FPS Root CA" # Certificate "GlobalSign Code Signing Root R45" # Certificate "GlobalSign Code Signing Root E45" # Certificate "Halcom Root Certificate Authority" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "GLOBALTRUST" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Verizon Global Root CA" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "CAEDICOM Root" # Certificate "COMODO Certification Authority" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "AC RAIZ DNIE" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Certificate "VeriSign Universal Root Certification Authority" # Certificate "GeoTrust Global CA" # Certificate "GeoTrust Primary Certification Authority" # Certificate "thawte Primary Root CA" # Certificate "thawte Primary Root CA - G2" # Certificate "thawte Primary Root CA - G3" # Certificate "GeoTrust Primary Certification Authority - G3" # Certificate "GeoTrust Primary Certification Authority - G2" # Certificate "GeoTrust Universal CA" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "GLOBALTRUST 2015" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2" Adding: # Certificate "GLOBALTRUST 2020" # Certificate "ANF Secure Server Root CA"	2021-06-16 13:32:35 -07:00
Bob Relyea	c4c1a32e95	Add code to pull in object signing certs from Common CA Database (ccadb.org). Fix the updated merge scripts to handle this. Prune Expired certificates from certdata.txt and the object signing cert list Update to CKBI 2.48 from NSS 3.64 Removing: # Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root CA" # Certificate "Sonera Class 2 Root CA" # Certificate "Taiwan GRCA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "EE Certification Centre Root CA" # Certificate "LuxTrust Global Root 2" # Certificate "Symantec Class 1 Public Primary Certification Authority - G4" # Certificate "Symantec Class 2 Public Primary Certification Authority - G4" Adding: # Certificate "Microsoft ECC Root Certificate Authority 2017" # Certificate "Microsoft RSA Root Certificate Authority 2017" # Certificate "e-Szigno Root CA 2017" # Certificate "certSIGN Root CA G2" # Certificate "Trustwave Global Certification Authority" # Certificate "Trustwave Global ECC P256 Certification Authority" # Certificate "Trustwave Global ECC P384 Certification Authority" # Certificate "NAVER Global Root Certification Authority" # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" # Certificate "GlobalSign Secure Mail Root R45" # Certificate "GlobalSign Secure Mail Root E45" # Certificate "GlobalSign Root R46" # Certificate "GlobalSign Root E46" # Certificate "Certum EC-384 CA" # Certificate "Certum Trusted Root CA" # Certificate "GlobalSign Code Signing Root R45" # Certificate "GlobalSign Code Signing Root E45" # Certificate "Halcom Root Certificate Authority" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "GLOBALTRUST" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Verizon Global Root CA" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "CAEDICOM Root" # Certificate "COMODO Certification Authority" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "AC RAIZ DNIE" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "GLOBALTRUST 2015" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2"	2021-05-25 16:48:57 -07:00
Bob Relyea	6d164aedd7	Update tools to pick up code signing certs from the Common CA Database: https://www.ccadb.org/resources Our normal root certs come from mozilla, but mozilla does not evaluate code signing. Currently code signing is only used my Microsoft .net, so we need to get code signing certs from Microsoft's code signing list. The certs in this list will only show up in the code signing lists or in the general list with only code signing set.	2021-05-24 10:49:58 -07:00
Bob Relyea	17e75b4e10	change master to rawhide in fetch.sh to match fedora's new tree arragement.	2021-03-26 15:45:22 -07:00
Fedora Release Engineering	0fa62ae95f	- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-01-26 01:32:44 +00:00
Bob Relyea	05fc0ccfd2	remove unnecessarily divisive terms, take 1. in ca-certificates there are 3 cases: 1) master refering to the fedora master branch in the fetch.sh script. This can only be changed once fedora changes the master branch name. 2) a reference to the 'master bundle' in this file: this has been changed to 'primary bundle'. 3) a couple of blacklist directories owned by this package, but used to p11-kit. New 'blocklist' directories have been created, but p11-kit needs to be updated before the old blacklist directories can be removed and the man pages corrected.	2021-01-12 13:50:47 -08:00
Christian Heimes	9bd23da27f	Add cross-distro compatibility symlinks The directory /etc/ssl now contains symlinks to cert.pem bundle, openssl.cnf, and ct_log_list.cnf to provide better cross-distribution compatibility. Resolves: rhbz#1895619	2020-11-10 10:59:19 +01:00

1 2 3 4

190 commits