Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3.0' into bump_version_3.0.6

Browse Source
This commit is contained in:
Dirk Wetter 2021-10-02 22:21:36 +02:00 committed by GitHub
commit 1732e9c919
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 1040 additions and 922 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/codespell.yml vendored Normal file
View File

@ -0,0 +1,13 @@
---
name: Codespell
on: [push, pull_request]
jobs:
codespell:
name: Check for spelling errors
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: codespell-project/actions-codespell@master
with:
skip: ca_hashes.txt,tls_data.txt,*.pem,OPENSSL-LICENSE.txt
ignore_words_list: borken,gost,ciph,ba,bloc,isnt,chello,fo,alle,nmake

62
.github/workflows/docker-3.0.yml vendored Normal file
View File

@ -0,0 +1,62 @@
name: docker-3.0
on:
push:
branches:
- 3.0
workflow_dispatch:
schedule:
- cron: "0 8 * * 1"
env:
BUILD_VERSION: "3.0"
DOCKER_CLI_EXPERIMENTAL: enabled
jobs:
deploy:
runs-on: ubuntu-20.04
steps:
- name: Source checkout
uses: actions/checkout@v2.3.4
- name: Setup QEMU
id: qemu
uses: docker/setup-qemu-action@v1.2.0
- name: Setup Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Set Docker metadata
id: docker_meta
uses: docker/metadata-action@v3
with:
images: ${{ github.repository }}
labels: |
org.opencontainers.image.version=${{ env.BUILD_VERSION }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.title=${{ github.repository }}
- name: GitHub login
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v2.6.1
with:
push: ${{ github.event_name != 'pull_request' }}
context: .
file: Dockerfile.git
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le
build-args: BUILD_VERSION
cache-from: type=gha, scope=${{ github.workflow }}
cache-to: type=gha, scope=${{ github.workflow }}
labels: ${{ steps.docker_meta.outputs.labels }}
tags: |
ghcr.io/${{ github.repository }}:${{ env.BUILD_VERSION }}

26
CHANGELOG.md
View File

@ -16,7 +16,7 @@
* Socket timeouts (``--connect-timeout``)
* IDN/IDN2 servername/URI + emoji support, supposed libidn/idn2 is installed and DNS resolver is recent) support
* Initial support for certificate compression
* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certficate
* Better JSON output: renamed IDs and findings shorter/better parsable, also includes certificate
* JSON output now valid also for non-responding servers
* Testing now per default 370 ciphers
* Further improving the robustness of TLS sockets (sending and parsing)
@ -61,7 +61,7 @@
* Way better coverage of ciphers as most checks are done via bash sockets where ever possible
* Further tests via TLS sockets and improvements (handshake parsing, completeness, robustness)
* Testing 359 default ciphers (``testssl.sh -e/-E``) with a mixture of sockets and openssl. Same speed as with openssl only but addtional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
* Testing 359 default ciphers (``testssl.sh -e/-E``) with a mixture of sockets and openssl. Same speed as with openssl only but additional ciphers such as post-quantum ciphers, new CHAHA20/POLY1305, CamelliaGCM etc.
* TLS 1.2 protocol check via sockets in production
* Finding more TLS extensions via sockets
* TLS Supported Groups Registry (RFC 7919), key shares extension
@ -105,7 +105,7 @@
* Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
* Considerable speed improvements for each cipher runs (-e/-E)
* More robust SSLv2 + TLS socket interface
* seperate check for curves
* separate check for curves
* OpenSSL 1.1.0 compliant
* check for DROWN
* Whole number of bugs squashed
@ -124,7 +124,7 @@
* (HTTP) proxy support! Also with sockets -- thx @jnewbigin
* Extended validation certificate detection
* Run in default mode through all ciphers at the end of a default run
* will test multiple IP adresses of one supplied server name in one shot, --ip= restricts it accordingly
* will test multiple IP addresses of one supplied server name in one shot, --ip= restricts it accordingly
* new mass testing file option --file option where testssl.sh commands are being read from, see https://twitter.com/drwetter/status/627619848344989696
* TLS time and HTTP time stamps
* TLS time displayed also for STARTTLS protocols
@ -193,10 +193,10 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
- IPv6 display fix
1.111
- NEW: tested unter FreeBSD (works with exception of xxd in CCS)
- NEW: tested under FreeBSD (works with exception of xxd in CCS)
- getent now works under Linux and FreeBSD
- sed -i in hsts sacrificed for compatibility
- reomved query for IP for finishing banner, is now called once in parse_hn_port
- removed query for IP for finishing banner, is now called once in parse_hn_port
- GOST warning after banner
- empty build date is not displayed anymore
- long build date strings minimized
@ -286,7 +286,7 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
1.91
- replaced most lcyan to brown (=not really bad but somehow)
- empty server string better displayed
- prefered CBC TLS 1.2 cipher is now brown (lucky13)
- preferred CBC TLS 1.2 cipher is now brown (lucky13)
1.90
- fix for netweaver banner (server is lowercase)
@ -295,7 +295,7 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
1.89
- reordered! : protocols + cipher come first
- colorized prefered server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
- colorized preferred server preference (e.g. CBC+RC4 is light red now, TLSv1.2 green)
- SSLv3 is now light cyan
- NEW: -P|--preference now in help menu
- light cyan is more appropriate than red for HSTS
@ -330,10 +330,10 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
- headline of -V / PFS+RC4 ciphers unified
1.82
- NEW: output for -V now better (bits seperate, spacing improved)
- NEW: output for -V now better (bits separate, spacing improved)
1.81
- output for RC4+PFS now better (with headline, bits seperate, spacing improved)
- output for RC4+PFS now better (with headline, bits separate, spacing improved)
- both also sorted by encr. strength .. umm ..err bits!
1.80
@ -358,7 +358,7 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
- removed legacy code (PROD_REL var)
1.76
- bash was gone!! desaster for Ubuntu, fixed
- bash was gone!! disaster for Ubuntu, fixed
- starttls+rc4 check: bottom line was wrong
- starttls had too much output (certificate) at first a/v check
@ -454,7 +454,7 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
* NOPARANOID flag tells whether medium grade ciphers are ok. NOW they are (=<1.17 was paranoid)
1.17
* SSL tests now for renegotiation vulnerabilty!
* SSL tests now for renegotiation vulnerability!
* version detection of testssl.sh
* program has a banner
* fixed bug leading to a file named "1"
@ -480,7 +480,7 @@ Full changelog @ https://github.com/drwetter/testssl.sh/commits/2.2/testssl.sh
* as a courtesy I am providing 64+32 Linux binaries for testing 56 Bit ciphers
1.11
* Hint for howto enable 56 Bit ciphers fpr testing
* Hint for howto enable 56 Bit ciphers for testing
* possible to specify where openssl is (hardcoded, $ENV, last resort: auto)
* warns if netcat is not there

24
Dockerfile.git Normal file
View File

@ -0,0 +1,24 @@
# Build using git repo
FROM alpine:3.14
WORKDIR /home/testssl
ARG BUILD_VERSION
ARG ARCHIVE_URL=https://github.com/drwetter/testssl.sh/archive/
ARG URL=https://github.com/drwetter/testssl.sh.git
RUN test -n "${BUILD_VERSION}" \
&& apk update \
&& apk add --no-cache bash procps drill git coreutils libidn curl socat openssl xxd \
&& git clone --depth 1 --branch ${BUILD_VERSION} $URL /home/testssl \
&& addgroup testssl \
&& adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \
&& ln -s /home/testssl/testssl.sh /usr/local/bin/ \
&& mkdir -m 755 -p /home/testssl/etc /home/testssl/bin
USER testssl
ENTRYPOINT ["testssl.sh"]
CMD ["--help"]

5
Readme.md
View File

@ -1,7 +1,7 @@
## Intro
[![Build Status](https://travis-ci.org/drwetter/testssl.sh.svg?branch=master)](https://travis-ci.org/drwetter/testssl.sh)
[![Build Status](https://github.com/drwetter/testssl.sh/actions/workflows/test.yml/badge.svg)](https://github.com/drwetter/testssl.sh/actions/workflows/test.yml)
[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/drwetter/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
`testssl.sh` is a free command line tool which checks a server's service on
@ -13,7 +13,7 @@ cryptographic flaws.
* Clear output: you can tell easily whether anything is good or bad.
* Machine readable output.
* No installation needed: Linux, OSX/Darwin, FreeBSD, NetBSD, MSYS2/Cygwin, WSL work out of the box. Only OpenBSD needs bash. No need to install or to configure something. No gems, CPAN, pip or the like.
* A Dockerfile is provided, there's also an offical container @ dockerhub.
* A Dockerfile is provided, there's also an official container @ dockerhub.
* Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not only web servers at port 443.
* Toolbox: Several command line options help you to run *your* test and configure *your* output.
* Reliability: features are tested thoroughly.
@ -49,6 +49,7 @@ You can download testssl.sh by cloning this git repository:
git clone --depth 1 https://github.com/drwetter/testssl.sh.git --branch 3.0
For the stable version help yourself by downloading the [ZIP](https://codeload.github.com/drwetter/testssl.sh/zip/3.0.6) or the lastest testssl-3.0.X.tar.gz from [https://testssl.sh](https://testssl.sh/) archive. Just ``cd`` to the directory created (=INSTALLDIR) and run it off there.
#### Docker

8
doc/testssl.1
View File

@ -122,7 +122,7 @@ Please note that \fBfname\fR has to be in Unix format\. DOS carriage returns won
\fB\-\-mode <serial|parallel>\fR\. Mass testing to be done serial (default) or parallel (\fB\-\-parallel\fR is shortcut for the latter, \fB\-\-serial\fR is the opposite option)\. Per default mass testing is being run in serial mode, i\.e\. one line after the other is processed and invoked\. The variable \fBMASS_TESTING_MODE\fR can be defined to be either equal \fBserial\fR or \fBparallel\fR\.
.
.P
\fB\-\-warnings <batch|off>\fR\. The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are two options\. \fBbatch\fR doesn\'t wait for a confirming keypress when a client\- or server\-side probem is encountered\. As of 3\.0 it just then terminates the particular scan\. This is automatically chosen for mass testing (\fB\-\-file\fR)\. \fBoff\fR just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not\. Please note that there are conflicts where testssl\.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results\. Almost any other decision will be made in the future as a best guess by testssl\.sh\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\.
\fB\-\-warnings <batch|off>\fR\. The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are two options\. \fBbatch\fR doesn\'t wait for a confirming keypress when a client\- or server\-side problem is encountered\. As of 3\.0 it just then terminates the particular scan\. This is automatically chosen for mass testing (\fB\-\-file\fR)\. \fBoff\fR just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not\. Please note that there are conflicts where testssl\.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results\. Almost any other decision will be made in the future as a best guess by testssl\.sh\. The same can be achieved by setting the environment variable \fBWARNINGS\fR\.
.
.P
\fB\-\-connect\-timeout <seconds>\fR This is useful for socket TCP connections to a node\. If the node does not complete a TCP handshake (e\.g\. because it is down or behind a firewall or there\'s an IDS or a tarpit) testssl\.sh may usually hang for around 2 minutes or even much more\. This parameter instructs testssl\.sh to wait at most \fBseconds\fR for the handshake to complete before giving up\. This option only works if your OS has a timeout binary installed\. CONNECT_TIMEOUT is the corresponding environment variable\.
@ -188,7 +188,7 @@ Any single check switch supplied as an argument prevents testssl\.sh from doing
\fB\-E, \-\-cipher\-per\-proto\fR is similar to \fB\-e, \-\-each\-cipher\fR\. It checks each of the possible ciphers, here: per protocol\. If you want to display each cipher tested you need to add \fB\-\-show\-each\fR\. The output is sorted by security strength, it lists the encryption bits though\.
.
.P
\fB\-s, \-\-std, \-\-standard\fR tests certain lists of cipher suites by strength\. Those lists are (\fBopenssl ciphers $LIST\fR, $LIST from below:)
\fB\-s, \-\-std, \-\-standard\fR tests certain lists of cipher suites / cipher categories by strength\. Those lists are (\fBopenssl ciphers $LIST\fR, $LIST from below:)
.
.IP "\(bu" 4
\fBNULL encryption ciphers\fR: \'NULL:eNULL\'
@ -335,7 +335,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, Expect\-CT,\.\.\. , CSP
\fB\-g, \-\-grease\fR checks several server implementation bugs like tolerance to size limitations and GREASE, see https://www\.ietf\.org/archive/id/draft\-ietf\-tls\-grease\-01\.txt \. This checks doesn\'t run per default\.
.
.SS "VULNERABILITIES"
\fB\-U, \-\-vulnerable, \-\-vulnerabilities\fR Just tests all (of the following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
\fB\-U, \-\-vulnerable, \-\-vulnerabilities\fR Just tests all (of the following) vulnerabilities\. The environment variable \fBVULN_THRESHLD\fR determines after which value a separate headline for each vulnerability is being displayed\. Default is \fB1\fR which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed \-\- in addition to the vulnerability and the result\. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result\. A vulnerability section is comprised of more than one check, e\.g\. the renegotiation vulnerability check has two checks, so has Logjam\.
.
.P
\fB\-H, \-\-heartbleed\fR Checks for Heartbleed, a memory leakage in openssl\. Unless the server side doesn\'t support the heartbeat extension it is likely that this check runs into a timeout\. The seconds to wait for a reply can be adjusted with \fBHEARTBLEED_MAX_WAITSOCK\fR\. 8 is the default\.
@ -622,7 +622,7 @@ MAX_SOCKET_FAIL: A number which tells testssl\.sh how often a TCP socket connect
MAX_OSSL_FAIL: A number which tells testssl\.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates\. The default is 2\. You can increase it to a higher value if you frequently see a message like \fIFatal error: repeated TCP connect problems, giving up\fR\.
.
.IP "\(bu" 4
MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\. Also here you can incerase the threshold when you spot messages like \fIFatal error: repeated HTTP header connect problems, doesn\'t make sense to continue\fR\.
MAX_HEADER_FAIL: A number which tells testssl\.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates\. The default is 3\. Also here you can increase the threshold when you spot messages like \fIFatal error: repeated HTTP header connect problems, doesn\'t make sense to continue\fR\.
.
.IP "" 0
.

8
doc/testssl.1.html
View File

@ -178,7 +178,7 @@ host.example.com:631
<p><code>--mode &lt;serial|parallel></code>. Mass testing to be done serial (default) or parallel (<code>--parallel</code> is shortcut for the latter, <code>--serial</code> is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable <code>MASS_TESTING_MODE</code> can be defined to be either equal <code>serial</code> or <code>parallel</code>.</p>
<p><code>--warnings &lt;batch|off></code>. The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are two options. <code>batch</code> doesn't wait for a confirming keypress when a client- or server-side probem is encountered. As of 3.0 it just then terminates the particular scan. This is automatically chosen for mass testing (<code>--file</code>). <code>off</code> just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not. Please note that there are conflicts where testssl.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results. Almost any other decision will be made in the future as a best guess by testssl.sh.
<p><code>--warnings &lt;batch|off></code>. The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are two options. <code>batch</code> doesn't wait for a confirming keypress when a client- or server-side problem is encountered. As of 3.0 it just then terminates the particular scan. This is automatically chosen for mass testing (<code>--file</code>). <code>off</code> just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not. Please note that there are conflicts where testssl.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results. Almost any other decision will be made in the future as a best guess by testssl.sh.
The same can be achieved by setting the environment variable <code>WARNINGS</code>.</p>
<p><code>--connect-timeout &lt;seconds></code> This is useful for socket TCP connections to a node. If the node does not complete a TCP handshake (e.g. because it is down or behind a firewall or there's an IDS or a tarpit) testssl.sh may usually hang for around 2 minutes or even much more. This parameter instructs testssl.sh to wait at most <code>seconds</code> for the handshake to complete before giving up. This option only works if your OS has a timeout binary installed. CONNECT_TIMEOUT is the corresponding environment variable.</p>
@ -231,7 +231,7 @@ ADDITIONAL_CA_FILES is the environment variable for this.</p>
<p><code>-E, --cipher-per-proto</code> is similar to <code>-e, --each-cipher</code>. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add <code>--show-each</code>. The output is sorted by security strength, it lists the encryption bits though.</p>
<p><code>-s, --std, --standard</code> tests certain lists of cipher suites by strength. Those lists are (<code>openssl ciphers $LIST</code>, $LIST from below:)</p>
<p><code>-s, --std, --standard</code> tests certain lists of cipher suites / cipher categories by strength. Those lists are (<code>openssl ciphers $LIST</code>, $LIST from below:)</p>
<ul>
<li><code>NULL encryption ciphers</code>: 'NULL:eNULL'</li>
@ -307,7 +307,7 @@ Also for multiple server certificates are being checked for as well as for the c
<h3 id="VULNERABILITIES">VULNERABILITIES</h3>
<p><code>-U, --vulnerable, --vulnerabilities</code> Just tests all (of the following) vulnerabilities. The environment variable <code>VULN_THRESHLD</code> determines after which value a separate headline for each vulnerability is being displayed. Default is <code>1</code> which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.</p>
<p><code>-U, --vulnerable, --vulnerabilities</code> Just tests all (of the following) vulnerabilities. The environment variable <code>VULN_THRESHLD</code> determines after which value a separate headline for each vulnerability is being displayed. Default is <code>1</code> which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.</p>
<p><code>-H, --heartbleed</code> Checks for Heartbleed, a memory leakage in openssl. Unless the server side doesn't support the heartbeat extension it is likely that this check runs into a timeout. The seconds to wait for a reply can be adjusted with <code>HEARTBLEED_MAX_WAITSOCK</code>. 8 is the default.</p>
@ -471,7 +471,7 @@ Also for multiple server certificates are being checked for as well as for the c
<li>CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use <code>~/utils/create_ca_hashes.sh</code> to create the hashes for HPKP.</li>
<li>MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <em>Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue</em>.</li>
<li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like <em>Fatal error: repeated TCP connect problems, giving up</em>.</li>
<li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can incerase the threshold when you spot messages like <em>Fatal error: repeated HTTP header connect problems, doesn't make sense to continue</em>.</li>
<li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like <em>Fatal error: repeated HTTP header connect problems, doesn't make sense to continue</em>.</li>
</ul>

8
doc/testssl.1.md
View File

@ -98,7 +98,7 @@ Please note that `fname` has to be in Unix format. DOS carriage returns won't be
`--mode <serial|parallel>`. Mass testing to be done serial (default) or parallel (`--parallel` is shortcut for the latter, `--serial` is the opposite option). Per default mass testing is being run in serial mode, i.e. one line after the other is processed and invoked. The variable `MASS_TESTING_MODE` can be defined to be either equal `serial` or `parallel`.
`--warnings <batch|off>`. The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are two options. `batch` doesn't wait for a confirming keypress when a client- or server-side probem is encountered. As of 3.0 it just then terminates the particular scan. This is automatically chosen for mass testing (`--file`). `off` just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not. Please note that there are conflicts where testssl.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results. Almost any other decision will be made in the future as a best guess by testssl.sh.
`--warnings <batch|off>`. The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are two options. `batch` doesn't wait for a confirming keypress when a client- or server-side problem is encountered. As of 3.0 it just then terminates the particular scan. This is automatically chosen for mass testing (`--file`). `off` just skips the warning, the confirmation but continues the scan, independent whether it makes sense or not. Please note that there are conflicts where testssl.sh will still ask for confirmation which are the ones which otherwise would have a drastic impact on the results. Almost any other decision will be made in the future as a best guess by testssl.sh.
The same can be achieved by setting the environment variable `WARNINGS`.
`--connect-timeout <seconds>` This is useful for socket TCP connections to a node. If the node does not complete a TCP handshake (e.g. because it is down or behind a firewall or there's an IDS or a tarpit) testssl.sh may usually hang for around 2 minutes or even much more. This parameter instructs testssl.sh to wait at most `seconds` for the handshake to complete before giving up. This option only works if your OS has a timeout binary installed. CONNECT_TIMEOUT is the corresponding environment variable.
@ -154,7 +154,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
`-E, --cipher-per-proto` is similar to `-e, --each-cipher`. It checks each of the possible ciphers, here: per protocol. If you want to display each cipher tested you need to add `--show-each`. The output is sorted by security strength, it lists the encryption bits though.
`-s, --std, --standard` tests certain lists of cipher suites by strength. Those lists are (`openssl ciphers $LIST`, $LIST from below:)
`-s, --std, --standard` tests certain lists of cipher suites / cipher categories by strength. Those lists are (`openssl ciphers $LIST`, $LIST from below:)
* `NULL encryption ciphers`: 'NULL:eNULL'
* `Anonymous NULL ciphers`: 'aNULL:ADH'
@ -219,7 +219,7 @@ Also for multiple server certificates are being checked for as well as for the c
### VULNERABILITIES
`-U, --vulnerable, --vulnerabilities` Just tests all (of the following) vulnerabilities. The environment variable `VULN_THRESHLD` determines after which value a separate headline for each vulnerability is being displayed. Default is `1` which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerabilty and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.
`-U, --vulnerable, --vulnerabilities` Just tests all (of the following) vulnerabilities. The environment variable `VULN_THRESHLD` determines after which value a separate headline for each vulnerability is being displayed. Default is `1` which means if you check for two vulnerabilities, only the general headline for vulnerabilities section is displayed -- in addition to the vulnerability and the result. Otherwise each vulnerability or vulnerability section gets its own headline in addition to the output of the name of the vulnerability and test result. A vulnerability section is comprised of more than one check, e.g. the renegotiation vulnerability check has two checks, so has Logjam.
`-H, --heartbleed` Checks for Heartbleed, a memory leakage in openssl. Unless the server side doesn't support the heartbeat extension it is likely that this check runs into a timeout. The seconds to wait for a reply can be adjusted with `HEARTBLEED_MAX_WAITSOCK`. 8 is the default.
@ -381,7 +381,7 @@ Except the environment variables mentioned above which can replace command line
* CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use `~/utils/create_ca_hashes.sh` to create the hashes for HPKP.
* MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like *Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue*.
* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like *Fatal error: repeated TCP connect problems, giving up*.
* MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can incerase the threshold when you spot messages like *Fatal error: repeated HTTP header connect problems, doesn't make sense to continue*.
* MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like *Fatal error: repeated HTTP header connect problems, doesn't make sense to continue*.

20
etc/Apple.pem
View File

@ -2280,26 +2280,6 @@ GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv
8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4

20
etc/Java.pem
View File

@ -1253,26 +1253,6 @@ mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu
VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN

20
etc/Linux.pem
View File

@ -905,26 +905,6 @@ r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF
MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD
bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha

20
etc/Microsoft.pem
View File

@ -9905,26 +9905,6 @@ U0bLmZwlsv7bdEIKXcFyS3VDwNTwbcoD3sSj6pBf4tZx0cISNKHk08C494kE5zcw
ttw7jiHw4s6D0+xIYKf/civ+gURHVgWU
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd
MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg
Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow

687
etc/Mozilla.pem
View File

@ -1,7 +1,7 @@
##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Wed Oct 14 03:12:15 2020 GMT
## Certificate data from Mozilla as of: Thu Sep 30 03:12:05 2021 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
@ -14,7 +14,7 @@
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.28.
## SHA256: a831d3bc63ba1f65478afe28038742b7150c0c2efd243ac342b64792a75d2038
## SHA256: c8f6733d1ff4e6a4769c182971a1234f95ae079247a9c439a13423fe8ba5c24f
##
@ -132,87 +132,6 @@ W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
-----END CERTIFICATE-----
GeoTrust Global CA
==================
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw
MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo
BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet
8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc
T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU
vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD
AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk
DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q
zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4
d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2
mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p
XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
Mw==
-----END CERTIFICATE-----
GeoTrust Universal CA
=====================
-----BEGIN CERTIFICATE-----
MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1
MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu
Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t
JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e
RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs
7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d
8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V
qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga
Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB
Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu
KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08
ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0
XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2
qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL
oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK
xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF
KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2
DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK
xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU
p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI
P/rmMuGNG2+k5o7Y+SlIis5z/iw=
-----END CERTIFICATE-----
GeoTrust Universal CA 2
=======================
-----BEGIN CERTIFICATE-----
MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0
MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0
DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17
j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q
JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a
QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2
WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP
20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn
ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC
SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG
8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2
+/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ
4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+
mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq
A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg
Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP
pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d
FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp
gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm
X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
-----END CERTIFICATE-----
Comodo AAA Services root
========================
-----BEGIN CERTIFICATE-----
@ -237,38 +156,6 @@ Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
QuoVadis Root CA
================
-----BEGIN CERTIFICATE-----
MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE
ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz
MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD
EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk
J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL
F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL
YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen
AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w
PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7
MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj
YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW
Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu
BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw
FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6
tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo
fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul
LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x
gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi
5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi
5nrQNiOKSnQ2+Q==
-----END CERTIFICATE-----
QuoVadis Root CA 2
==================
-----BEGIN CERTIFICATE-----
@ -356,26 +243,6 @@ s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
FL39vmwLAw==
-----END CERTIFICATE-----
Sonera Class 2 Root CA
======================
-----BEGIN CERTIFICATE-----
MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG
U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw
NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh
IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3
/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT
dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG
f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P
tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH
nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT
XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt
0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI
cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph
Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx
EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
llpwrN9M
-----END CERTIFICATE-----
XRamp Global CA Root
====================
-----BEGIN CERTIFICATE-----
@ -514,26 +381,6 @@ mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
-----END CERTIFICATE-----
DST Root CA X3
==============
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
SwissSign Gold CA - G2
======================
-----BEGIN CERTIFICATE-----
@ -596,78 +443,6 @@ DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
-----END CERTIFICATE-----
GeoTrust Primary Certification Authority
========================================
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
-----END CERTIFICATE-----
thawte Primary Root CA
======================
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
-----END CERTIFICATE-----
VeriSign Class 3 Public Primary Certification Authority - G5
============================================================
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
-----END CERTIFICATE-----
SecureTrust CA
==============
-----BEGIN CERTIFICATE-----
@ -871,136 +646,6 @@ vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
-----END CERTIFICATE-----
GeoTrust Primary Certification Authority - G3
=============================================
-----BEGIN CERTIFICATE-----
MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
-----END CERTIFICATE-----
thawte Primary Root CA - G2
===========================
-----BEGIN CERTIFICATE-----
MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
-----END CERTIFICATE-----
thawte Primary Root CA - G3
===========================
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
+BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
-----END CERTIFICATE-----
GeoTrust Primary Certification Authority - G2
=============================================
-----BEGIN CERTIFICATE-----
MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
npaqBA+K
-----END CERTIFICATE-----
VeriSign Universal Root Certification Authority
===============================================
-----BEGIN CERTIFICATE-----
MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
mJO37M2CYfE45k+XmCpajQ==
-----END CERTIFICATE-----
VeriSign Class 3 Public Primary Certification Authority - G4
============================================================
-----BEGIN CERTIFICATE-----
MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
-----END CERTIFICATE-----
NetLock Arany (Class Gold) Főtanúsítvány
========================================
-----BEGIN CERTIFICATE-----
@ -1176,82 +821,6 @@ Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
-----END CERTIFICATE-----
Chambers of Commerce Root - 2008
================================
-----BEGIN CERTIFICATE-----
MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
-----END CERTIFICATE-----
Global Chambersign Root - 2008
==============================
-----BEGIN CERTIFICATE-----
MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
-----END CERTIFICATE-----
Go Daddy Root Certificate Authority - G2
========================================
-----BEGIN CERTIFICATE-----
@ -1553,27 +1122,6 @@ OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
-----END CERTIFICATE-----
Trustis FPS Root CA
===================
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG
EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290
IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV
BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ
RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk
H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa
cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt
o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA
AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd
BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c
GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC
yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P
8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV
l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl
iB6XzCGcKQENZetX2fNXlrtIzYE=
-----END CERTIFICATE-----
Buypass Class 2 Root CA
=======================
-----BEGIN CERTIFICATE-----
@ -2218,36 +1766,6 @@ uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
-----END CERTIFICATE-----
Staat der Nederlanden Root CA - G3
==================================
-----BEGIN CERTIFICATE-----
MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC
TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y
olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t
x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy
EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K
Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur
mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5
1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp
07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo
FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE
41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB
AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu
yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq
KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1
v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA
8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b
8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r
mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq
1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI
JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV
tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=
-----END CERTIFICATE-----
Staat der Nederlanden EV Root CA
================================
-----BEGIN CERTIFICATE-----
@ -3433,3 +2951,204 @@ HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn
ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl
CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw==
-----END CERTIFICATE-----
NAVER Global Root Certification Authority
=========================================
-----BEGIN CERTIFICATE-----
MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG
A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD
DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4
NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT
UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb
UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW
+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7
XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2
aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4
Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z
VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B
A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy
YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV
HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK
21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB
jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx
hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg
E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH
D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ
A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY
qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
kpzNNIaRkPpkUZ3+/uul9XXeifdy
-----END CERTIFICATE-----
AC RAIZ FNMT-RCM SERVIDORES SEGUROS
===================================
-----BEGIN CERTIFICATE-----
MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF
UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy
NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4
MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB
QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2
LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG
SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD
zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c=
-----END CERTIFICATE-----
GlobalSign Root R46
===================
-----BEGIN CERTIFICATE-----
MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV
BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv
b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX
BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es
CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/
r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje
2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt
bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj
K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4
12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on
ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls
eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9
vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD
VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM
BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy
gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92
CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm
OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq
JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye
qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz
nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7
DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3
QEUxeCp6
-----END CERTIFICATE-----
GlobalSign Root E46
===================
-----BEGIN CERTIFICATE-----
MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT
AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg
RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV
BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq
hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB
jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj
QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL
gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk
vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
CAezNIm8BZ/3Hobui3A=
-----END CERTIFICATE-----
GLOBALTRUST 2020
================
-----BEGIN CERTIFICATE-----
MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx
IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT
VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh
BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy
MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi
D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO
VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM
CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm
fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA
A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR
JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG
DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU
clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ
mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud
IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA
VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw
4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9
iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS
8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2
HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS
vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918
oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF
YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl
gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==
-----END CERTIFICATE-----
ANF Secure Server Root CA
=========================
-----BEGIN CERTIFICATE-----
MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4
NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv
bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg
Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw
MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw
EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz
BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv
T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv
B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse
zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM
VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j
7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z
JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe
8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO
Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj
o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E
BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ
UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx
j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt
dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM
5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb
5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54
EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H
hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy
g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3
r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw=
-----END CERTIFICATE-----
Certum EC-384 CA
================
-----BEGIN CERTIFICATE-----
MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ
TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2
MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh
dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx
GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq
vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn
iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo
ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0
QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k=
-----END CERTIFICATE-----
Certum Trusted Root CA
======================
-----BEGIN CERTIFICATE-----
MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG
EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY
QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p
fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52
HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2
fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt
g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4
NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk
fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ
P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY
njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK
HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1
vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL
LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s
ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K
h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8
CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo
WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj
6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT
OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck
bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb
-----END CERTIFICATE-----

498
etc/ca_hashes.txt
View File

@ -1,3 +1,15 @@
++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI= subject=C = US, O = Amazon, CN = Amazon Root CA 1
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= subject=C = BE, CN = Belgium Root CA2
+sld48JKF0GUgAz/qjylHXEWYwZkqbYMh1i07w3Fj4g= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-nQual-03, CN = A-Trust-nQual-03
+vpvUuZnrn0+F0B/SfWFynBc1Vl/WFDP/fpk2muz0Ms= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Client Authentication Root E45
/1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY= subject=C = US, O = Equifax, OU = Equifax Secure Certificate Authority
/AKkni4ejkiMopEhNVcswvjnG7Di8oWWs3IimfXLnGI= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Time Stamp Root Certificate Authority 2014
/Tcb6pdV/2DIgoyEm45SFd5TLWGwCYVfoK1jDZDu+C4= subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GC CA
/YctF2YX5QwmYRnQ/bBHsHMtogSLEhr3uYYMo+Ly8r4= subject=C = CO, O = Sociedad Cameral de Certificaci\C3\B3n Digital - Certic\C3\A1mara S.A., CN = AC Ra\C3\ADz Certic\C3\A1mara S.A.
/eiZml5CcxmDXImhfWSi3NE6hRwJFsTFR7bY96ZDfZQ= subject=C = ZA, ST = Gauteng, L = Johannesburg, O = TrustFactory(Pty)Ltd, OU = TrustFactory PKI Operations, CN = TrustFactory SSL Root Certificate Authority
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1
/uivkpF1aH9GOKP8mD247NDl4qg+c38/t3tMIvy6wKY= subject=C = AT, O = e-commerce monitoring GmbH, CN = GLOBALTRUST 2020
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
04lRnjNdzOBl/GE7TR+IOd/8Cpt/QpnEwpl8TurTL5I= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Client Authentication Root R45
05gKrdIWOMcNdKS7H4q14Rck5i7UCPn6jT1NkWkAKGs= subject=C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = Security Communication RootCA3
0cRTd+vc1hjNFlHcLgLCHXUeWqn80bNDH/bs9qMTSPo= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority RSA
@ -5,22 +17,21 @@
0eysykQBLD4ebRs53Slo/H/TEnqqV6tRgqO+q8zXo6k= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = Certification Authority, CN = SSC Root CA A
0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= subject=C = FI, O = Sonera, CN = Sonera Class2 CA
0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 1 Public Primary Certification Authority - G6
/1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY= subject=C = US, O = Equifax, OU = Equifax Secure Certificate Authority
1JxvKJzQVlGUkkgPGS8Apvx8GGLasue12OBfZnj64UE= subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
1Vl+o0U6YmH11C65yvW9tOOKHt69tb6m18C8Goq+yrI= subject=CN = Autoridad de Certificacion Raiz del Estado Venezolano, C = VE, L = Caracas, ST = Distrito Capital, O = Sistema Nacional de Certificacion Electronica, OU = Superintendencia de Servicios de Certificacion Electronica, emailAddress = acraiz@suscerte.gob.ve
1kbz6i1wA/yqd60hkTbHjgJKby4jB9+4z6l6FxNz7N8= subject=C = si, O = state-institutions, OU = sigov-ca
1qGEQ9NI25lPk0zNjmNdgzonrB5W+K+vfJfLT0Pqtos= subject=C = CN, O = WoSign CA Limited, CN = Certification Authority of WoSign
1Vl+o0U6YmH11C65yvW9tOOKHt69tb6m18C8Goq+yrI= subject=CN = Autoridad de Certificacion Raiz del Estado Venezolano, C = VE, L = Caracas, ST = Distrito Capital, O = Sistema Nacional de Certificacion Electronica, OU = Superintendencia de Servicios de Certificacion Electronica, emailAddress = acraiz@suscerte.gob.ve
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= subject=C = RO, O = certSIGN, OU = certSIGN ROOT CA
2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8= subject=C = US, O = "VeriSign, Inc.", OU = Class 2 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
2Psz44XJwtpymoRwa6kn3Lt5Jz4SL/2WczY7cLfzbLs= subject=C = ES, O = Generalitat Valenciana, OU = PKIGVA, CN = Root CA Generalitat Valenciana
2SQFxG2RKlY+Qyh/Vs1BChzfY2fFfJ6nxcrgOdy8zlA= subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 2 CA 2007
2xlRS1J+jPOz0hc102nkmoUkNKzJwY8DKYfpPwyZI3o= subject=C = GR, O = BYTE Computer S.A., CN = BYTE Root Certification Authority 001
2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8= subject=C = US, O = "VeriSign, Inc.", OU = Class 2 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
2xXABitSDzGKGdrP7NZPnno/vmCf1YZ5byCuAo6OMFg= subject=C = CN, O = WoSign CA Limited, CN = CA \E6\B2\83\E9\80\9A\E6\A0\B9\E8\AF\81\E4\B9\A6
2xlRS1J+jPOz0hc102nkmoUkNKzJwY8DKYfpPwyZI3o= subject=C = GR, O = BYTE Computer S.A., CN = BYTE Root Certification Authority 001
31MLrJ/NkUwlLC+9zt3GGD1K6MaArWXwPiBIYd17HHM= subject=DC = com, DC = microsoft, CN = Microsoft Root Certificate Authority
3AU9An/BhufEHNGTrzD8CXlOufPZ5nNtzgQUQNh2qAE= subject=C = ES, O = Colegio de Registradores de la Propiedad y Mercantiles de Espa\C3\B1a, OU = Certificado Propio, CN = Registradores de Espa\C3\B1a - CA Ra\C3\ADz
3ntpMunERYLODeB6vat+6pDHXW0qBzMd9XvVy4hVPRM= subject=C = PL, O = Asseco Data Systems S.A., OU = Certum Certification Authority, CN = Certum EC-384 CA
3V7RwJD59EgGG6qUprsRAXVE6e76ogzHFM5sYz9dxik= subject=C = CN, O = China Financial Certification Authority, CN = CFCA EV ROOT
3ViZswh7Dv8rbge2b07dzs5NAYAaoISV1ZBvChNBcWs= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v5
3ntpMunERYLODeB6vat+6pDHXW0qBzMd9XvVy4hVPRM= subject=C = PL, O = Asseco Data Systems S.A., OU = Certum Certification Authority, CN = Certum EC-384 CA
4EoCLOMvTM8sf2BGKHuCijKpCfXnUUR/g/0scfb9gXM= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Root E46
4MeAximQPhJvHZGVcNznxJb4XzOq5muaMUfudfjRYgo= subject=C = AT, ST = Wien, L = Wien, O = e-commerce monitoring GmbH, OU = GLOBALTRUST Certification Service, CN = GLOBALTRUST 2015
4O+ILaSKsLfvsNm6FbJxfdCPBDwlrAm1a4tX/O61o10= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = Certification Authority, CN = SSC Root CA C
@ -41,387 +52,376 @@
8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2
8mzaocSOLTaerySZOkJPgpCYOvcJSlvenH1ENB8uJCg= subject=C = US, O = Microsoft Corporation, CN = Microsoft EV ECC Root Certificate Authority 2017
8qTmsmPQpVKt/12F3Ja1gg/WaqCxgij0j9sIfI2zQTM= subject=C = US, ST = FL, L = Jacksonville, O = Network Solutions L.L.C., CN = Network Solutions RSA Certificate Authority
9+ze1cZgR9KO1kZrVDxA4HQ6voHRCSVNz4RdTCx4U8U= subject=C = US, O = Amazon, CN = Amazon Root CA 4
96/0GycJ8XX4q6F+VnsnBGst1Uv25+Jj0ylYc0N7nP8= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-Qual-03, CN = A-Trust-Qual-03
9CNSw8w9hLhRiYnWR8iMowHIj7mRk4u87MnuYOVl03c= subject=C = ES, serialNumber = Q2863006I, O = CONSEJO GENERAL DE LA ABOGACIA, CN = ACA ROOT
9eGcjhT+dV9VHOwrcRPnyYAjsXbr5sGrz4crKnuTIwQ= subject=C = ES, O = Consejo General de la Abogacia NIF:Q-2863006I, CN = Autoridad de Certificacion de la Abogacia
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= subject=C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root EV CA 2
9hRrwjjo/ODUe3B0yaJrGqD4g1KFEPBtnP7EH/bKGWg= subject=C = HU, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, emailAddress = info@netlock.hu
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= subject=C = HU, L = Budapest, O = NetLock Kft., OU = Tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3k (Certification Services), CN = NetLock Arany (Class Gold) F\C5\91tan\C3\BAs\C3\ADtv\C3\A1ny
9TwiBZgX3Zb0AGUWOdL4V+IQcKWavtkHlADZ9pVQaQA= subject=C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-server@thawte.com
9YV9iGK8K6PJ3co/hBRtyNgfTVedKzh79gBlOB7mQd0= subject=C = FR, O = Certplus, CN = Class 3P Primary CA
9+ze1cZgR9KO1kZrVDxA4HQ6voHRCSVNz4RdTCx4U8U= subject=C = US, O = Amazon, CN = Amazon Root CA 4
9eGcjhT+dV9VHOwrcRPnyYAjsXbr5sGrz4crKnuTIwQ= subject=C = ES, O = Consejo General de la Abogacia NIF:Q-2863006I, CN = Autoridad de Certificacion de la Abogacia
9hRrwjjo/ODUe3B0yaJrGqD4g1KFEPBtnP7EH/bKGWg= subject=C = HU, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, emailAddress = info@netlock.hu
9zvl66U2kSxVf7hVUXrR7gSHvY9jSYw5SRZBd7oGxd4= subject=C = CZ, CN = I.CA - Standard root certificate, O = Prvni certifikacni autorita a.s.
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R1
aB3EgsKWyEAsbrsg5oMJo7yEZSOuNLmEqE7ml6MxLbc= subject=C = PL, O = Asseco Data Systems S.A., OU = Certum Certification Authority, CN = Certum Trusted Root CA
aCdH+LpiG4fN07wpXtXKvOciocDANj0daLOJKNJ4fx4= subject=OU = GlobalSign Root CA - R6, O = GlobalSign, CN = GlobalSign
AEEkrWA3/V8zGeeiPU2cgR9VmNZsR1QVWwqqno8AYh8= subject=C = BE, O = Certipost s.a./n.v., CN = Certipost E-Trust TOP Root CA
aev+v/YekQ4V8l7qcTByaSOdIXCSsg+m3JKnh3dk2qA= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Document Signing Root E45
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO Certification Authority
Agbq0WOxDqL4Ygho69ehX2SiAlDRbNV9bofE//GiGXw= subject=C = DE, O = Deutscher Sparkassen Verlag GmbH, OU = S-TRUST Certification Services, CN = S-TRUST Universal Root CA
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= subject=C = FI, ST = Finland, O = Vaestorekisterikeskus CA, OU = Certification Authority Services, OU = Varmennepalvelut, CN = VRK Gov. Root CA
Agbq0WOxDqL4Ygho69ehX2SiAlDRbNV9bofE//GiGXw= subject=C = DE, O = Deutscher Sparkassen Verlag GmbH, OU = S-TRUST Certification Services, CN = S-TRUST Universal Root CA
AjdtCQisIwQcx9Zm2drxklVPf8NjF6qcuACQhhayivg= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Root Certificate Authority 2011
aJv0WzCD/erVXxR/0QXjzyGK1Y7fPkswHAxe7qbPIQ0= subject=C = NL, O = Digidentity B.V., CN = Digidentity L3 Root CA - G2
AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo= subject=C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority - G2, OU = "(c) 1998 VeriSign, Inc. - For authorized use only", OU = VeriSign Trust Network
/AKkni4ejkiMopEhNVcswvjnG7Di8oWWs3IimfXLnGI= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Time Stamp Root Certificate Authority 2014
akNrWNnYMOjVuKZCUFrWtBQGrc1olNlBT3vgoUZ7rbc= subject=C = DE, O = DATEV eG, CN = CA DATEV STD 02
aKpjVFHYOWIWfoj7CPhnjXOuxm/FWUYhN8/50bw9OHE= subject=C = US, O = Microsoft Corporation, CN = Microsoft EV RSA Root Certificate Authority 2017
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= subject=CN = ComSign CA, O = ComSign, C = IL
aN7ZogP/bjZ+EqpJl3zSAPcSeoAPqm+Fnwuv7YKGpPs= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft ECC Product Root Certificate Authority 2018
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= subject=C = FR, O = Certinomis, OU = 0002 433998903, CN = Certinomis - Root CA
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA 2
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= subject=C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
BewIl7IZlaSpiZ+PywZgGt5hwEOJlp0Tj+Ms1s/HRqs= subject=CN = ComSign Advanced Security CA
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= subject=C = US, O = AffirmTrust, CN = AffirmTrust Commercial
B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= subject=C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
bjZLYTPe79y7ISc8X0RaIK+8BQONWwIcDCFTA5AWNFs= subject=C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA2
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= subject=C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= subject=C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Class 1 CA Root
btDb2Vni7L6DI5gWCCb2Au5EHhqW8BVXm/OmcpKmDT4= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Document Signing Root R45
BVcK5usPzrQhDm23lIa3CUyvIAQB4Um2Z3RBtfJeRJs= subject=CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES
bW8MNAlxohijHRAzDqmufHplUFNMbu/t3SEY4RTbRz4= subject=C = FR, O = OpenTrust, CN = OpenTrust Root CA G1
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= subject=C = JP, O = Japanese Government, OU = ApplicationCA
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
BewIl7IZlaSpiZ+PywZgGt5hwEOJlp0Tj+Ms1s/HRqs= subject=CN = ComSign Advanced Security CA
C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M= subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 2 Public Primary Certification Authority - G3
cBYnC2CyjG4Xft69cYAH39MxDGSnN7fbAaB2kMNDvCc= subject=C = LV, OU = Sertifikacijas pakalpojumu dala, CN = E-ME SSI (RCA)
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R2
ce2RinrG0Xs4ScIBgLPnM0aRvF+3M3fwBwr6C+eJstE= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = CA ROOT Services, CN = SSC GDL CA Root B
cfit7sK1itvfYgXJjd6SikJUsDaVGT1/mmOpoliAldA= subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign Root CA - G2
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= subject=OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= subject=OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= subject=C = JP, O = Japanese Government, OU = GPKI, CN = ApplicationCA2 Root
D5wSmVV1mM91IbzIeYQgoVXOwbsjpXrDf1Eg/JogV/g= subject=C = GR, O = Athens Exchange S.A., CN = ATHEX Root CA
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= subject=C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Object
D5wSmVV1mM91IbzIeYQgoVXOwbsjpXrDf1Eg/JogV/g= subject=C = GR, O = Athens Exchange S.A., CN = ATHEX Root CA
DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= subject=C = US, O = SecureTrust Corporation, CN = SecureTrust CA
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= subject=C = FR, O = Certplus, CN = Class 2 Primary CA
eC1+YeEyPSqvuHe+NO4d4ME0UTbU/LPJRZN/ame0Ev4= subject=C = AU, O = GOV, OU = DoD, OU = PKI, OU = CAs, CN = ADOCA02
ecqvU0fm5KlMjniphJb8dAIPgJ7eE/Ig+rYQTI3tMp8= subject=C = TW, O = "Chunghwa Telecom Co., Ltd.", CN = HiPKI Root CA - G1
eG/6V4YYw7mjERdeUIFvTdoGBcOGnyluvFlDvwn06QQ= subject=C = KR, O = NAVER BUSINESS PLATFORM Corp., CN = NAVER Global Root Certification Authority
EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU= subject=C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
EiMSwIGUkQa3BJ8/6/GZwBCtoT4ygc01ikHnvQnIKdc= subject=C = FI, O = Vaestorekisterikeskus CA, OU = Certification Authority Services, OU = Varmennepalvelut, CN = VRK Gov. Root CA - G2
/eiZml5CcxmDXImhfWSi3NE6hRwJFsTFR7bY96ZDfZQ= subject=C = ZA, ST = Gauteng, L = Johannesburg, O = TrustFactory(Pty)Ltd, OU = TrustFactory PKI Operations, CN = TrustFactory SSL Root Certificate Authority
ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= subject=O = TeliaSonera, CN = TeliaSonera Root CA v1
ElXKvoFS+mTflC96R0F+KflsHOEb+MhOy+KBXMEoCBA= subject=C = CN, O = UniTrust, CN = UCA Global G2 Root
ERwkokMGHaduV+OxJD7akIef+3UFUjlUQ/qMNNwO1zc= subject=C = my, O = TM, OU = TM Applied Business Certification Authority, CN = TM Applied Business Root Certificate
ESQy5LuEjEVUn8vwxxDFZtAIK7vE6bOObHatRkSBKPw= subject=C = IT, L = Milano, O = Actalis S.p.A./03358520967, CN = Actalis Authentication CA G1
ETT9gVYaKBjsz//C5ECgzvmkDikmwIKZgE1ziwqX9j0= subject=CN = Digidentity Services Root CA, O = Digidentity B.V., C = NL
eu3d82sY+Ky3N5/hzhgyErI1DQeIq+DoJFe+m62tbVQ= subject=C = CN, O = WoSign CA Limited, CN = CA WoSign ECC Root
ev5LBxovH0b4upRKJtWE1ZYLkvtIw7obfKuEkF8yqs0= subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor ECA-1
f0KW/FtqTjs108NpYj42SrGvOB2PpxIVM8nWxjPqJGE= subject=C = US, O = Amazon, CN = Amazon Root CA 2
EiMSwIGUkQa3BJ8/6/GZwBCtoT4ygc01ikHnvQnIKdc= subject=C = FI, O = Vaestorekisterikeskus CA, OU = Certification Authority Services, OU = Varmennepalvelut, CN = VRK Gov. Root CA - G2
ElXKvoFS+mTflC96R0F+KflsHOEb+MhOy+KBXMEoCBA= subject=C = CN, O = UniTrust, CN = UCA Global G2 Root
F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Global CA 2
FGIAmy3mXW1NOb6JK9LBhkkFMc5lkOSP4ZYHDTF7YLA= subject=C = ES, O = DIRECCION GENERAL DE LA POLICIA, OU = DNIE, CN = AC RAIZ DNIE
FJ8u5juaXlgDJAp3DcmR/C40ReYoMcJFpJvE8fc4/5w= subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GB CA
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= subject=C = IL, O = StartCom Ltd., CN = StartCom Certification Authority G2
Fbso2SB+E/i8lVfdeF66dzvqlE4E1+CP+KpV7zGUqiA= subject=C = FR, O = KEYNECTIS, OU = ROOT, CN = KEYNECTIS ROOT CA
fDtG2b6PJ0H5gAOVIYWOTN0wd0+zKzshzuoGqnnGqsY= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA2
Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= subject=C = TR, L = Gebze - Kocaeli, O = T\C3\BCrkiye Bilimsel ve Teknolojik Ara\C5\9Ft\C4\B1rma Kurumu - T\C3\9CB\C4\B0TAK, OU = Ulusal Elektronik ve Kriptoloji Ara\C5\9Ft\C4\B1rma Enstit\C3\BCs\C3\BC - UEKAE, OU = Kamu Sertifikasyon Merkezi, CN = T\C3\9CB\C4\B0TAK UEKAE K\C3\B6k Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1 - S\C3\BCr\C3\BCm 3
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= subject=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= subject=OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
FGIAmy3mXW1NOb6JK9LBhkkFMc5lkOSP4ZYHDTF7YLA= subject=C = ES, O = DIRECCION GENERAL DE LA POLICIA, OU = DNIE, CN = AC RAIZ DNIE
FJ8u5juaXlgDJAp3DcmR/C40ReYoMcJFpJvE8fc4/5w= subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GB CA
fKbRP+N/gOJ1xJ4eaBPO4u2AwS5J3LugQOO44iadsos= subject=L = Internet, O = "VeriSign, Inc.", OU = VeriSign Commercial Software Publishers CA
fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2
fNZ8JI9p2D/C+bsB3LH3rWejY9BGBDeW0JhMOiMfa7A= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2
foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU= subject=O = "Cybertrust, Inc", CN = Cybertrust Global Root
FrDVUEKn2c6y8SBKpkxls6kEbp7PG+9UIfPSvhvF/6w= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Timestamping Root R45
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= subject=C = IL, O = StartCom Ltd., CN = StartCom Certification Authority G2
FtgtZ6Htjon5q1j30P0+sNABdof8ruzUBHXxAIOltZM= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA1
fWw+v56nNdGFS+6ny5QaseNQNRXgh7u1vmldBfL1VuQ= subject=C = US, ST = FL, L = Jacksonville, O = Network Solutions L.L.C., CN = Network Solutions ECC Certificate Authority
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= subject=C = CH, O = SwissSign AG, CN = SwissSign Gold Root CA - G3
G4qJUxcBYIye88ZfXWCpSLG625dTYiougcCkooS+Y8w= subject=C = DE, O = DATEV eG, CN = CA DATEV STD 01
Ga2Y3gIVXX4z6d0h8ORWEP0R0oBEuDGLvr+fYzeIjfA= subject=C = DE, O = DATEV eG, CN = CA DATEV BT 01
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Public Primary Certification Authority - G4
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= subject=C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= subject=CN = Developer ID Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
gosO7/JGVOj/WEGindXU4+0wlSykNCWnkoNAcgjTnRY= subject=C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = Trustwave Global ECC P384 Certification Authority
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= subject=C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3
grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
gWugv99f1k1WjsDQUvcRZNnizK4S4CGe1s2B5+hF+4Q= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v2
Ga2Y3gIVXX4z6d0h8ORWEP0R0oBEuDGLvr+fYzeIjfA= subject=C = DE, O = DATEV eG, CN = CA DATEV BT 01
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= subject=C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011
H0IkzshPyZztiB/2/P0+IfjFGcVHqmpd094kcwLOUNE= subject=C = CN, O = CNNIC, CN = CNNIC ROOT
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
haPYHSrQx53wp5aE4OJmYAmgneFXYOodds8O57KCXb0= subject=C = LU, O = LuxTrust s.a., CN = LuxTrust Global Root
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= subject=C = ES, ST = Barcelona, L = Barcelona (see current address at http://www.anf.es/es/address-direccion.html ), O = ANF Autoridad de Certificacion, OU = ANF Clase 1 CA, emailAddress = info@anf.es, serialNumber = G63287510, CN = ANF Global Root CA
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= subject=C = CH, O = SwissSign AG, CN = SwissSign Silver Root CA - G3
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= subject=C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= subject=O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
HrnPkB8IWKoXw5m6vrvdjLMDpO9OEiDEk8yi91o/kU4= subject=C = ES, O = Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN = ANCERT Certificados Notariales V2
hsE6NAjdGqd+6LaUfAOVh3L1MSSMFie++yxPSwTQRJY= subject=C = FR, ST = France, L = Paris, O = PM/SGDN, OU = DCSSI, CN = IGC/A, emailAddress = igca@sgdn.pm.gouv.fr
hshLHDpm9Cha95cFJGfj7SNv0phvAzwCxHcb4LlwSCo= subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2007
hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
hxV6dYX00DsAo5hGHhZOSAbhs/RtA6+9yd705HeL4uk= subject=C = SI, O = POSTA, OU = POSTArCA
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= subject=C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
Hzyf1P27UKBVvMp/5aWBqSCZzvHp5HbWuu8MkQgxx7M= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-Root-07, CN = A-Trust-Root-07
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
I2TWktzK4T2latSgfBMl3FdSFf8aBxaB38pd1u18hFI= subject=C = FR, O = ANSSI, OU = 0002 130007669, CN = IGC/A AC racine Etat francais
I4SdCUkj1EpIgbY6sYXpvhWqyO8sMETZNLx/JuLSzWk= subject=C = US, O = America Online Inc., CN = America Online Root Certification Authority 1
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
Ia5BJWYyRyX/78Hcz4jxb41r9Nu7N/6Mq6R+jWbCzfk= subject=C = SI, O = Republika Slovenija, organizationIdentifier = VATSI-17659957, CN = SI-TRUST Root
ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs= subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority
ICZl5MXDgLRJCoF3PbXbpiqQ229b5uDlTRGZL7HmVf0= subject=C = CZ, O = "\C4\8Cesk\C3\A1 po\C5\A1ta, s.p. [I\C4\8C 47114983]", CN = PostSignum Root QCA 2
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 1 Public Primary Certification Authority - G3
Ia5BJWYyRyX/78Hcz4jxb41r9Nu7N/6Mq6R+jWbCzfk= subject=C = SI, O = Republika Slovenija, organizationIdentifier = VATSI-17659957, CN = SI-TRUST Root
IgUKkoNkgcLzwfhBfTdEehZwB6ybpk6iKMtqHhTGS4s= subject=C = CZ, CN = I.CA - Qualified root certificate, O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s."
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= subject=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= subject=C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root
ikLurbyLIaNcSzqt19+8vS7RsdoS6MRaU02pBgflZP0= subject=DC = rs, DC = posta, DC = ca, CN = Configuration, CN = Services, CN = Public Key Services, CN = AIA, CN = Posta CA Root
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
i+p269YTev+fHsw8CMrx3sR9uRaQ1XVMTp8VIywKLng= subject=C = DE, O = DATEV eG, CN = CA DATEV INT 01
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= subject=C = CH, O = SwissSign AG, CN = SwissSign Platinum Root CA - G3
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 1 Public Primary Certification Authority - G3
IqNplPKPL6Oxauhyp527EqmC2luCTXrkNPlheKxUA1E= subject=C = BE, O = ZETES SA (VATBE-0408425626), serialNumber = 001, CN = ZETES TSP ROOT CA 001
iR/4mOSo1VUUAFbjF27qkfTYCO5/bRv7zOb4SAdjn5E= subject=C = FR, O = OpenTrust, CN = OpenTrust Root CA G3
irTohVbL+GSl6f1QFxzU7YQk6PCAG5niNsgQkVlQrks= subject=C = SI, O = ACNLB
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
JEgDz6NZUzhdBmV6xOWrTyvAQFJ3vmYq25BeFJix3v0= subject=C = TH, O = Electronic Transactions Development Agency (Public Organization), OU = Thailand National Root Certification Authority, CN = Thailand National Root Certification Authority - G1
JUHlO6WzsHrL5wl6xKA+BAwRz3ptSmfLIT1Vi1AWegY= subject=C = HK, ST = Hong Kong, L = Hong Kong, O = Hongkong Post, CN = Hongkong Post Root CA 3
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= subject=C = US, O = SecureTrust Corporation, CN = Secure Global CA
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
JEgDz6NZUzhdBmV6xOWrTyvAQFJ3vmYq25BeFJix3v0= subject=C = TH, O = Electronic Transactions Development Agency (Public Organization), OU = Thailand National Root Certification Authority, CN = Thailand National Root Certification Authority - G1
jhXUJs0EiY8hi+Ll/jeE83UJTMQ13GGthsSjwBUR2+E= subject=C = US, ST = MN, L = Minneapolis, O = Open Access Technology International Inc, CN = OATI WebCARES Root CA
joBG7EysAVpQfODS0BVKS0Do5CsxZc+lRlcUNREtF+U= subject=C = FR, O = Dhimyotis, OU = 0002 48146308100036, CN = Certigna Root CA
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= subject=C = US, O = U.S. Government, OU = FPKI, CN = Federal Common Policy CA
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= subject=O = Cisco Systems, CN = Cisco Root CA 2048
jUF9st2L9eMITR4/GW1YOEnYG91MAMcLnTk2npa4x4I= subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign ECC Root CA - G3
JUHlO6WzsHrL5wl6xKA+BAwRz3ptSmfLIT1Vi1AWegY= subject=C = HK, ST = Hong Kong, L = Hong Kong, O = Hongkong Post, CN = Hongkong Post Root CA 3
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= subject=C = US, O = SecureTrust Corporation, CN = Secure Global CA
K1IUzVZ2/vxMMB9HztMcHHv62+KogNV3HdoXFPWlyOg= subject=C = CN, O = China Financial Certification Authority, CN = CFCA Identity CA
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= subject=C = DE, O = TC TrustCenter GmbH, OU = TC TrustCenter Class 3 CA, CN = TC TrustCenter Class 3 CA II
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= subject=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
KC+1z7rwFRjZcE3niE16Jf8Bz4gumUKQ1ZldXrbESYg= subject=C = GR, O = ATHENS STOCK EXCHANGE, CN = ATHEX Root CA G2
Kef92kieRu5Ibv11rMSPJRky3J2hhysxdTzWRxlWeqU= subject=C = ZA, O = LAWtrust, OU = LAW Trusted Third Party Services PTY Ltd., CN = LAWtrust Root Certification Authority 2048
KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= subject=C = ES, O = IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L = Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN = Izenpe.com, emailAddress = Info@izenpe.com
kJHjH+klRqX14bPtQHH0RAuEDB6A2/y6en7G1YJfCyQ= subject=C = LT, OU = RCSC, O = VI Registru centras- i.k. 124110246, CN = RCSC RootCA
Kef92kieRu5Ibv11rMSPJRky3J2hhysxdTzWRxlWeqU= subject=C = ZA, O = LAWtrust, OU = LAW Trusted Third Party Services PTY Ltd., CN = LAWtrust Root Certification Authority 2048
Kk9J7ncBo5Wsky5EQpJnFYit4hJZziluGUlANocC6n8= subject=C = ES, O = Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN = ANCERT Certificados CGN
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= subject=C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= subject=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= subject=C = CH, O = SwissSign AG, CN = SwissSign Platinum CA - G2
KqIYS2z19QkYDLM9GGPug7WyiTVjQ1XKxcu4pi31AoM= subject=C = ZA, ST = Western Cape, L = Somerset West, O = South African Post Office Limited, OU = SAPO Trust Centre, CN = SAPO Class 4 Root CA, emailAddress = pkiadmin@trustcentre.co.za
kRni9BNXl3eVSZFwPu4joEUjoxK1xl9/k3SqMQDr2Oc= subject=C = FR, O = Certplus, CN = Class 3TS Primary CA
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority
kVCGzNTtHqdJtCf2sM60oO9bShzxgHBTnA8qdYGFo4I= subject=C = CH, O = admin, OU = Services, OU = Certification Authorities, CN = AdminCA-CD-T01
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
kx8c8DpvhMMP862Gm+PCGkEBkcyYrAr8nU6Lib2Gndw= subject=L = Alvaro Obregon, ST = Distrito Federal, C = MX, postalCode = 01030, street = Insurgentes Sur 1940, CN = Autoridad Certificadora Raiz de la Secretaria de Economia, OU = Direccion General de Normatividad Mercantil, O = Secretaria de Economia, emailAddress = acrse@economia.gob.mx
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= subject=C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2
kYWR8eFte+DbBRln93k93f/PuauJ1Mo1cZ2vIjHwcjs= subject=C = CA, O = Carillon Information Security Inc., OU = Certification Authorities, CN = CISRCA1
l59vaopBxCHMZzRz1YpjeYF75z0uUkaYyA/7ZqFJ0Ik= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v1
L8VmekuaJnjtasatJUZfy/YJS/zZUECXx6j6R63l6Ig= subject=C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM
L8yZ9cnQD5og2mEx3qXAJ9kmNtaM2c2+lSkKPECJGeA= subject=C = KR, O = Government of Korea, OU = GPKI, CN = GPKIRootCA1
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= subject=C = US, O = AffirmTrust, CN = AffirmTrust Networking
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= subject=C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Client Authentication and Email
lBWyXbo7vXEUOeKplkt6Ulav87BcdyyKNObJNWarpjo= subject=C = CH, O = Swiss Government PKI, OU = www.pki.admin.ch, CN = Swiss Government Root CA III
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= subject=C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
LgbK4fwgsgDm+3SFV6RES+yTF9//LkFRZp4PeUTwqeA= subject=C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = Trustwave Global Certification Authority
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= subject=C = US, O = VISA, OU = Visa International Service Association, CN = Visa Information Delivery Root CA
ljUtCth1wCfbgtWZuqjULlxHJkmYHs7tO/xl9Mgf1cE= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v10
lLlLv5oHJvF7CXOvbUHp+y5wmWUby+/d2XsKXyqrsN0= subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority
lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden EV Root CA
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= subject=C = ES, O = IZENPE S.A., CN = Izenpe.com
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Public Primary Certification Authority - G6
ly+8bVW/77Gr43WK19Z6NJu++AwG8dhQAd+5EBuavBs= subject=C = DE, O = DATEV eG, CN = CA DATEV INT 02
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= subject=C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
LgbK4fwgsgDm+3SFV6RES+yTF9//LkFRZp4PeUTwqeA= subject=C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = Trustwave Global Certification Authority
M/paUwBhPUZub4XIBRaVvtXR+tWfJeBArNoEcqdPPCA= subject=C = CZ, O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", CN = I.CA Root CA/RSA, serialNumber = NTRCZ-26439395
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= subject=C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= subject=C = us, O = U.S. Government, OU = FBCA, CN = Common Policy
mAki7uB/hrx/Xl6V1X24va5o4XpCHE5yqWpwioeSASQ= subject=C = HU, L = Budapest, O = Microsec Ltd., OU = e-Szigno CA, CN = Microsec e-Szigno Root CA
++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI= subject=C = US, O = Amazon, CN = Amazon Root CA 1
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 2 Public Primary Certification Authority - G4
mEflZT5enoR1FuXLgYYGqnVEoZvmf9c2bVBpiOjYQ0c= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R4
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC
MhY4wxAbP/w28oDwljGF/BbTE/KpLKvtK8H6FvscqjE= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Secure Mail Root R45
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= subject=C = CA, ST = Ontario, L = Toronto, O = Echoworx Corporation, OU = Certification Services, CN = Echoworx Root CA2
MLccT5EiR252HmIO7EK/pfhMSTzUm7sYNLJuVV9g3kA= subject=C = ES, O = Agencia Notarial de Certificacion S.L. Unipersonal - CIF B83395988, CN = ANCERT Certificados Notariales
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= subject=O = Digital Signature Trust Co., CN = DST Root CA X4
M/paUwBhPUZub4XIBRaVvtXR+tWfJeBArNoEcqdPPCA= subject=C = CZ, O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", CN = I.CA Root CA/RSA, serialNumber = NTRCZ-26439395
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= subject=C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority
mTM8OmZc8O+7dIizgHuLZfh7WynWiA8CjtwoRC7q5mk= subject=C = SI, O = Halcom, CN = Halcom Root CA
mUkjO7hQqWajLbFRktJM+ISJ8nPHemlNOTWY5vEn4PY= subject=C = CZ, O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", organizationIdentifier = NTRCZ-26439395, CN = I.CA Root CA/ECC 12/2016
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 1 Public Primary Certification Authority - G4
mWKrFpmw63x+ileLx5iTBCAxwRWMYzYTGZqQuWUqKnU= subject=CN = CAEDICOM Root, O = EDICOM, C = ES
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= subject=CN = Apple Root CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
MhY4wxAbP/w28oDwljGF/BbTE/KpLKvtK8H6FvscqjE= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Secure Mail Root R45
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= subject=C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority
Mym/oTtgB6tfw3E/CssolCbi+8mcxcEQqRSxOVcWALY= subject=C = JP, O = "SECOM Trust Systems CO.,LTD.", CN = Security Communication ECC RootCA1
N2oacIKlk9zMINVh0Rnpq40w8RzDIdCjf6QfDfKE4Bw= subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign Root CA - G1
ncOKntz4KEK2dNoYa21iFaueLsbXL1ewioknKMMUMfM= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA3
ndVfxXP1RstqODHRES2HEKb0+C3If1+unToaAo3Tbks= subject=C = CN, O = China Internet Network Information Center, CN = China Internet Network Information Center EV Certificates Root
Nf9rT12ikQ+Ofm1YNADtjHzm/IWSTiXXTr0nwx7nrAs= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Secure Mail Root E45
NfU84SZGEeAzQP434ex9TMmGxWE9ynD9BKpEVF8tryg= subject=C = US, O = Microsoft Corporation, CN = Microsoft ECC Root Certificate Authority 2017
nG9qEjy6pO402+zu4kyX1ziHjLQj88InOQNCT10fbdU= subject=C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Server CA, emailAddress = server-certs@thawte.com
NIdnza073SiyuN1TUa7DDGjOxc1p0nbfOCfbxPWAZGQ= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority ECC
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= subject=C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 1
nlo0sIkpvApYHIk2qv1qt1F7sVGItPb8AsRZBvcVlbA= subject=C = AT, L = Vienna, ST = Austria, O = ARGE DATEN - Austrian Society for Data Protection, OU = GLOBALTRUST Certification Service, CN = GLOBALTRUST, emailAddress = info@globaltrust.info
nPRwTz7lpZiUsWvwDP5z1Yja4mn1HeZqS6d0Ru4r0fc= subject=C = IN, O = India PKI, CN = CCA India 2014
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= subject=CN = EBG Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1, O = EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., C = TR
Nf9rT12ikQ+Ofm1YNADtjHzm/IWSTiXXTr0nwx7nrAs= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Secure Mail Root E45
NfU84SZGEeAzQP434ex9TMmGxWE9ynD9BKpEVF8tryg= subject=C = US, O = Microsoft Corporation, CN = Microsoft ECC Root Certificate Authority 2017
NqvDJlas/GRcYbcWE8S/IceH9cq77kg0jVhZeAPXq8k= subject=C = US, O = Amazon, CN = Amazon Root CA 3
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= subject=C = HK, O = Hongkong Post, CN = Hongkong Post Root CA 1
NtfHnz0Img/3mXLZCSPepcp2tMy698J1HLFS6UlPUtA= subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= subject=C = FR, O = Certinomis, OU = 0002 433998903, CN = Certinomis - Autorit\C3\A9 Racine
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= subject=CN = EBG Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1, O = EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., C = TR
nZih+2BTjEzEhX/xqMgDT69vxZIJP2GZlLLIE9JQuGQ= subject=C = FR, O = Certplus, CN = Class 1 Primary CA
O0WRggXFkSmKGSKli0kh0B9kj6nSi93frSSu7FlCz78= subject=C = ES, O = FNMT, OU = FNMT Clase 2 CA
OAc5Yg4TM1gF6tqPn4uBVU0708ABfzYywmd2acrHor8= subject=C = SE, O = Swedish Social Insurance Agency, CN = Swedish Government Root Authority v3
OBo/x6iwgvooYTpNB/LHVT9OGRjuB8qp6LfO3lqcoGo= subject=C = CN, O = WoSign CA Limited, CN = Certification Authority of WoSign G2
OC36NHzgJmL5jfaAbRr1OgTNOYlQrgOJFfPHFZZgBvw= subject=C = HK, ST = Hong Kong, L = Hong Kong, O = Hongkong Post, CN = Hongkong Post Root CA 2
odRdBilzQbHzpzXPo48oPmh5/sBigaNh5fQXzHDSnck= subject=C = DE, O = DATEV eG, CN = CA DATEV BT 02
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= subject=C = CZ, CN = "I.CA - Qualified Certification Authority, 09/2009", O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", OU = I.CA - Accredited Provider of Certification Services
otyYyny77hgislsme9XKUC+nsM9P/wcD7mpBZwPzx+o= subject=C = FR, O = Certplus, CN = Class 3 Primary CA
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= subject=C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= subject=C = BE, CN = Belgium Root CA2
oyD01TTXvpfBro3QSZc1vIlcMjrdLTiL/M9mLCPX+Zo= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority ECC
p24pScuH9iNrX2jGkHR1h9ZEjqIc/q15UAhKwBUZCyU= subject=C = US, O = Cisco Systems, CN = Cisco RXC-R2
P4OmjE6A/D9PSH4xBa0UZJjlagmj6iI7KimClD9Zldc= subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign Root CA - C2
p5jZL3bJxnVeX1X4bNFK7cwGVTceJ8zeA3d0XOPFABM= subject=C = BE, O = Certipost s.a./n.v., CN = Certipost E-Trust Primary Qualified CA
p6jwOYlPX2dekqd44AjkJMlBfboGoXOLRbTgjTb8LXw= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-Qual-02, CN = A-Trust-Qual-02
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= subject=C = ch, O = admin, OU = Services, OU = Certification Authorities, CN = Admin-Root-CA
P7Y8KfR7zE5qrbNXfOfKhUPgu6ulU2drj9FhKVvbkBE= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = Certification Authority, CN = SSC Root CA B
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= subject=C = HU, ST = Hungary, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Kozjegyzoi (Class A) Tanusitvanykiado
pLibtwZW6kmPLZ4ApJf9udzSC4G4k46VK7ot+fZXKcM= subject=C = SI, O = Halcom, CN = Halcom CA FO
pMv0hRavMWDrxirKxufyWGCe0IkVNQEMFmkkk6n+H78= subject=C = DE, O = DATEV eG, CN = CA DATEV INT 03
Pqe1wEWpmpdx4t6o6AmLonMtF87ugieVUv7ukFUw818= subject=C = IL, O = PersonalID Ltd., OU = Certificate Services, CN = PersonalID Trustworthy RootCA 2011
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= subject=C = TW, O = Government Root Certification Authority
PsGN/riUqeog6yzUDGk+KikUT+LsYLT3uJAmBAs5rr4= subject=C = US, O = WFA Hotspot 2.0, CN = Hotspot 2.0 Trust Root CA - 03
PuazQUAoUbJ+ZAIaMCOqx8Gg0t7yfVvOXC2+sLItzHE= subject=C = SG, O = Netrust Pte Ltd, OU = Netrust Certificate Authority, CN = Netrust Root CA 2
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= subject=C = US, O = VISA, OU = Visa International Service Association, CN = Visa eCommerce Root
pvH5v4oKndwID7SbHvw9GhwsMtwOE2pbAMlzFvKj3BE= subject=C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1
pZ0vCcixaM2a+jvD602w16Q1iNUjKH8rg6gi6zNwkXA= subject=C = SE, O = Swedish Social Insurance Agency, CN = Swedish Government Root Authority v2
Q3apk5Z2n9SHJA7otXOtSXBqW5RzYWrO84QJ6RWG3B4= subject=C = HU, L = Budapest, O = NISZ Nemzeti Infokommunik\C3\A1ci\C3\B3s Szolg\C3\A1ltat\C3\B3 Zrt., CN = F\C5\91tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3 - Korm\C3\A1nyzati Hiteles\C3\ADt\C3\A9s Szolg\C3\A1ltat\C3\B3
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= subject=C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
Q5wZ/z7bJl7xqSD3SkgC092VrOAk4h5abOjgZNwVZs0= subject=C = SA, O = National Center for Digital Certification, OU = Saudi National Root CA
Q8dCYvdJJmLSRZvMmJm6xUpOzAHho/XnZViZK0AVJBg= subject=C = CH, O = The Federal Authorities of the Swiss Confederation, OU = Services, OU = Certification Authorities, CN = Swiss Government Root CA II
q8rfo1/4Ncs6CguGQAYiuA1egMdlvAJ/GxxOCmIPXhw= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-Root-05, CN = A-Trust-Root-05
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= subject=C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN - DATACorp SGC
qBKTRF2xlqIDD55FX+PHSppPgxewKwFAYCeocIF0Q0w= subject=C = TW, O = Government Root Certification Authority
QEIRZtHurpZ01aarsNXmoWqpdk/rcTGhUhBjVrTlyp8= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Code Signing Root R45
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= subject=C = CN, O = UniTrust, CN = UCA Root
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= subject=C = GB, O = Trustis Limited, OU = Trustis FPS Root CA
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
qjiH1bsTPLJO7L7NltFcyKgbKy9zb5z9r5RIZX7wSq0= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = CA ROOT Services, CN = SSC GDL CA Root A
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1
QkMWJ+p2zHhpf5FeNFWxsuyC/y9jgO5kI+88CEC35jE= subject=C = HU, L = Budapest, O = Microsec Ltd., organizationIdentifier = VATHU-23584497, CN = e-Szigno Root CA 2017
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= subject=C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
QXnt2YHvdHR3tJYmQIr0Paosp6t/nggsEGD4QJZ3Q0g= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R3
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3
QkMWJ+p2zHhpf5FeNFWxsuyC/y9jgO5kI+88CEC35jE= subject=C = HU, L = Budapest, O = Microsec Ltd., organizationIdentifier = VATHU-23584497, CN = e-Szigno Root CA 2017
QqcJhP/TmcTq8OcCpEvvKtinm4v0ZI9rshDhI/0HV5M= subject=C = IN, O = India PKI, CN = CCA India 2011
QqgHzsWunA8DtAygQ6xwRotSGb11zFu+pR2SHdEAFW8= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA
QXnt2YHvdHR3tJYmQIr0Paosp6t/nggsEGD4QJZ3Q0g= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R3
qzh2w9pd4MnPZzaGjuW4i/m6Hf+cnXLS/lqNL3gwIWY= subject=C = ZA, ST = Western Cape, L = Durbanville, O = Thawte, OU = Thawte Certification, CN = Thawte Timestamping CA
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= subject=C = DK, O = TRUST2408, CN = TRUST2408 OCES Primary CA
RcG3kifDMUSV/ef+O0q2d/YfqKSaL+1r5kOFV3HnpwE= subject=C = ZA, ST = Gauteng, L = Johannesburg, O = TrustFactory(Pty)Ltd, OU = TrustFactory PKI Operations, CN = TrustFactory Client Root Certificate Authority
rER97dBDKqucBw8sygG22rCb7wfPTKaqp1VjT4V7MVo= subject=C = JP, O = LGPKI, CN = Application CA G4 Root
RGLBB8SF3WpUQ/XnoWBEFgNKN0w/TRCHXxw3FQJ1Y68= subject=OU = Copyright (c) 1997 Microsoft Corp., OU = Microsoft Corporation, CN = Microsoft Root Authority
RKPYDT9TSFltgKCYQsI6OXdEOfiwuRkjnSoD2sXOUhM= subject=C = SE, O = Carelink, CN = SITHS CA v3
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
rn+WLLnmp9v3uDP7GPqbcaiRdd+UnCMrap73yz3yu/w= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Root R46
rTBMiEpdN2vRlSCaFMOeB/DT9c+JPYArBT4bkm5V13Q= subject=C = PT, O = SCEE, CN = ECRaizEstado
RTt0gJtpAZYn8vhDAB21lQzdHUU3EFPn89/bw3FBE8Y= subject=C = ES, O = FNMT-RCM, OU = Ceres, organizationIdentifier = VATES-Q2826004J, CN = AC RAIZ FNMT-RCM SERVIDORES SEGUROS
rxEPa1rot2fqxuCqJz84FuekCmRO2stDmBRjVud1CdY= subject=C = UY, O = ADMINISTRACION NACIONAL DE CORREOS, OU = SERVICIOS ELECTRONICOS, CN = Correo Uruguayo - Root CA
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 2 Public Primary Certification Authority - G6
RcG3kifDMUSV/ef+O0q2d/YfqKSaL+1r5kOFV3HnpwE= subject=C = ZA, ST = Gauteng, L = Johannesburg, O = TrustFactory(Pty)Ltd, OU = TrustFactory PKI Operations, CN = TrustFactory Client Root Certificate Authority
S3Lf7T7cy19JRWguKVcxoIZKxrW4Wxk+zS8GtJAMHP0= subject=C = TR, L = Ankara, O = T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E., CN = T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1 H5
S6JJlt3ub44fzsCqnsz9OqVHez749fhfCgYHP5dSKFc= subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", OU = http://certificates.starfieldtech.com/repository/, CN = Starfield Services Root Certificate Authority
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3
SXEo/JBla4cpBIKyI++3IkD+nEIeeZON5fgRDLC+kFY= subject=C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = Trustwave Global ECC P256 Certification Authority
ScvYPAPKv6BxO5e8lkgdA1/U6+BvB/q1ZA7ZIy2BELI= subject=C = IN, O = India PKI, CN = CCA India 2015 SPL
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA
sh0qdDMYcSuhbzmRnZYaS6+6O8qaQ6dbH8/iLF1wyro= subject=C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC
shOpy6qaiDGsCzqoDp0VhWzUOnzC4LrF/LhKJHUaing= subject=C = DE, O = DATEV eG, CN = CA DATEV STD 03
sIP/U29/SKkIHilKAYe1PoGXcUAtnUgQMG3gMQJOX0Y= subject=CN = AC1 RAIZ MTIN, serialNumber = S2819001E, OU = PRESTADOR DE SERVICIOS DE CERTIFICACION MTIN, OU = SUBDIRECCION GENERAL DE PROCESO DE DATOS, O = MINISTERIO DE TRABAJO E INMIGRACION, L = MADRID, C = ES
SiZZZm3AIDuRb1PYCtj2GsML6hYfSFzHUn5qWTfkkhY= subject=C = TR, L = Ankara, O = T\C3\9CRKTRUST Bilgi \C4\B0leti\C5\9Fim ve Bili\C5\9Fim G\C3\BCvenli\C4\9Fi Hizmetleri A.\C5\9E., CN = T\C3\9CRKTRUST Elektronik Sertifika Hizmet Sa\C4\9Flay\C4\B1c\C4\B1s\C4\B1 H6
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3
+sld48JKF0GUgAz/qjylHXEWYwZkqbYMh1i07w3Fj4g= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-nQual-03, CN = A-Trust-nQual-03
sPbxW0gX6+b+C0v819Os5MdYsKtvip2i7ZLmGCOdnJg= subject=CN = ACEDICOM Root, OU = PKI, O = EDICOM, C = ES
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
sRJBQqWhpaKIGcc1NA7/jJ4vgWj+47oYfyU7waOS1+I= subject=C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
svcpi1K/LDysTd/nLeTWgqxYlXWVmC8rYjAa9ZfGmcU= subject=C = US, O = Microsoft Corporation, CN = Microsoft RSA Root Certificate Authority 2017
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3
sWyxulKaOeLf1Ts/9aefGQRhTYPjEwTwJ4u0CzjPeCQ= subject=C = CN, O = CFCA GT CA
SXEo/JBla4cpBIKyI++3IkD+nEIeeZON5fgRDLC+kFY= subject=C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = Trustwave Global ECC P256 Certification Authority
sxguKJrjTd8r5kOrecJEMBYF+g8equbRD7kpYAr4TfA= subject=C = BE, O = Certipost s.a./n.v., CN = Certipost E-Trust Primary Normalised CA
t0CLTSvgI4ujcATdNOJ2xgGb0vJMnbfUmA9fbDWaS8w= subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign Root CA - C1
T3FiuXRJHJhYXsKP51mqAMMw0LRlGQqJbMS2FiMYMfw= subject=C = ES, ST = MADRID, L = MADRID, OU = see current address at www.camerfirma.com/address, OU = GLOBAL CHAMBERSIGN ROOT - 2016, serialNumber = A82743287, organizationIdentifier = VATES-A82743287, O = AC CAMERFIRMA S.A., CN = GLOBAL CHAMBERSIGN ROOT - 2016
/Tcb6pdV/2DIgoyEm45SFd5TLWGwCYVfoK1jDZDu+C4= subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GC CA
tew1uqtTiITPqN2XN2sQLwPlO0gsZBAMJQcirpsELLw= subject=C = SE, O = Inera AB, CN = SITHS Root CA v1
tInMsiS5prgd0nTOr1IJwlKZjJp2r0jk9MUKByhGGCU= subject=C = TW, O = "Chunghwa Telecom Co., Ltd.", CN = ePKI Root Certification Authority - G2
tlakNDgxoqzxHuq8OkS5cCX/+6K5ENqHFM+CfYG+EMk= subject=C = ZA, ST = Western Cape, L = Somerset West, O = South African Post Office Limited, OU = SAPO Trust Centre, CN = SAPO Class 3 Root CA, emailAddress = pkiadmin@trustcentre.co.za
TmwWFmNxmbUHeoCtDCJIxyXldvyKcZmJRWvJyv3bdSQ= subject=C = TN, CN = Tunisian Root Certificate Authority - TunRootCA2, O = National Digital Certification Agency
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= subject=C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Global Chambersign Root
TRJCjvAt3jRY8zeiueEWazs8kcRvn5E1lgu+JS7tF2w= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = VS ROOT Services, CN = SSC GDL CA VS Root
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= subject=C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
TmwWFmNxmbUHeoCtDCJIxyXldvyKcZmJRWvJyv3bdSQ= subject=C = TN, CN = Tunisian Root Certificate Authority - TunRootCA2, O = National Digital Certification Agency
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= subject=C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Global Chambersign Root
Tvfaz3ftt1H3BANftcbEQjUexyIK+Qvfgv0Ee9PCQYc= subject=C = AU, O = GOV, OU = DoD, OU = PKI, OU = CAs, CN = Australian Defence Public Root CA
tzgpDMCFR+eaxn+DHrszVHxOfbRRTi0piMI8RBNA60E= subject=C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2
u0Eo7JYg8tKknOjixOJXrrrZOg8RxWtfpLAOI3Wfo50= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
u1IIbQY56NszJ3Wsj06ENdks6wD04k8o/A6r4kB3LoA= subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions ECC RootCA 2015
U3VmJij6CmhArsjFkr9djeVk7T77YsfJMvyo11TZu9Y= subject=C = FR, O = Certplus, CN = Certplus Root CA G2
UI+MYXivMpu2u3U6uUPZAjvnlsOtu2xc1GZLZv7syuU= subject=C = CH, O = The Federal Authorities of the Swiss Confederation, OU = Services, OU = Certification Authorities, CN = Swiss Government Root CA I
/uivkpF1aH9GOKP8mD247NDl4qg+c38/t3tMIvy6wKY= subject=C = AT, O = e-commerce monitoring GmbH, CN = GLOBALTRUST 2020
UJS3O3Nq33Ogy/Q+J78UQHtKNqo2OkV/zjOUnOuo5kk= subject=C = HU, L = Budapest, O = NetLock Kft., OU = Tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3k (Certification Services), CN = NetLock Platina (Class Platinum) F\C5\91tan\C3\BAs\C3\ADtv\C3\A1ny
uJvLuKzUdMG+p9rWUDf0jc7MnfqgYSw8JEWVZBnfMv4= subject=C = ES, ST = MADRID, L = MADRID, OU = see current address at www.camerfirma.com/address, OU = CHAMBERS OF COMMERCE ROOT - 2016, serialNumber = A82743287, organizationIdentifier = VATES-A82743287, O = AC CAMERFIRMA S.A., CN = CHAMBERS OF COMMERCE ROOT - 2016
UMyGupbbMmPHmkPq0HVT2fVmWeaQfnLYwCZjehzchdw= subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2015
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= subject=C = FR, O = Dhimyotis, CN = Certigna
UUPkdWmh1fyGeJPgzEEsQfVXFdp45Z6fjkN3AAjKQtI= subject=C = ES, ST = Barcelona, L = Barcelona (see current address at https://www.anf.es/address/), O = ANF Autoridad de Certificaci\C3\B3n, OU = ANF Clase 1 CA, serialNumber = G63287510, CN = ANF Server CA
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4
v9cyWw0aotVPnkvpOMciA+S9c5BDQbDBg2NhwmMhIuE= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Code Signing Root E45
VeAL4nfOsFRSmfJP2fh34qzzKFLbQ//NKbynSzm0yfo= subject=C = TR, L = Gebze - Kocaeli, O = Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU = Kamu Sertifikasyon Merkezi - Kamu SM, CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
Vfd95BwDeSQo+NUYxVEEIlvkOlWY2SalKK1lPhzOx78= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R2
v+gpCYcuRDTxFcUaVhaAGVlNDgPco2PZ87SDnQurzeU= subject=C = US, O = Verizon Business, OU = OmniRoot, CN = Verizon Global Root CA
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= subject=C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= subject=C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
vjKAxoY8dwozyQQL2X1VQLIW0dkduLCIzqwRl9rh1mA= subject=C = HR, O = Financijska agencija, CN = Fina Root CA
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= subject=C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= subject=O = Digital Signature Trust Co., CN = DST Root CA X3
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= subject=C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= subject=C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
+vpvUuZnrn0+F0B/SfWFynBc1Vl/WFDP/fpk2muz0Ms= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Client Authentication Root E45
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
vt2LyX6oZJcZWgeKmZojegYK664HvAoLm3eJgrpfYvQ= subject=C = SI, O = Halcom, CN = Halcom CA PO 2
vwHDXzNxE/FntKUBhnZeex44kK9YYyjxhc0Na66BNSE= subject=C = ES, O = Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN = ANCERT Certificados CGN V2
w3L20Y6+5aoj2ekZ8+a+mEiOwBYH3zFi/BkuSxNGr7M= subject=C = CZ, organizationIdentifier = NTRCZ-47114983, O = "\C4\8Cesk\C3\A1 po\C5\A1ta, s.p.", CN = PostSignum Root QCA 4
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= subject=C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority
WARGJsNMGnsVjdtnbZ4uZUQ9gY2rMRYjHi1iq2QmoLc= subject=C = PL, O = Telekomunikacja Polska S.A., OU = Signet Certification Authority, CN = Signet Root CA
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= subject=CN = ComSign Global Root CA, O = ComSign Ltd., C = IL
WJnZE+rRGbnNt7ovMO/g32itLNIlvfST6DI6JapNviM= subject=C = SI, O = Halcom d.d., organizationIdentifier = VATSI-43353126, CN = Halcom Root Certificate Authority
WKKmmNhv2El9QfaOTK60qYh09DPakT3SbFykTQj/cv4= subject=C = LT, O = VI Registru Centras - I.k. 124110246, OU = Registru Centro Sertifikavimo Centras, CN = VI Registru Centras RCSC (RootCA)
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= subject=C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= subject=C = KR, O = KISA, OU = Korea Certification Authority Central, CN = KISA RootCA 1
x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
xCUz069JmPWtnwclIdhdRy+n/9z8WIyCR7M33HcQk4k= subject=C = si, O = state-institutions, OU = sigen-ca
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
XE8oU4jzgzYmmlXHwSwLPKc/7ypaTfgriRQehBpsTeQ= subject=C = US, O = Symantec Corporation, CN = Symantec Enterprise Mobile Root for Microsoft
XEGnOrLDXfzXcfb9bj6PrJtGnThsrdpWqVtkbrSMyjQ= subject=C = CN, O = UniTrust, CN = UCA Extended Validation Root
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Global Root CA
xj1oxkihi3dkHEJ6Zp1hyXaKVfT80DIurJbFdwApnPE= subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-2
Xm5S5QtbkBKBfmMXi8tjveI88cwflFjO2bk6K7p9xMY= subject=C = CA, O = Notarius Inc, CN = Notarius Root Certificate Authority
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium
xT2tnlOuJ+2V8Op6kgP3v1bv8PjhzpYMtHYbloNC404= subject=CN = Autoridad Certificadora Ra\C3\ADz Nacional de Uruguay, O = AGESIC, C = UY
XvoHP0lCY0RIOrDdu92l41ly+cR8dN35jsQikLJRypc= subject=C = LV, O = VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU = Sertifikacijas pakalpojumi, CN = VAS Latvijas Pasts SSI(RCA)
x/WEI22GOV6Pb4LAEIhqLFbgcaahw+0odrijpyxe+7U= subject=C = CZ, CN = "I.CA - Standard Certification Authority, 09/2009", O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", OU = I.CA - Provider of Certification Services
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= subject=C = JP, O = LGPKI, OU = Application CA G2
xXUL+F9Fn7cOK2zRiY03XpLXk45HpuA0zODBLTA3LM0= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft ECC TS Root Certificate Authority 2018
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= subject=C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= subject=C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 2
y617HThISd8JRrfujn9ffOOu2Hb9p7ydMNixbyn/LFM= subject=C = RO, O = CERTSIGN SA, OU = certSIGN ROOT CA G2
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= subject=C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
/YctF2YX5QwmYRnQ/bBHsHMtogSLEhr3uYYMo+Ly8r4= subject=C = CO, O = Sociedad Cameral de Certificaci\C3\B3n Digital - Certic\C3\A1mara S.A., CN = AC Ra\C3\ADz Certic\C3\A1mara S.A.
yemLmVZykxsDPiZd/t/mIxbnf5iE1sE4mbVT8Qo7Dws= subject=CN = esignit.org
Y/Gm951ucw0QQy5jCBlP97wohQrfK633idlxOF2FEu4= subject=C = DE, O = DATEV eG, CN = CA DATEV BT 03
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= subject=C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
YOOF2fbmkG6F5D+esOQ+ZScZMZ6cgKYUaJG+I69f4uk= subject=O = VeriSign Trust Network, OU = "VeriSign, Inc.", OU = VeriSign Time Stamping Service Root, OU = "NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc."
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= subject=C = HU, L = Budapest, O = Microsec Ltd., CN = Microsec e-Szigno Root CA 2009, emailAddress = info@e-szigno.hu
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= subject=C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority
Yo46EVb2+qkvlLQJJY1Muj8gR0gNMBlPrz++0F6utbI= subject=C = TR, O = Elektronik Bilgi Guvenligi A.S., CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
YOOF2fbmkG6F5D+esOQ+ZScZMZ6cgKYUaJG+I69f4uk= subject=O = VeriSign Trust Network, OU = "VeriSign, Inc.", OU = VeriSign Time Stamping Service Root, OU = "NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc."
yQ0AnEfuufKimuhI9dkw8rQe9e28XFaVwUFDRcHdZ7Q= subject=C = DE, ST = Baden-Wuerttemberg (BW), L = Stuttgart, O = Deutscher Sparkassen Verlag GmbH, CN = S-TRUST Authentication and Encryption Root CA 2005:PN
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
yUImLAx8CpW7FStxxCVW3b6aBPqDeDc1UNK3zifZUqM= subject=C = TN, O = Agence Nationale de Certification Electronique, CN = TunTrust Root CA
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= subject=C = HU, L = Budapest, O = Microsec Ltd., CN = Microsec e-Szigno Root CA 2009, emailAddress = info@e-szigno.hu
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= subject=emailAddress = pki@sk.ee, C = EE, O = AS Sertifitseerimiskeskus, CN = Juur-SK
yZBbDuASAik8oCbmTwhBJELFUEwG5Eyn6XJtYfIOQIk= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Root Certificate Authority 2010
Z+oZMkOuODk5ta2eNWprK/k6k7zc+CikcIJJeIMIP4Y= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= subject=CN = Apple Root CA - G2, OU = Apple Certification Authority, O = Apple Inc., C = US
Z1YF8VZ+JfvSUmvv6irvvbInnz4bqjowOudVXRvaPuQ= subject=C = FR, O = OpenTrust, CN = OpenTrust Root CA G2
Z2uf8wPt4YD7laRzb7TTFTAywBRET2OiB0xBuYtR4L0= subject=C = PT, O = MULTICERT - Servi\C3\A7os de Certifica\C3\A7\C3\A3o Electr\C3\B3nica S.A., CN = MULTICERT Root Certification Authority 01
Z6hCZNQuIEqaWwo2Z7lR2yLFBd+V7Zg7XoxNH853r0M= subject=C = MY, O = Digicert Sdn. Bhd., CN = PosDigicert Class 2 Root CA G2
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= subject=C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= subject=C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication EV RootCA1
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= subject=CN = Autoridad de Certificacion Raiz del Estado Venezolano, C = VE, L = Caracas, ST = Distrito Capital, O = Sistema Nacional de Certificacion Electronica, OU = Superintendencia de Servicios de Certificacion Electronica, emailAddress = acraiz@suscerte.gob.ve
ZrAFOYJqN0hJMBkeAo9i2rHLyJs6zUctxOWQXke/c2Q= subject=C = MO, O = Macao Post, CN = Macao Post eSignTrust Root Certification Authority (G02)
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R1
aB3EgsKWyEAsbrsg5oMJo7yEZSOuNLmEqE7ml6MxLbc= subject=C = PL, O = Asseco Data Systems S.A., OU = Certum Certification Authority, CN = Certum Trusted Root CA
aCdH+LpiG4fN07wpXtXKvOciocDANj0daLOJKNJ4fx4= subject=OU = GlobalSign Root CA - R6, O = GlobalSign, CN = GlobalSign
aJv0WzCD/erVXxR/0QXjzyGK1Y7fPkswHAxe7qbPIQ0= subject=C = NL, O = Digidentity B.V., CN = Digidentity L3 Root CA - G2
aKpjVFHYOWIWfoj7CPhnjXOuxm/FWUYhN8/50bw9OHE= subject=C = US, O = Microsoft Corporation, CN = Microsoft EV RSA Root Certificate Authority 2017
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= subject=CN = ComSign CA, O = ComSign, C = IL
aN7ZogP/bjZ+EqpJl3zSAPcSeoAPqm+Fnwuv7YKGpPs= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft ECC Product Root Certificate Authority 2018
aev+v/YekQ4V8l7qcTByaSOdIXCSsg+m3JKnh3dk2qA= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Document Signing Root E45
akNrWNnYMOjVuKZCUFrWtBQGrc1olNlBT3vgoUZ7rbc= subject=C = DE, O = DATEV eG, CN = CA DATEV STD 02
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= subject=C = FR, O = Certinomis, OU = 0002 433998903, CN = Certinomis - Root CA
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA 2
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= subject=C = US, O = AffirmTrust, CN = AffirmTrust Commercial
bW8MNAlxohijHRAzDqmufHplUFNMbu/t3SEY4RTbRz4= subject=C = FR, O = OpenTrust, CN = OpenTrust Root CA G1
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= subject=C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
bjZLYTPe79y7ISc8X0RaIK+8BQONWwIcDCFTA5AWNFs= subject=C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA2
btDb2Vni7L6DI5gWCCb2Au5EHhqW8BVXm/OmcpKmDT4= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Document Signing Root R45
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= subject=C = JP, O = Japanese Government, OU = ApplicationCA
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 2 Public Primary Certification Authority - G3
cBYnC2CyjG4Xft69cYAH39MxDGSnN7fbAaB2kMNDvCc= subject=C = LV, OU = Sertifikacijas pakalpojumu dala, CN = E-ME SSI (RCA)
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R2
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= subject=OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= subject=C = JP, O = Japanese Government, OU = GPKI, CN = ApplicationCA2 Root
ce2RinrG0Xs4ScIBgLPnM0aRvF+3M3fwBwr6C+eJstE= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = CA ROOT Services, CN = SSC GDL CA Root B
cfit7sK1itvfYgXJjd6SikJUsDaVGT1/mmOpoliAldA= subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign Root CA - G2
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= subject=C = FR, O = Certplus, CN = Class 2 Primary CA
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= subject=C = US, O = SecureTrust Corporation, CN = SecureTrust CA
eC1+YeEyPSqvuHe+NO4d4ME0UTbU/LPJRZN/ame0Ev4= subject=C = AU, O = GOV, OU = DoD, OU = PKI, OU = CAs, CN = ADOCA02
eG/6V4YYw7mjERdeUIFvTdoGBcOGnyluvFlDvwn06QQ= subject=C = KR, O = NAVER BUSINESS PLATFORM Corp., CN = NAVER Global Root Certification Authority
ecqvU0fm5KlMjniphJb8dAIPgJ7eE/Ig+rYQTI3tMp8= subject=C = TW, O = "Chunghwa Telecom Co., Ltd.", CN = HiPKI Root CA - G1
eu3d82sY+Ky3N5/hzhgyErI1DQeIq+DoJFe+m62tbVQ= subject=C = CN, O = WoSign CA Limited, CN = CA WoSign ECC Root
ev5LBxovH0b4upRKJtWE1ZYLkvtIw7obfKuEkF8yqs0= subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor ECA-1
f0KW/FtqTjs108NpYj42SrGvOB2PpxIVM8nWxjPqJGE= subject=C = US, O = Amazon, CN = Amazon Root CA 2
fDtG2b6PJ0H5gAOVIYWOTN0wd0+zKzshzuoGqnnGqsY= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA2
fKbRP+N/gOJ1xJ4eaBPO4u2AwS5J3LugQOO44iadsos= subject=L = Internet, O = "VeriSign, Inc.", OU = VeriSign Commercial Software Publishers CA
fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2
fNZ8JI9p2D/C+bsB3LH3rWejY9BGBDeW0JhMOiMfa7A= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2
fWw+v56nNdGFS+6ny5QaseNQNRXgh7u1vmldBfL1VuQ= subject=C = US, ST = FL, L = Jacksonville, O = Network Solutions L.L.C., CN = Network Solutions ECC Certificate Authority
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= subject=OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU= subject=O = "Cybertrust, Inc", CN = Cybertrust Global Root
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= subject=C = CH, O = SwissSign AG, CN = SwissSign Gold Root CA - G3
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Public Primary Certification Authority - G4
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= subject=CN = Developer ID Certification Authority, OU = Apple Certification Authority, O = Apple Inc., C = US
gWugv99f1k1WjsDQUvcRZNnizK4S4CGe1s2B5+hF+4Q= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v2
gosO7/JGVOj/WEGindXU4+0wlSykNCWnkoNAcgjTnRY= subject=C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = Trustwave Global ECC P384 Certification Authority
grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= subject=C = CH, O = SwissSign AG, CN = SwissSign Silver Root CA - G3
haPYHSrQx53wp5aE4OJmYAmgneFXYOodds8O57KCXb0= subject=C = LU, O = LuxTrust s.a., CN = LuxTrust Global Root
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= subject=C = ES, ST = Barcelona, L = Barcelona (see current address at http://www.anf.es/es/address-direccion.html ), O = ANF Autoridad de Certificacion, OU = ANF Clase 1 CA, emailAddress = info@anf.es, serialNumber = G63287510, CN = ANF Global Root CA
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3
hsE6NAjdGqd+6LaUfAOVh3L1MSSMFie++yxPSwTQRJY= subject=C = FR, ST = France, L = Paris, O = PM/SGDN, OU = DCSSI, CN = IGC/A, emailAddress = igca@sgdn.pm.gouv.fr
hshLHDpm9Cha95cFJGfj7SNv0phvAzwCxHcb4LlwSCo= subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2007
hxV6dYX00DsAo5hGHhZOSAbhs/RtA6+9yd705HeL4uk= subject=C = SI, O = POSTA, OU = POSTArCA
hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
i+p269YTev+fHsw8CMrx3sR9uRaQ1XVMTp8VIywKLng= subject=C = DE, O = DATEV eG, CN = CA DATEV INT 01
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
iR/4mOSo1VUUAFbjF27qkfTYCO5/bRv7zOb4SAdjn5E= subject=C = FR, O = OpenTrust, CN = OpenTrust Root CA G3
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= subject=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= subject=C = EU, O = AC Camerfirma SA CIF A82743287, OU = http://www.chambersign.org, CN = Chambers of Commerce Root
ikLurbyLIaNcSzqt19+8vS7RsdoS6MRaU02pBgflZP0= subject=DC = rs, DC = posta, DC = ca, CN = Configuration, CN = Services, CN = Public Key Services, CN = AIA, CN = Posta CA Root
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= subject=C = CH, O = SwissSign AG, CN = SwissSign Platinum Root CA - G3
irTohVbL+GSl6f1QFxzU7YQk6PCAG5niNsgQkVlQrks= subject=C = SI, O = ACNLB
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
jUF9st2L9eMITR4/GW1YOEnYG91MAMcLnTk2npa4x4I= subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign ECC Root CA - G3
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3
jhXUJs0EiY8hi+Ll/jeE83UJTMQ13GGthsSjwBUR2+E= subject=C = US, ST = MN, L = Minneapolis, O = Open Access Technology International Inc, CN = OATI WebCARES Root CA
joBG7EysAVpQfODS0BVKS0Do5CsxZc+lRlcUNREtF+U= subject=C = FR, O = Dhimyotis, OU = 0002 48146308100036, CN = Certigna Root CA
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= subject=C = US, O = U.S. Government, OU = FPKI, CN = Federal Common Policy CA
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= subject=O = Cisco Systems, CN = Cisco Root CA 2048
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= subject=C = DE, O = TC TrustCenter GmbH, OU = TC TrustCenter Class 3 CA, CN = TC TrustCenter Class 3 CA II
kJHjH+klRqX14bPtQHH0RAuEDB6A2/y6en7G1YJfCyQ= subject=C = LT, OU = RCSC, O = VI Registru centras- i.k. 124110246, CN = RCSC RootCA
kRni9BNXl3eVSZFwPu4joEUjoxK1xl9/k3SqMQDr2Oc= subject=C = FR, O = Certplus, CN = Class 3TS Primary CA
kVCGzNTtHqdJtCf2sM60oO9bShzxgHBTnA8qdYGFo4I= subject=C = CH, O = admin, OU = Services, OU = Certification Authorities, CN = AdminCA-CD-T01
kYWR8eFte+DbBRln93k93f/PuauJ1Mo1cZ2vIjHwcjs= subject=C = CA, O = Carillon Information Security Inc., OU = Certification Authorities, CN = CISRCA1
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority
kx8c8DpvhMMP862Gm+PCGkEBkcyYrAr8nU6Lib2Gndw= subject=L = Alvaro Obregon, ST = Distrito Federal, C = MX, postalCode = 01030, street = Insurgentes Sur 1940, CN = Autoridad Certificadora Raiz de la Secretaria de Economia, OU = Direccion General de Normatividad Mercantil, O = Secretaria de Economia, emailAddress = acrse@economia.gob.mx
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= subject=C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2
l59vaopBxCHMZzRz1YpjeYF75z0uUkaYyA/7ZqFJ0Ik= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v1
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= subject=C = US, O = AffirmTrust, CN = AffirmTrust Networking
lBWyXbo7vXEUOeKplkt6Ulav87BcdyyKNObJNWarpjo= subject=C = CH, O = Swiss Government PKI, OU = www.pki.admin.ch, CN = Swiss Government Root CA III
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= subject=C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
lLlLv5oHJvF7CXOvbUHp+y5wmWUby+/d2XsKXyqrsN0= subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden EV Root CA
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= subject=C = ES, O = IZENPE S.A., CN = Izenpe.com
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Public Primary Certification Authority - G6
ljUtCth1wCfbgtWZuqjULlxHJkmYHs7tO/xl9Mgf1cE= subject=C = BR, O = ICP-Brasil, OU = Instituto Nacional de Tecnologia da Informacao - ITI, CN = Autoridade Certificadora Raiz Brasileira v10
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority
lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA= subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
ly+8bVW/77Gr43WK19Z6NJu++AwG8dhQAd+5EBuavBs= subject=C = DE, O = DATEV eG, CN = CA DATEV INT 02
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= subject=C = PL, O = Unizeto Sp. z o.o., CN = Certum CA
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= subject=C = us, O = U.S. Government, OU = FBCA, CN = Common Policy
mAki7uB/hrx/Xl6V1X24va5o4XpCHE5yqWpwioeSASQ= subject=C = HU, L = Budapest, O = Microsec Ltd., OU = e-Szigno CA, CN = Microsec e-Szigno Root CA
mEflZT5enoR1FuXLgYYGqnVEoZvmf9c2bVBpiOjYQ0c= subject=C = US, O = Google Trust Services LLC, CN = GTS Root R4
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= subject=O = Digital Signature Trust Co., CN = DST Root CA X4
mTM8OmZc8O+7dIizgHuLZfh7WynWiA8CjtwoRC7q5mk= subject=C = SI, O = Halcom, CN = Halcom Root CA
mUkjO7hQqWajLbFRktJM+ISJ8nPHemlNOTWY5vEn4PY= subject=C = CZ, O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", organizationIdentifier = NTRCZ-26439395, CN = I.CA Root CA/ECC 12/2016
mWKrFpmw63x+ileLx5iTBCAxwRWMYzYTGZqQuWUqKnU= subject=CN = CAEDICOM Root, O = EDICOM, C = ES
mlL/ajy241OghWfg3Jw5WzANYKIikquMGMFlaymDrpA= subject=serialNumber = G63287510, C = ES, O = ANF Autoridad de Certificacion, OU = ANF CA Raiz, CN = ANF Secure Server Root CA
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= subject=CN = Apple Root CA - G3, OU = Apple Certification Authority, O = Apple Inc., C = US
nG9qEjy6pO402+zu4kyX1ziHjLQj88InOQNCT10fbdU= subject=C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Server CA, emailAddress = server-certs@thawte.com
nPRwTz7lpZiUsWvwDP5z1Yja4mn1HeZqS6d0Ru4r0fc= subject=C = IN, O = India PKI, CN = CCA India 2014
nZih+2BTjEzEhX/xqMgDT69vxZIJP2GZlLLIE9JQuGQ= subject=C = FR, O = Certplus, CN = Class 1 Primary CA
ncOKntz4KEK2dNoYa21iFaueLsbXL1ewioknKMMUMfM= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA3
ndVfxXP1RstqODHRES2HEKb0+C3If1+unToaAo3Tbks= subject=C = CN, O = China Internet Network Information Center, CN = China Internet Network Information Center EV Certificates Root
nlo0sIkpvApYHIk2qv1qt1F7sVGItPb8AsRZBvcVlbA= subject=C = AT, L = Vienna, ST = Austria, O = ARGE DATEN - Austrian Society for Data Protection, OU = GLOBALTRUST Certification Service, CN = GLOBALTRUST, emailAddress = info@globaltrust.info
odRdBilzQbHzpzXPo48oPmh5/sBigaNh5fQXzHDSnck= subject=C = DE, O = DATEV eG, CN = CA DATEV BT 02
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= subject=C = CZ, CN = "I.CA - Qualified Certification Authority, 09/2009", O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", OU = I.CA - Accredited Provider of Certification Services
otyYyny77hgislsme9XKUC+nsM9P/wcD7mpBZwPzx+o= subject=C = FR, O = Certplus, CN = Class 3 Primary CA
oyD01TTXvpfBro3QSZc1vIlcMjrdLTiL/M9mLCPX+Zo= subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority ECC
p24pScuH9iNrX2jGkHR1h9ZEjqIc/q15UAhKwBUZCyU= subject=C = US, O = Cisco Systems, CN = Cisco RXC-R2
p5jZL3bJxnVeX1X4bNFK7cwGVTceJ8zeA3d0XOPFABM= subject=C = BE, O = Certipost s.a./n.v., CN = Certipost E-Trust Primary Qualified CA
p6jwOYlPX2dekqd44AjkJMlBfboGoXOLRbTgjTb8LXw= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-Qual-02, CN = A-Trust-Qual-02
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= subject=C = HU, ST = Hungary, L = Budapest, O = NetLock Halozatbiztonsagi Kft., OU = Tanusitvanykiadok, CN = NetLock Kozjegyzoi (Class A) Tanusitvanykiado
pLibtwZW6kmPLZ4ApJf9udzSC4G4k46VK7ot+fZXKcM= subject=C = SI, O = Halcom, CN = Halcom CA FO
pMv0hRavMWDrxirKxufyWGCe0IkVNQEMFmkkk6n+H78= subject=C = DE, O = DATEV eG, CN = CA DATEV INT 03
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= subject=C = TW, O = Government Root Certification Authority
pZ0vCcixaM2a+jvD602w16Q1iNUjKH8rg6gi6zNwkXA= subject=C = SE, O = Swedish Social Insurance Agency, CN = Swedish Government Root Authority v2
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= subject=C = US, O = VISA, OU = Visa International Service Association, CN = Visa eCommerce Root
pvH5v4oKndwID7SbHvw9GhwsMtwOE2pbAMlzFvKj3BE= subject=C = US, O = Equifax Secure Inc., CN = Equifax Secure Global eBusiness CA-1
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= subject=C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
q8rfo1/4Ncs6CguGQAYiuA1egMdlvAJ/GxxOCmIPXhw= subject=C = AT, O = A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU = A-Trust-Root-05, CN = A-Trust-Root-05
qBKTRF2xlqIDD55FX+PHSppPgxewKwFAYCeocIF0Q0w= subject=C = TW, O = Government Root Certification Authority
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= subject=C = CN, O = UniTrust, CN = UCA Root
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= subject=C = GB, O = Trustis Limited, OU = Trustis FPS Root CA
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
qjiH1bsTPLJO7L7NltFcyKgbKy9zb5z9r5RIZX7wSq0= subject=C = LT, O = Skaitmeninio sertifikavimo centras, OU = CA ROOT Services, CN = SSC GDL CA Root A
qzh2w9pd4MnPZzaGjuW4i/m6Hf+cnXLS/lqNL3gwIWY= subject=C = ZA, ST = Western Cape, L = Durbanville, O = Thawte, OU = Thawte Certification, CN = Thawte Timestamping CA
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
rER97dBDKqucBw8sygG22rCb7wfPTKaqp1VjT4V7MVo= subject=C = JP, O = LGPKI, CN = Application CA G4 Root
rTBMiEpdN2vRlSCaFMOeB/DT9c+JPYArBT4bkm5V13Q= subject=C = PT, O = SCEE, CN = ECRaizEstado
rn+WLLnmp9v3uDP7GPqbcaiRdd+UnCMrap73yz3yu/w= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Root R46
rxEPa1rot2fqxuCqJz84FuekCmRO2stDmBRjVud1CdY= subject=C = UY, O = ADMINISTRACION NACIONAL DE CORREOS, OU = SERVICIOS ELECTRONICOS, CN = Correo Uruguayo - Root CA
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= subject=C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 2 Public Primary Certification Authority - G6
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA
sIP/U29/SKkIHilKAYe1PoGXcUAtnUgQMG3gMQJOX0Y= subject=CN = AC1 RAIZ MTIN, serialNumber = S2819001E, OU = PRESTADOR DE SERVICIOS DE CERTIFICACION MTIN, OU = SUBDIRECCION GENERAL DE PROCESO DE DATOS, O = MINISTERIO DE TRABAJO E INMIGRACION, L = MADRID, C = ES
sPbxW0gX6+b+C0v819Os5MdYsKtvip2i7ZLmGCOdnJg= subject=CN = ACEDICOM Root, OU = PKI, O = EDICOM, C = ES
sRJBQqWhpaKIGcc1NA7/jJ4vgWj+47oYfyU7waOS1+I= subject=C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
sWyxulKaOeLf1Ts/9aefGQRhTYPjEwTwJ4u0CzjPeCQ= subject=C = CN, O = CFCA GT CA
sh0qdDMYcSuhbzmRnZYaS6+6O8qaQ6dbH8/iLF1wyro= subject=C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC
shOpy6qaiDGsCzqoDp0VhWzUOnzC4LrF/LhKJHUaing= subject=C = DE, O = DATEV eG, CN = CA DATEV STD 03
svcpi1K/LDysTd/nLeTWgqxYlXWVmC8rYjAa9ZfGmcU= subject=C = US, O = Microsoft Corporation, CN = Microsoft RSA Root Certificate Authority 2017
sxguKJrjTd8r5kOrecJEMBYF+g8equbRD7kpYAr4TfA= subject=C = BE, O = Certipost s.a./n.v., CN = Certipost E-Trust Primary Normalised CA
t0CLTSvgI4ujcATdNOJ2xgGb0vJMnbfUmA9fbDWaS8w= subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign Root CA - C1
tInMsiS5prgd0nTOr1IJwlKZjJp2r0jk9MUKByhGGCU= subject=C = TW, O = "Chunghwa Telecom Co., Ltd.", CN = ePKI Root Certification Authority - G2
tew1uqtTiITPqN2XN2sQLwPlO0gsZBAMJQcirpsELLw= subject=C = SE, O = Inera AB, CN = SITHS Root CA v1
tlakNDgxoqzxHuq8OkS5cCX/+6K5ENqHFM+CfYG+EMk= subject=C = ZA, ST = Western Cape, L = Somerset West, O = South African Post Office Limited, OU = SAPO Trust Centre, CN = SAPO Class 3 Root CA, emailAddress = pkiadmin@trustcentre.co.za
tzgpDMCFR+eaxn+DHrszVHxOfbRRTi0piMI8RBNA60E= subject=C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2
u0Eo7JYg8tKknOjixOJXrrrZOg8RxWtfpLAOI3Wfo50= subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
u1IIbQY56NszJ3Wsj06ENdks6wD04k8o/A6r4kB3LoA= subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions ECC RootCA 2015
uJvLuKzUdMG+p9rWUDf0jc7MnfqgYSw8JEWVZBnfMv4= subject=C = ES, ST = MADRID, L = MADRID, OU = see current address at www.camerfirma.com/address, OU = CHAMBERS OF COMMERCE ROOT - 2016, serialNumber = A82743287, organizationIdentifier = VATES-A82743287, O = AC CAMERFIRMA S.A., CN = CHAMBERS OF COMMERCE ROOT - 2016
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
v+gpCYcuRDTxFcUaVhaAGVlNDgPco2PZ87SDnQurzeU= subject=C = US, O = Verizon Business, OU = OmniRoot, CN = Verizon Global Root CA
v9cyWw0aotVPnkvpOMciA+S9c5BDQbDBg2NhwmMhIuE= subject=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Code Signing Root E45
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= subject=C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= subject=C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= subject=C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
vjKAxoY8dwozyQQL2X1VQLIW0dkduLCIzqwRl9rh1mA= subject=C = HR, O = Financijska agencija, CN = Fina Root CA
vt2LyX6oZJcZWgeKmZojegYK664HvAoLm3eJgrpfYvQ= subject=C = SI, O = Halcom, CN = Halcom CA PO 2
vwHDXzNxE/FntKUBhnZeex44kK9YYyjxhc0Na66BNSE= subject=C = ES, O = Agencia Notarial de Certificacion S.L.U. - CIF B83395988, CN = ANCERT Certificados CGN V2
w3L20Y6+5aoj2ekZ8+a+mEiOwBYH3zFi/BkuSxNGr7M= subject=C = CZ, organizationIdentifier = NTRCZ-47114983, O = "\C4\8Cesk\C3\A1 po\C5\A1ta, s.p.", CN = PostSignum Root QCA 4
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= subject=CN = ComSign Global Root CA, O = ComSign Ltd., C = IL
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= subject=C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium
x/WEI22GOV6Pb4LAEIhqLFbgcaahw+0odrijpyxe+7U= subject=C = CZ, CN = "I.CA - Standard Certification Authority, 09/2009", O = "Prvn\C3\AD certifika\C4\8Dn\C3\AD autorita, a.s.", OU = I.CA - Provider of Certification Services
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= subject=C = KR, O = KISA, OU = Korea Certification Authority Central, CN = KISA RootCA 1
x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
xCUz069JmPWtnwclIdhdRy+n/9z8WIyCR7M33HcQk4k= subject=C = si, O = state-institutions, OU = sigen-ca
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Global Root CA
xT2tnlOuJ+2V8Op6kgP3v1bv8PjhzpYMtHYbloNC404= subject=CN = Autoridad Certificadora Ra\C3\ADz Nacional de Uruguay, O = AGESIC, C = UY
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= subject=C = JP, O = LGPKI, OU = Application CA G2
xXUL+F9Fn7cOK2zRiY03XpLXk45HpuA0zODBLTA3LM0= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft ECC TS Root Certificate Authority 2018
xj1oxkihi3dkHEJ6Zp1hyXaKVfT80DIurJbFdwApnPE= subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-2
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= subject=C = SE, O = AddTrust AB, OU = AddTrust TTP Network, CN = AddTrust Qualified CA Root
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= subject=emailAddress = pki@sk.ee, C = EE, O = AS Sertifitseerimiskeskus, CN = Juur-SK
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= subject=C = ch, O = Swisscom, OU = Digital Certificate Services, CN = Swisscom Root CA 2
y617HThISd8JRrfujn9ffOOu2Hb9p7ydMNixbyn/LFM= subject=C = RO, O = CERTSIGN SA, OU = certSIGN ROOT CA G2
yQ0AnEfuufKimuhI9dkw8rQe9e28XFaVwUFDRcHdZ7Q= subject=C = DE, ST = Baden-Wuerttemberg (BW), L = Stuttgart, O = Deutscher Sparkassen Verlag GmbH, CN = S-TRUST Authentication and Encryption Root CA 2005:PN
yUImLAx8CpW7FStxxCVW3b6aBPqDeDc1UNK3zifZUqM= subject=C = TN, O = Agence Nationale de Certification Electronique, CN = TunTrust Root CA
yZBbDuASAik8oCbmTwhBJELFUEwG5Eyn6XJtYfIOQIk= subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Root Certificate Authority 2010
yemLmVZykxsDPiZd/t/mIxbnf5iE1sE4mbVT8Qo7Dws= subject=CN = esignit.org
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= subject=C = CN, O = UniTrust, CN = UCA Global Root
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= subject=C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA
Z+oZMkOuODk5ta2eNWprK/k6k7zc+CikcIJJeIMIP4Y= subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
ZrAFOYJqN0hJMBkeAo9i2rHLyJs6zUctxOWQXke/c2Q= subject=C = MO, O = Macao Post, CN = Macao Post eSignTrust Root Certification Authority (G02)
zrGUEcZQUsdX+UHrgmyWlB5NCNCWx9t+fqPE+ME/GhM= subject=C = CN, O = "GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN = GDCA TrustAUTH R5 ROOT
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= subject=C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication EV RootCA1
zwnuZ5fhfFhTML7kCk2/oJaZFFxGxTrFppvmOeuJImY= subject=C = ZA, ST = Western Cape, L = Somerset West, O = South African Post Office Limited, OU = SAPO Trust Centre, CN = SAPO Class 2 Root CA, emailAddress = pkiadmin@trustcentre.co.za
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= subject=CN = ComSign Secured CA, O = ComSign, C = IL
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= subject=CN = Autoridad de Certificacion Raiz del Estado Venezolano, C = VE, L = Caracas, ST = Distrito Capital, O = Sistema Nacional de Certificacion Electronica, OU = Superintendencia de Servicios de Certificacion Electronica, emailAddress = acraiz@suscerte.gob.ve

2
etc/client-simulation.wiresharked.md
View File

@ -19,7 +19,7 @@ The whole process is done manually.
* Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
* Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
* For "ciphers" mark the cipher suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2cipher.sh`
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
* "ciphersuites" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
* Figure out the services by applying a good piece of human logic
* Before submitting a PR: test it yourself! You can also watch it again via wireshark

346
etc/openssl.cnf Normal file
View File

@ -0,0 +1,346 @@
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several certs with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
signer_digest = sha256 # Signing digest to use. (Optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)

5
t/08_isHTML_valid.t
View File

@ -6,6 +6,7 @@
use strict;
use Test::More;
use Data::Dumper;
use Text::Diff;
my $tests = 0;
my $prg="./testssl.sh";
@ -15,6 +16,7 @@ my $html="";
my $debughtml="";
my $edited_html="";
my $check2run="--ip=one --color 0 --htmlfile tmp.html";
my $diff="";
die "Unable to open $prg" unless -f $prg;
@ -72,5 +74,8 @@ $debughtml =~ s/.*DEBUG:.*\n//g;
cmp_ok($debughtml, "eq", $html, "HTML file created with --debug 4 matches HTML file created without --debug");
$tests++;
$diff = diff \$debughtml, \$html;
printf "\n%s\n", "$diff";
printf "\n";
done_testing($tests);

2
t/25_baseline_starttls.t
View File

@ -130,7 +130,7 @@ unlike($openssl_out, qr/$openssl_regex_bl/, "");
$tests++;
$uri="news.newsguy.com:119";
$uri="140.238.219.117:119";
# unlink "tmp.json";
printf "\n%s\n", "STARTTLS NNTP unit tests via sockets --> $uri ...";

178
testssl.sh
View File

@ -169,7 +169,7 @@ echo A | sed -E 's/A//' >/dev/null 2>&1 && \
declare -r HAS_SED_E=true || \
declare -r HAS_SED_E=false
########### Terminal defintions
########### Terminal definitions
tty -s && \
declare -r INTERACTIVE=true || \
declare -r INTERACTIVE=false
@ -292,7 +292,7 @@ CURVES_OFFERED="" # This keeps which curves have been dete
KNOWN_OSSL_PROB=false # We need OpenSSL a few times. This variable is an indicator if we can't connect. Eases handling
DETECTED_TLS_VERSION="" # .. as hex string, e.g. 0300 or 0303
TLS13_ONLY=false # Does the server support TLS 1.3 ONLY?
OSSL_SHORTCUT=${OSSL_SHORTCUT:-false} # Hack: if during the scan turns out the OpenSSL binary suports TLS 1.3 would be a better choice, this enables it.
OSSL_SHORTCUT=${OSSL_SHORTCUT:-false} # Hack: if during the scan turns out the OpenSSL binary supports TLS 1.3 would be a better choice, this enables it.
TLS_EXTENSIONS=""
declare -r NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
# alpn_protos needs to be space-separated, not comma-seperated, including odd ones observed @ facebook and others, old ones like h2-17 omitted as they could not be found
@ -360,6 +360,8 @@ HAS_AES128_GCM=false
HAS_AES256_GCM=false
HAS_ZLIB=false
HAS_DIG=false
HAS_DIG_R=true
DIG_R="-r"
HAS_HOST=false
HAS_DRILL=false
HAS_NSLOOKUP=false
@ -597,7 +599,9 @@ pr_bold() { tm_bold "$1"; [[ "$COLOR" -ne 0 ]] && html_out "<span style=\"
prln_bold() { pr_bold "$1" ; outln; }
NO_ITALICS=false
if [[ $SYSTEM == OpenBSD ]]; then
if [[ $TERM == screen ]]; then
NO_ITALICS=true
elif [[ $SYSTEM == OpenBSD ]]; then
NO_ITALICS=true
elif [[ $SYSTEM == FreeBSD ]]; then
if [[ ${SYSTEMREV%\.*} -le 9 ]]; then
@ -865,7 +869,7 @@ fileout_pretty_json_banner() {
echo -e " \"Invocation\" : \"$PROG_NAME $CMDLINE\",
\"at\" : \"$HNAME:$OPENSSL_LOCATION\",
\"version\" : \"$VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE\",
\"version\" : \"$VERSION ${GIT_REL_SHORT} from $REL_DATE\",
\"openssl\" : \"$OSSL_NAME $OSSL_VER from $OSSL_BUILD_DATE\",
\"startTime\" : \"$START_TIME\",
\"scanResult\" : ["
@ -1095,7 +1099,7 @@ html_banner() {
if "$CHILD_MASS_TESTING" && "$HTMLHEADER"; then
html_out "## Scan started as: \"$PROG_NAME $CMDLINE\"\n"
html_out "## at $HNAME:$OPENSSL_LOCATION\n"
html_out "## version testssl: $VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE\n"
html_out "## version testssl: $VERSION ${GIT_REL_SHORT} from $REL_DATE\n"
html_out "## version openssl: \"$OSSL_NAME $OSSL_VER\" from \"$OSSL_BUILD_DATE\")\n\n"
fi
}
@ -1139,7 +1143,7 @@ prepare_logging() {
fi
tmln_out "## Scan started as: \"$PROG_NAME $CMDLINE\"" >>"$LOGFILE"
tmln_out "## at $HNAME:$OPENSSL_LOCATION" >>"$LOGFILE"
tmln_out "## version testssl: $VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE" >>"$LOGFILE"
tmln_out "## version testssl: $VERSION ${GIT_REL_SHORT} from $REL_DATE" >>"$LOGFILE"
tmln_out "## version openssl: \"$OSSL_VER\" from \"$OSSL_BUILD_DATE\")\n" >>"$LOGFILE"
exec > >(tee -a -i "$LOGFILE")
}
@ -1162,7 +1166,7 @@ get_last_char() {
}
# Checking for last char. If already a separator supplied, we don't need an additional one
debugme() {
[[ "$DEBUG" -ge 2 ]] && "$@"
[[ "$DEBUG" -ge 2 ]] && "$@" >&2
return 0
}
@ -1873,7 +1877,7 @@ wait_kill(){
# Convert date formats -- we always use GMT=UTC here
# argv1: source date string
# argv2: dest date sting
# argv2: dest date string
if "$HAS_GNUDATE"; then # Linux and NetBSD
parse_date() {
LC_ALL=C TZ=GMT date -d "$1" "$2"
@ -1883,7 +1887,7 @@ elif "$HAS_FREEBSDDATE"; then # FreeBSD, OS X and newer (~6.6) OpenBSD vers
LC_ALL=C TZ=GMT date -j -f "$3" "$2" "$1"
}
elif "$HAS_OPENBSDDATE"; then
# We bascially echo it as a conversion as we want it is too difficult. Approach for that would be:
# We basically echo it as a conversion as we want it is too difficult. Approach for that would be:
# printf '%s\n' "$1" | awk '{ printf "%04d%02d%02d\n", $4, $2, (index("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3}'
# 4: year, 1: month, 2: day, $3: time (e.g. "Dec 8 10:16:13 2016")
# This way we could also kind of convert args to epoch but as newer OpenBSDs "date" behave like FreeBSD
@ -2195,7 +2199,7 @@ run_http_header() {
debugme echo "NOW_TIME: $NOW_TIME | HTTP_TIME: $HTTP_TIME"
# Quit on first empty line to catch 98% of the cases. Next pattern is there because the SEDs tested
# so far seem not to be fine with header containing x0d x0a (CRLF) which is the usal case.
# so far seem not to be fine with header containing x0d x0a (CRLF) which is the usual case.
# So we also trigger also on any sign on a single line which is not alphanumeric (plus _)
sed -e '/^$/q' -e '/^[^a-zA-Z_0-9]$/q' $HEADERFILE >$HEADERFILE.tmp
# Now to be more sure we delete from '<' or '{' maybe with a leading blank until the end
@ -3300,7 +3304,7 @@ neat_list(){
[[ "$enc" == ChaCha20-Poly1305 ]] && enc="CHACHA20(256)"
[[ "$enc" == GOST-28178-89-CNT ]] && enc="GOST(256)"
strength="${enc//\)/}" # retrieve (). first remove traling ")"
strength="${enc//\)/}" # retrieve (). first remove trailing ")"
strength="${strength#*\(}" # exfiltrate (VAL
enc="${enc%%\(*}"
@ -4419,7 +4423,7 @@ client_simulation_sockets() {
# robustness to the implementation
# see also https://github.com/drwetter/testssl.sh/pull/797
if [[ "${1:0:4}" == 1603 ]]; then
# Extact list of cipher suites from SSLv3 or later ClientHello
# Extract list of cipher suites from SSLv3 or later ClientHello
sid_len=4*$(hex2dec "${data:174:2}")
offset1=178+$sid_len
offset2=182+$sid_len
@ -4427,7 +4431,7 @@ client_simulation_sockets() {
offset1=186+$sid_len
code2network "$(tolower "${data:offset1:len}")" # convert CIPHER_SUITES to a "standardized" format
else
# Extact list of cipher suites from SSLv2 ClientHello
# Extract list of cipher suites from SSLv2 ClientHello
len=2*$(hex2dec "${clienthello:12:2}")
for (( i=22; i < 22+len; i=i+6 )); do
offset1=$i+2
@ -4871,7 +4875,7 @@ run_prototest_openssl() {
add_tls_offered() {
# the ":" is mandatory here (and @ other places), otherwise e.g. tls1 will match tls1_2
if [[ "$PROTOS_OFFERED" =~ $1: ]]; then
# we got that protcol already
# we got that protocol already
:
else
PROTOS_OFFERED+="${1}:$2 "
@ -7334,19 +7338,19 @@ get_server_certificate() {
local success ret
local npn_params="" line
local ciphers_to_test=""
# Cipher suites that use a certifiate with an RSA (signature) public key
# Cipher suites that use a certificate with an RSA (signature) public key
local -r a_rsa="cc,13, cc,15, c0,30, c0,28, c0,14, 00,9f, cc,a8, cc,aa, c0,a3, c0,9f, 00,6b, 00,39, c0,77, 00,c4, 00,88, c0,45, c0,4d, c0,53, c0,61, c0,7d, c0,8b, 16,b7, 16,b9, c0,2f, c0,27, c0,13, 00,9e, c0,a2, c0,9e, 00,67, 00,33, c0,76, 00,be, 00,9a, 00,45, c0,44, c0,4c, c0,52, c0,60, c0,7c, c0,8a, c0,11, c0,12, 00,16, 00,15, 00,14, c0,10"
# Cipher suites that use a certifiate with an RSA (encryption) public key
# Cipher suites that use a certificate with an RSA (encryption) public key
local -r e_rsa="00,b7, c0,99, 00,ad, cc,ae, 00,9d, c0,a1, c0,9d, 00,3d, 00,35, 00,c0, 00,84, 00,95, c0,3d, c0,51, c0,69, c0,6f, c0,7b, c0,93, ff,01, 00,ac, c0,a0, c0,9c, 00,9c, 00,3c, 00,2f, 00,ba, 00,b6, 00,96, 00,41, c0,98, 00,07, 00,94, c0,3c, c0,50, c0,68, c0,6e, c0,7a, c0,92, 00,05, 00,04, 00,92, 00,0a, 00,93, fe,ff, ff,e0, 00,62, 00,09, 00,61, fe,fe, ff,e1, 00,64, 00,60, 00,08, 00,06, 00,03, 00,b9, 00,b8, 00,2e, 00,3b, 00,02, 00,01, ff,00"
# Cipher suites that use a certifiate with a DSA public key
# Cipher suites that use a certificate with a DSA public key
local -r a_dss="00,a3, 00,6a, 00,38, 00,c3, 00,87, c0,43, c0,57, c0,81, 00,a2, 00,40, 00,32, 00,bd, 00,99, 00,44, c0,42, c0,56, c0,80, 00,66, 00,13, 00,63, 00,12, 00,65, 00,11"
# Cipher suites that use a certifiate with a DH public key
# Cipher suites that use a certificate with a DH public key
local -r a_dh="00,a5, 00,a1, 00,69, 00,68, 00,37, 00,36, 00,c2, 00,c1, 00,86, 00,85, c0,3f, c0,41, c0,55, c0,59, c0,7f, c0,83, 00,a4, 00,a0, 00,3f, 00,3e, 00,31, 00,30, 00,bc, 00,bb, 00,98, 00,97, 00,43, 00,42, c0,3e, c0,40, c0,54, c0,58, c0,7e, c0,82, 00,10, 00,0d, 00,0f, 00,0c, 00,0b, 00,0e"
# Cipher suites that use a certifiate with an ECDH public key
# Cipher suites that use a certificate with an ECDH public key
local -r a_ecdh="c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05, c0,79, c0,75, c0,4b, c0,4f, c0,5f, c0,63, c0,89, c0,8d, c0,31, c0,2d, c0,29, c0,25, c0,0e, c0,04, c0,78, c0,74, c0,4a, c0,4e, c0,5e, c0,62, c0,88, c0,8c, c0,0c, c0,02, c0,0d, c0,03, c0,0b, c0,01"
# Cipher suites that use a certifiate with an ECDSA public key
# Cipher suites that use a certificate with an ECDSA public key
local -r a_ecdsa="cc,14, c0,2c, c0,24, c0,0a, cc,a9, c0,af, c0,ad, c0,73, c0,49, c0,5d, c0,87, 16,b8, 16,ba, c0,2b, c0,23, c0,09, c0,ae, c0,ac, c0,72, c0,48, c0,5c, c0,86, c0,07, c0,08, c0,06"
# Cipher suites that use a certifiate with a GOST public key
# Cipher suites that use a certificate with a GOST public key
local -r a_gost="00,80, 00,81, 00,82, 00,83"
local using_sockets=true
@ -7369,13 +7373,13 @@ get_server_certificate() {
extract_stapled_ocsp
success=$?
else
# For STARTTLS protcols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
# For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
if ( [[ "$STARTTLS" =~ ldap ]] || [[ "$STARTTLS" =~ irc ]] ); then
return 1
elif [[ "$1" =~ "tls1_3_RSA" ]]; then
tls_sockets "04" "$TLS13_CIPHER" "all" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01"
tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01"
elif [[ "$1" =~ "tls1_3_ECDSA" ]]; then
tls_sockets "04" "$TLS13_CIPHER" "all" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03"
tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03"
else
return 1
fi
@ -7454,7 +7458,7 @@ get_server_certificate() {
cp $TEMPDIR/$NODEIP.parse_tls_serverhello.txt $TMPFILE
# When "$2" is empty, get_server_certificate() is being called with SNI="".
# In case the extensions returned by the server differ depending on wheter
# In case the extensions returned by the server differ depending on whether
# SNI is provided or not, don't collect extensions when SNI="" (unless
# no DNS name was provided at the command line).
[[ -z "$2" ]] && extract_new_tls_extensions $TMPFILE
@ -7509,7 +7513,7 @@ get_server_certificate() {
"ssl3") DETECTED_TLS_VERSION="0300" ;;
esac
# When "$2" is empty, get_server_certificate() is being called with SNI="".
# In case the extensions returned by the server differ depending on wheter
# In case the extensions returned by the server differ depending on whether
# SNI is provided or not, don't collect extensions when SNI="" (unless
# no DNS name was provided at the command line).
[[ -z "$2" ]] && extract_new_tls_extensions $TMPFILE
@ -7803,7 +7807,7 @@ etsi_etls_visibility_info() {
# OpenSSL displays all names of type otherName as "othername:<unsupported>".
# As certificates will rarely include a name encoded as an otherName, check the
# text version of the certificate for "othername:<unsupported>" before calling
# external functions to obtain the DER encoded certficate.
# external functions to obtain the DER encoded certificate.
if [[ "$cert_txt" =~ X509v3\ Subject\ Alternative\ Name:.*othername:\<unsupported\> ]]; then
dercert="$($OPENSSL x509 -in "$cert" -outform DER 2>>$ERRFILE | hexdump -v -e '16/1 "%02X"')"
if [[ "$dercert" =~ 0603551D110101FF04[0-9A-F]*060604009B430301 ]] || \
@ -7999,19 +8003,19 @@ certificate_transparency() {
local hexc n ciph sslver kx auth enc mac export
local extra_extns=""
local -i success
# Cipher suites that use a certifiate with an RSA (signature) public key
# Cipher suites that use a certificate with an RSA (signature) public key
local -r a_rsa="cc,13, cc,15, c0,30, c0,28, c0,14, 00,9f, cc,a8, cc,aa, c0,a3, c0,9f, 00,6b, 00,39, c0,77, 00,c4, 00,88, c0,45, c0,4d, c0,53, c0,61, c0,7d, c0,8b, 16,b7, 16,b9, c0,2f, c0,27, c0,13, 00,9e, c0,a2, c0,9e, 00,67, 00,33, c0,76, 00,be, 00,9a, 00,45, c0,44, c0,4c, c0,52, c0,60, c0,7c, c0,8a, c0,11, c0,12, 00,16, 00,15, 00,14, c0,10"
# Cipher suites that use a certifiate with an RSA (encryption) public key
# Cipher suites that use a certificate with an RSA (encryption) public key
local -r e_rsa="00,b7, c0,99, 00,ad, cc,ae, 00,9d, c0,a1, c0,9d, 00,3d, 00,35, 00,c0, 00,84, 00,95, c0,3d, c0,51, c0,69, c0,6f, c0,7b, c0,93, ff,01, 00,ac, c0,a0, c0,9c, 00,9c, 00,3c, 00,2f, 00,ba, 00,b6, 00,96, 00,41, c0,98, 00,07, 00,94, c0,3c, c0,50, c0,68, c0,6e, c0,7a, c0,92, 00,05, 00,04, 00,92, 00,0a, 00,93, fe,ff, ff,e0, 00,62, 00,09, 00,61, fe,fe, ff,e1, 00,64, 00,60, 00,08, 00,06, 00,03, 00,b9, 00,b8, 00,2e, 00,3b, 00,02, 00,01, ff,00"
# Cipher suites that use a certifiate with a DSA public key
# Cipher suites that use a certificate with a DSA public key
local -r a_dss="00,a3, 00,6a, 00,38, 00,c3, 00,87, c0,43, c0,57, c0,81, 00,a2, 00,40, 00,32, 00,bd, 00,99, 00,44, c0,42, c0,56, c0,80, 00,66, 00,13, 00,63, 00,12, 00,65, 00,11"
# Cipher suites that use a certifiate with a DH public key
# Cipher suites that use a certificate with a DH public key
local -r a_dh="00,a5, 00,a1, 00,69, 00,68, 00,37, 00,36, 00,c2, 00,c1, 00,86, 00,85, c0,3f, c0,41, c0,55, c0,59, c0,7f, c0,83, 00,a4, 00,a0, 00,3f, 00,3e, 00,31, 00,30, 00,bc, 00,bb, 00,98, 00,97, 00,43, 00,42, c0,3e, c0,40, c0,54, c0,58, c0,7e, c0,82, 00,10, 00,0d, 00,0f, 00,0c, 00,0b, 00,0e"
# Cipher suites that use a certifiate with an ECDH public key
# Cipher suites that use a certificate with an ECDH public key
local -r a_ecdh="c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05, c0,79, c0,75, c0,4b, c0,4f, c0,5f, c0,63, c0,89, c0,8d, c0,31, c0,2d, c0,29, c0,25, c0,0e, c0,04, c0,78, c0,74, c0,4a, c0,4e, c0,5e, c0,62, c0,88, c0,8c, c0,0c, c0,02, c0,0d, c0,03, c0,0b, c0,01"
# Cipher suites that use a certifiate with an ECDSA public key
# Cipher suites that use a certificate with an ECDSA public key
local -r a_ecdsa="cc,14, c0,2c, c0,24, c0,0a, cc,a9, c0,af, c0,ad, c0,73, c0,49, c0,5d, c0,87, 16,b8, 16,ba, c0,2b, c0,23, c0,09, c0,ae, c0,ac, c0,72, c0,48, c0,5c, c0,86, c0,07, c0,08, c0,06"
# Cipher suites that use a certifiate with a GOST public key
# Cipher suites that use a certificate with a GOST public key
local -r a_gost="00,80, 00,81, 00,82, 00,83"
# First check whether signed certificate timestamps (SCT) are included in the
@ -10256,7 +10260,7 @@ starttls_mysql_dialog() {
# 1 is the timeout value which only MySQL needs. Note, there seems no response whether STARTTLS
# succeeded. We could try harder, see https://github.com/openssl/openssl/blob/master/apps/s_client.c
# but atm this seems sufficient as later we will fail if there's no STARTTLS.
# BUT: there seeem to be cases when the handshake fails (8S01Bad handshake --> 30 38 53 30 31 42 61 64 20 68 61 6e 64 73 68 61 6b 65).
# BUT: there seem to be cases when the handshake fails (8S01Bad handshake --> 30 38 53 30 31 42 61 64 20 68 61 6e 64 73 68 61 6b 65).
# also there's a banner in the reply "<version><somebytes>mysql_native_password"
# TODO: We could detect if the server supports STARTTLS via the "Server Capabilities"
# bit field, but we'd need to parse the binary stream, with greater precision than regex.
@ -10418,7 +10422,7 @@ socksend_clienthello() {
}
# ARG1: hexbytes -- preceeded by x -- separated by commas, with a leading comma
# ARG1: hexbytes -- preceded by x -- separated by commas, with a leading comma
# ARG2: seconds to sleep
socksend() {
local data line
@ -14769,7 +14773,7 @@ run_sweet32() {
pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers"
fileout "SWEET32" "LOW" "uses 64 bit block ciphers" "$cve" "$cwe" "$hint"
elif "$ssl2_sweet"; then
pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers wth SSLv2 only"
pr_svrty_low "VULNERABLE"; out ", uses 64 bit block ciphers with SSLv2 only"
fileout "SWEET32" "LOW" "uses 64 bit block ciphers with SSLv2 only" "$cve" "$cwe" "$hint"
else
pr_svrty_best "not vulnerable (OK)";
@ -14989,7 +14993,7 @@ run_tls_fallback_scsv() {
# support SSLv3 and it is known that SSLv3 is the fallback protocol ($low_proto), then
# the test cannot be performed. Similarly, if SSLv3 could be the fallback protocol, but
# support for SSLv3 is unknown, then the test cannot be performed.
# NOTE: This check assumes that any server that suppports SSLv3 and either TLS 1.2 or
# NOTE: This check assumes that any server that supports SSLv3 and either TLS 1.2 or
# TLS 1.1 would also support TLS 1. So, if $high_proto is not TLS 1, then it is assumed
# that either (1) $low_proto has already been set (to TLS1.1 or TLS 1) or (2) no protocol
# lower than $high_proto is offered.
@ -15219,7 +15223,7 @@ get_common_prime() {
return 1
else
dh_p="$(toupper "$dh_p")"
# In the previous line of the match is bascially the hint we want to echo
# In the previous line of the match is basically the hint we want to echo
# the most elegant thing to get the previous line [ awk '/regex/ { print x }; { x=$0 }' ] doesn't work with gawk
lineno_matched=$(grep -n "$dh_p" "$common_primes_file" 2>/dev/null | awk -F':' '{ print $1 }')
if [[ "$lineno_matched" -ne 0 ]]; then
@ -16925,10 +16929,18 @@ find_openssl_binary() {
: # 5. we tried hard and failed, so now we use the system binaries
fi
# no ERRFILE initialized yet, thus we use /dev/null for stderr directly
$OPENSSL version -a 2>/dev/null >/dev/null
if [[ $? -ne 0 ]] || [[ ! -x "$OPENSSL" ]]; then
fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN
[[ ! -x "$OPENSSL" ]] && fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN
# The former detection only was flawed, because when the system supplied openssl.cnf file
# couldn't be parsed by our openssl it bailed out here with a misleading error, see #1982.
# Now we try with another version of the config file and if it still fails we bail out.
if ! $OPENSSL version -d >/dev/null 2>&1 ; then
export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/etc/openssl.cnf"
if ! $OPENSSL version -d >/dev/null 2>&1 ; then
fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN
else
[[ "$DEBUG" -ge 1 ]] && echo "We provide our own openssl.cnf file as the one from your system cannot be used"
fi
fi
# https://www.openssl.org/news/openssl-notes.html
@ -17001,7 +17013,7 @@ find_openssl_binary() {
$OPENSSL ciphers -s 2>&1 | grep -aiq "unknown option" || \
OSSL_CIPHERS_S="-s"
# This and all other occurences we do a little trick using "invalid." to avoid plain and
# This and all other occurrences we do a little trick using "invalid." to avoid plain and
# link level DNS lookups. See issue #1418 and https://tools.ietf.org/html/rfc6761#section-6.4
$OPENSSL s_client -ssl2 -connect invalid. 2>&1 | grep -aiq "unknown option" || \
HAS_SSL2=true
@ -17238,7 +17250,7 @@ help() {
single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
-e, --each-cipher checks each local cipher remotely
-E, --cipher-per-proto checks those per protocol
-s, --std, --standard tests certain lists of cipher suites by strength
-s, --std, --standard tests standard cipher categories by strength
-p, --protocols checks TLS/SSL protocols (including SPDY/HTTP2)
-g, --grease tests several server implementation bugs like GREASE and size limitations
-S, --server-defaults displays the server's default picks and certificate info
@ -17409,6 +17421,7 @@ HAS_IDN: $HAS_IDN
HAS_IDN2: $HAS_IDN2
HAS_AVAHIRESOLVE: $HAS_AVAHIRESOLVE
HAS_DIG_NOIDNOUT: $HAS_DIG_NOIDNOUT
HAS_DIG_R: $HAS_DIG_R
PATH: $PATH
PROG_NAME: $PROG_NAME
@ -17505,9 +17518,7 @@ mybanner() {
"$QUIET" && return
"$CHILD_MASS_TESTING" && return
OPENSSL_NR_CIPHERS=$(count_ciphers "$(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' 'ALL')")
[[ -z "$GIT_REL" ]] && \
idtag="$CVS_REL" || \
idtag="$GIT_REL -- $CVS_REL_SHORT"
[[ -n "$GIT_REL" ]] && idtag="$GIT_REL"
bb1=$(cat <<EOF
###########################################################
@ -17664,8 +17675,10 @@ initialize_engine(){
# Avoid clashes of OpenSSL 1.1.1 config file with our openssl 1.0.2. This is for Debian 10
export OPENSSL_CONF=''
return 1
else # we have engine support
if [[ -n "$OPENSSL_CONF" ]]; then
else
# we have engine support. But we want to check whether an external OPENSSL_CONF was supplied.
# $TESTSSL_INSTALL_DIR/etc/openssl.cnf is an internal presetting, see #1982
if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ]]; then
prln_warning "For now I am providing the config file to have GOST support"
else
OPENSSL_CONF=$TEMPDIR/gost.conf
@ -17849,6 +17862,7 @@ get_local_a() {
check_resolver_bins() {
local saved_openssl_conf="$OPENSSL_CONF"
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
type -p dig &> /dev/null && HAS_DIG=true
type -p host &> /dev/null && HAS_HOST=true
type -p drill &> /dev/null && HAS_DRILL=true
@ -17857,14 +17871,16 @@ check_resolver_bins() {
type -p idn &>/dev/null && HAS_IDN=true
type -p idn2 &>/dev/null && HAS_IDN2=true
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
if ! "$HAS_DIG" && ! "$HAS_HOST" && ! "$HAS_DRILL" && ! "$HAS_NSLOOKUP"; then
fatal "Neither \"dig\", \"host\", \"drill\" or \"nslookup\" is present" $ERR_DNSBIN
fi
if "$HAS_DIG"; then
if dig +noidnout -t a 2>&1 | grep -Eq 'Invalid option: \+noidnout|IDN support not enabled'; then
:
else
# Old dig versions don't have an option to ignore $HOME/.digrc
if ! dig -h | grep -qE '\-r.*~/.digrc'; then
HAS_DIG_R=false
DIG_R=""
fi
if dig -h | grep -Eq idnout; then
HAS_DIG_NOIDNOUT=true
fi
fi
@ -17896,20 +17912,20 @@ get_a_record() {
if "$HAS_AVAHIRESOLVE"; then
ip4=$(filter_ip4_address $(avahi-resolve -4 -n "$1" 2>/dev/null | awk '{ print $2 }'))
elif "$HAS_DIG"; then
ip4=$(filter_ip4_address $(dig @224.0.0.251 -p 5353 +short -t a +notcp "$1" 2>/dev/null | sed '/^;;/d'))
ip4=$(filter_ip4_address $(dig $DIG_R @224.0.0.251 -p 5353 +short -t a +notcp "$1" 2>/dev/null | sed '/^;;/d'))
else
fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." $ERR_DNSBIN
fi
fi
if [[ -z "$ip4" ]] && "$HAS_DIG"; then
ip4=$(filter_ip4_address $(dig +short +timeout=2 +tries=2 $noidnout -t a "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
fi
if [[ -z "$ip4" ]] && "$HAS_HOST"; then
ip4=$(filter_ip4_address $(host -t a "$1" 2>/dev/null | awk '/address/ { print $NF }'))
fi
if [[ -z "$ip4" ]] && "$HAS_DRILL"; then
ip4=$(filter_ip4_address $(drill a "$1" | awk '/ANSWER SECTION/,/AUTHORITY SECTION/ { print $NF }' | awk '/^[0-9]/'))
fi
if [[ -z "$ip4" ]] && "$HAS_DIG"; then
ip4=$(filter_ip4_address $(dig $DIG_R +short +timeout=2 +tries=2 $noidnout -t a "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
fi
if [[ -z "$ip4" ]] && "$HAS_NSLOOKUP"; then
ip4=$(filter_ip4_address $(strip_lf "$(nslookup -querytype=a "$1" 2>/dev/null | awk '/^Name/ { getline; print $NF }')"))
fi
@ -17940,16 +17956,16 @@ get_aaaa_record() {
if "$HAS_AVAHIRESOLVE"; then
ip6=$(filter_ip6_address $(avahi-resolve -6 -n "$1" 2>/dev/null | awk '{ print $2 }'))
elif "$HAS_DIG"; then
ip6=$(filter_ip6_address $(dig @ff02::fb -p 5353 -t aaaa +short +notcp "$NODE"))
ip6=$(filter_ip6_address $(dig $DIG_R @ff02::fb -p 5353 -t aaaa +short +notcp "$NODE"))
else
fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." $ERR_DNSBIN
fi
elif "$HAS_DIG"; then
ip6=$(filter_ip6_address $(dig +short +timeout=2 +tries=2 $noidnout -t aaaa "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
elif "$HAS_HOST"; then
ip6=$(filter_ip6_address $(host -t aaaa "$1" | awk '/address/ { print $NF }'))
elif "$HAS_DRILL"; then
ip6=$(filter_ip6_address $(drill aaaa "$1" | awk '/ANSWER SECTION/,/AUTHORITY SECTION/ { print $NF }' | awk '/^[0-9]/'))
elif "$HAS_DIG"; then
ip6=$(filter_ip6_address $(dig $DIG_R +short +timeout=2 +tries=2 $noidnout -t aaaa "$1" 2>/dev/null | awk '/^[0-9]/ { print $1 }'))
elif "$HAS_NSLOOKUP"; then
ip6=$(filter_ip6_address $(strip_lf "$(nslookup -type=aaaa "$1" 2>/dev/null | awk '/'"^${a}"'.*AAAA/ { print $NF }')"))
fi
@ -17979,16 +17995,16 @@ get_caa_rr_record() {
# for dig +short the output always starts with '0 issue [..]' or '\# 19 [..]' so we normalize thereto to keep caa_flag, caa_property
# caa_property then has key/value pairs, see https://tools.ietf.org/html/rfc6844#section-3
OPENSSL_CONF=""
if "$HAS_DIG"; then
raw_caa="$(dig +short +timeout=3 +tries=3 $noidnout type257 "$1" 2>/dev/null | awk '{ print $1" "$2" "$3 }')"
# empty if no CAA record
elif "$HAS_DRILL"; then
if "$HAS_DRILL"; then
raw_caa="$(drill $1 type257 | awk '/'"^${1}"'.*CAA/ { print $5,$6,$7 }')"
elif "$HAS_HOST"; then
raw_caa="$(host -t type257 $1)"
if grep -Ewvq "has no CAA|has no TYPE257" <<< "$raw_caa"; then
raw_caa="$(sed -e 's/^.*has CAA record //' -e 's/^.*has TYPE257 record //' <<< "$raw_caa")"
fi
elif "$HAS_DIG"; then
raw_caa="$(dig $DIG_R +short +timeout=3 +tries=3 $noidnout type257 "$1" 2>/dev/null | awk '{ print $1" "$2" "$3 }')"
# empty if no CAA record
elif "$HAS_NSLOOKUP"; then
raw_caa="$(strip_lf "$(nslookup -type=type257 $1 | grep -w rdata_257)")"
if [[ -n "$raw_caa" ]]; then
@ -18050,10 +18066,10 @@ get_mx_record() {
# we need the last two columns here
if "$HAS_HOST"; then
mxs="$(host -t MX "$1" 2>/dev/null | awk '/is handled by/ { print $(NF-1), $NF }')"
elif "$HAS_DIG"; then
mxs="$(dig +short $noidnout -t MX "$1" 2>/dev/null | awk '/^[0-9]/ { print $1" "$2 }')"
elif "$HAS_DRILL"; then
mxs="$(drill mx $1 | awk '/IN[ \t]MX[ \t]+/ { print $(NF-1), $NF }')"
elif "$HAS_DIG"; then
mxs="$(dig $DIG_R +short $noidnout -t MX "$1" 2>/dev/null | awk '/^[0-9]/ { print $1" "$2 }')"
elif "$HAS_NSLOOKUP"; then
mxs="$(strip_lf "$(nslookup -type=MX "$1" 2>/dev/null | awk '/mail exchanger/ { print $(NF-1), $NF }')")"
else
@ -18150,15 +18166,15 @@ determine_rdns() {
if "$HAS_AVAHIRESOLVE"; then
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
elif "$HAS_DIG"; then
rDNS=$(dig -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer +short | awk '{ print $1 }')
rDNS=$(dig $DIG_R -x $nodeip @224.0.0.251 -p 5353 +notcp +noall +answer +short | awk '{ print $1 }')
fi
elif "$HAS_DIG"; then
# 1+2 should suffice. It's a compromise for if e.g. network is down but we have a docker/localhost server
rDNS=$(dig -x $nodeip +timeout=1 +tries=2 +noall +answer +short | awk '{ print $1 }') # +short returns also CNAME, e.g. openssl.org
elif "$HAS_HOST"; then
rDNS=$(host -t PTR $nodeip 2>/dev/null | awk '/pointer/ { print $NF }')
elif "$HAS_DRILL"; then
rDNS=$(drill -x ptr $nodeip 2>/dev/null | awk '/ANSWER SECTION/ { getline; print $NF }')
elif "$HAS_DIG"; then
# 1+2 should suffice. It's a compromise for if e.g. network is down but we have a docker/localhost server
rDNS=$(dig $DIG_R -x $nodeip +timeout=1 +tries=2 +noall +answer +short | awk '{ print $1 }') # +short returns also CNAME, e.g. openssl.org
elif "$HAS_NSLOOKUP"; then
rDNS=$(strip_lf "$(nslookup -type=PTR $nodeip 2>/dev/null | grep -v 'canonical name =' | grep 'name = ' | awk '{ print $NF }' | sed 's/\.$//')")
fi
@ -18555,8 +18571,6 @@ determine_service() {
ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql|nntp)
STARTTLS="-starttls $protocol"
if [[ "$protocol" == xmpp ]]; then
# for XMPP, openssl has a problem using -connect $NODEIP:$PORT. thus we use -connect $NODE:$PORT instead!
NODEIP="$NODE"
if [[ -n "$XMPP_HOST" ]]; then
if ! "$HAS_XMPP"; then
fatal "Your $OPENSSL does not support the \"-xmpphost\" option" $ERR_OSSLBIN
@ -18570,11 +18584,18 @@ determine_service() {
prln_warning " IP address doesn't work for XMPP, trying PTR record $rDNS"
# remove trailing .
NODE=${rDNS%%.}
NODEIP=${rDNS%%.}
else
fatal "No DNS supplied and no PTR record available which I can try for XMPP" $ERR_DNSLOOKUP
fi
fi
if "$HAS_XMPP"; then
# small hack -- instead of changing calls all over the place
STARTTLS="$STARTTLS -xmpphost $NODE"
else
# If the XMPP name cannot be provided using -xmpphost,
# then it needs to be provided to the -connect option
NODEIP="$NODE"
fi
fi
elif [[ "$protocol" == postgres ]]; then
# Check if openssl version supports postgres.
@ -18625,7 +18646,7 @@ determine_sizelimitbug() {
local overflow_cipher='C0,86'
local -i nr_ciphers
# For STARTTLS protcols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
# For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
# Fixme: find out whether we can't skip this in general for STARTTLS
[[ "$STARTTLS" =~ ldap ]] && return 0
[[ "$STARTTLS" =~ irc ]] && return 0
@ -19531,6 +19552,13 @@ parse_cmd_line() {
do_client_simulation=true
;;
-U|--vulnerable|--vulnerabilities)
# Lookahead function: If the order of the cmdline is '-U --ids-friendly'
# then we need to make sure we catch --ids-friendly. Normally we do not,
# see #1717. The following statement makes sure. In the do-while + case-esac
# loop it will be execute again, but it does not hurt
if [[ "${CMDLINE_ARRAY[@]}" =~ --ids-friendly ]]; then
OFFENSIVE=false
fi
do_vulnerabilities=true
do_heartbleed="$OFFENSIVE"
do_ccs_injection="$OFFENSIVE"

2
utils/docker-debian10.tls13only.start.sh
View File

@ -1,5 +1,5 @@
# no early data, but TLS 1.3 with debian:buster (sid simlar in Feb 2019)
# no early data, but TLS 1.3 with debian:buster (sid similar in Feb 2019)
image=${1:-"debian:buster"}
docker pull "$image"

2
utils/gmap2testssl.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash
# Utility which converts grepable nmap outout to testssl's file input
# Utility which converts grepable nmap output to testssl's file input
# It is just borrowed from testssl.sh
# License see testssl.sh

2
utils/resume.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# simple check for seesion resumption 1) by SID, 2) by tickets
# simple check for session resumption 1) by SID, 2) by tickets
# Author: Dirk Wetter, GPLv2 see https://testssl.sh/LICENSE.txt

4
utils/ticketbleed.bash
View File

@ -50,7 +50,7 @@ yellow=$(tput setaf 3; tput bold)
normal=$(tput sgr0)
send_clienthello() {
local -i len_ch=216 # len of clienthello, exlcuding TLS session ticket and SID (record layer)
local -i len_ch=216 # len of clienthello, excluding TLS session ticket and SID (record layer)
local session_tckt_tls="$1"
local -i len_tckt_tls="${#1}"
local xlen_tckt_tls=""
@ -269,7 +269,7 @@ trap "cleanup" QUIT EXIT
"$DEBUG" && ( echo; echo )
echo "##### 2) Sending 1 to 3 ClientHello(s) (TLS version 03,$TLSV) with this ticket and a made up SessionID"
# we do 3 client hellos, and see whether different memmory is returned
# we do 3 client hellos, and see whether different memory is returned
for i in 1 2 3; do
fd_socket $PORT