commit
364bea1da0
|
@ -1 +1,3 @@
|
|||
.DS_Store
|
||||
tmp.json
|
||||
*.bak
|
||||
|
|
|
@ -1,716 +1,256 @@
|
|||
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services
|
||||
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA
|
||||
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3
|
||||
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2
|
||||
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3
|
||||
DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3
|
||||
80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3
|
||||
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority
|
||||
tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg=
|
||||
RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services
|
||||
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA
|
||||
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC
|
||||
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA
|
||||
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE=
|
||||
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M=
|
||||
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q=
|
||||
qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA
|
||||
0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA
|
||||
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA
|
||||
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2
|
||||
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3
|
||||
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=
|
||||
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA
|
||||
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2
|
||||
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2
|
||||
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1
|
||||
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2
|
||||
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2
|
||||
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2
|
||||
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA
|
||||
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2
|
||||
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3
|
||||
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2
|
||||
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3
|
||||
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4
|
||||
0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6
|
||||
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4
|
||||
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6
|
||||
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4
|
||||
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6
|
||||
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2
|
||||
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA
|
||||
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2
|
||||
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3
|
||||
rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II
|
||||
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II
|
||||
a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II
|
||||
st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I
|
||||
qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II
|
||||
q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III
|
||||
ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1
|
||||
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3
|
||||
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA
|
||||
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2
|
||||
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3
|
||||
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA
|
||||
4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services
|
||||
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo=
|
||||
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
|
||||
0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA
|
||||
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority
|
||||
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root
|
||||
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root
|
||||
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC
|
||||
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email
|
||||
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware
|
||||
gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications
|
||||
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object
|
||||
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3
|
||||
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3
|
||||
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3
|
||||
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A=
|
||||
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4
|
||||
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5
|
||||
VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3
|
||||
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority
|
||||
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root
|
||||
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA
|
||||
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA
|
||||
qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority
|
||||
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority
|
||||
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4=
|
||||
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root
|
||||
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA
|
||||
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano
|
||||
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root
|
||||
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2
|
||||
tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1
|
||||
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA
|
||||
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA
|
||||
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig
|
||||
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1
|
||||
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2
|
||||
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna
|
||||
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root
|
||||
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine
|
||||
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA
|
||||
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU=
|
||||
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA
|
||||
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA
|
||||
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2
|
||||
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root
|
||||
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008
|
||||
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048
|
||||
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA
|
||||
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root
|
||||
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy
|
||||
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority
|
||||
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA
|
||||
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA
|
||||
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA
|
||||
7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009
|
||||
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009
|
||||
0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2
|
||||
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority
|
||||
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA
|
||||
OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root
|
||||
8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2
|
||||
Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3
|
||||
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA
|
||||
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2
|
||||
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3
|
||||
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA
|
||||
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4
|
||||
itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2
|
||||
PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6
|
||||
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3
|
||||
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root
|
||||
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4
|
||||
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority
|
||||
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2
|
||||
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA
|
||||
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority
|
||||
+sld48JKF0GUgAz/qjylHXEWYwZkqbYMh1i07w3Fj4g= A-Trust-nQual-03
|
||||
/1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
|
||||
/PfamDYD6IhiAw2WE32OEwMbrftNVsH9TKzDOfa9uyo= America Online Root Certification Authority 2
|
||||
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1
|
||||
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA
|
||||
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U=
|
||||
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA
|
||||
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA
|
||||
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority
|
||||
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2
|
||||
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3
|
||||
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root
|
||||
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008
|
||||
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign
|
||||
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign
|
||||
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial
|
||||
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign
|
||||
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign
|
||||
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA
|
||||
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=
|
||||
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2
|
||||
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg=
|
||||
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011
|
||||
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1
|
||||
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009
|
||||
B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1
|
||||
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking
|
||||
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK
|
||||
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1
|
||||
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009
|
||||
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány
|
||||
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority
|
||||
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium
|
||||
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services
|
||||
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA
|
||||
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3
|
||||
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2
|
||||
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3
|
||||
DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3
|
||||
80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3
|
||||
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority
|
||||
tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg=
|
||||
RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services
|
||||
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA
|
||||
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC
|
||||
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA
|
||||
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE=
|
||||
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M=
|
||||
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q=
|
||||
qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA
|
||||
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009
|
||||
0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2
|
||||
0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA
|
||||
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA
|
||||
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2
|
||||
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3
|
||||
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=
|
||||
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA
|
||||
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2
|
||||
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2
|
||||
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1
|
||||
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2
|
||||
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2
|
||||
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2
|
||||
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA
|
||||
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2
|
||||
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3
|
||||
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2
|
||||
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3
|
||||
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4
|
||||
0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6
|
||||
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4
|
||||
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6
|
||||
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4
|
||||
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6
|
||||
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2
|
||||
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA
|
||||
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2
|
||||
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3
|
||||
rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II
|
||||
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II
|
||||
a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II
|
||||
st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I
|
||||
qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II
|
||||
q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III
|
||||
ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1
|
||||
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3
|
||||
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA
|
||||
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2
|
||||
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3
|
||||
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA
|
||||
1qGEQ9NI25lPk0zNjmNdgzonrB5W+K+vfJfLT0Pqtos= Certification Authority of WoSign
|
||||
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= /C=RO/O=certSIGN/OU=certSIGN ROOT CA
|
||||
2Psz44XJwtpymoRwa6kn3Lt5Jz4SL/2WczY7cLfzbLs= Root CA Generalitat Valenciana
|
||||
2xXABitSDzGKGdrP7NZPnno/vmCf1YZ5byCuAo6OMFg= CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
|
||||
31MLrJ/NkUwlLC+9zt3GGD1K6MaArWXwPiBIYd17HHM= Microsoft Root Certificate Authority
|
||||
3V7RwJD59EgGG6qUprsRAXVE6e76ogzHFM5sYz9dxik= CFCA EV ROOT
|
||||
4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services
|
||||
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo=
|
||||
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
|
||||
0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA
|
||||
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority
|
||||
58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU= COMODO ECC Certification Authority
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
5co3vHtsNhl5vGsSPKmh2wGQRtf/X1ffuFSxnRCwaC8= Atos TrustedRoot 2011
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority
|
||||
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root
|
||||
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root
|
||||
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC
|
||||
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email
|
||||
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware
|
||||
gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications
|
||||
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object
|
||||
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3
|
||||
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3
|
||||
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3
|
||||
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A=
|
||||
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4
|
||||
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5
|
||||
VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3
|
||||
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority
|
||||
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root
|
||||
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA
|
||||
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA
|
||||
qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority
|
||||
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority
|
||||
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4=
|
||||
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root
|
||||
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA
|
||||
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano
|
||||
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root
|
||||
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2
|
||||
tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1
|
||||
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA
|
||||
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA
|
||||
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig
|
||||
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1
|
||||
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2
|
||||
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna
|
||||
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root
|
||||
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine
|
||||
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA
|
||||
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU=
|
||||
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA
|
||||
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA
|
||||
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2
|
||||
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root
|
||||
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008
|
||||
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048
|
||||
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA
|
||||
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root
|
||||
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy
|
||||
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority
|
||||
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA
|
||||
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA
|
||||
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA
|
||||
7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009
|
||||
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009
|
||||
0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2
|
||||
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority
|
||||
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA
|
||||
OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root
|
||||
8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2
|
||||
Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3
|
||||
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA
|
||||
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2
|
||||
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3
|
||||
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA
|
||||
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4
|
||||
itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2
|
||||
PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6
|
||||
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3
|
||||
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root
|
||||
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4
|
||||
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority
|
||||
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2
|
||||
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA
|
||||
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority
|
||||
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1
|
||||
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA
|
||||
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U=
|
||||
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA
|
||||
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA
|
||||
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority
|
||||
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2
|
||||
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3
|
||||
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root
|
||||
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008
|
||||
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign
|
||||
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign
|
||||
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial
|
||||
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign
|
||||
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign
|
||||
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA
|
||||
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=
|
||||
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2
|
||||
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg=
|
||||
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011
|
||||
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1
|
||||
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009
|
||||
B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1
|
||||
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking
|
||||
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK
|
||||
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1
|
||||
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009
|
||||
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány
|
||||
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority
|
||||
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium
|
||||
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services
|
||||
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA
|
||||
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3
|
||||
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2
|
||||
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3
|
||||
DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3
|
||||
80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3
|
||||
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority
|
||||
tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg=
|
||||
RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services
|
||||
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA
|
||||
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC
|
||||
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA
|
||||
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE=
|
||||
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M=
|
||||
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q=
|
||||
qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA
|
||||
0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA
|
||||
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA
|
||||
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2
|
||||
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3
|
||||
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=
|
||||
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA
|
||||
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2
|
||||
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2
|
||||
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1
|
||||
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2
|
||||
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2
|
||||
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2
|
||||
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA
|
||||
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2
|
||||
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3
|
||||
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2
|
||||
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3
|
||||
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4
|
||||
0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6
|
||||
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4
|
||||
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6
|
||||
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4
|
||||
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6
|
||||
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2
|
||||
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA
|
||||
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2
|
||||
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3
|
||||
rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II
|
||||
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II
|
||||
a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II
|
||||
st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I
|
||||
qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II
|
||||
q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III
|
||||
ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1
|
||||
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3
|
||||
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA
|
||||
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2
|
||||
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3
|
||||
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA
|
||||
4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services
|
||||
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo=
|
||||
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
|
||||
0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA
|
||||
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority
|
||||
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root
|
||||
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root
|
||||
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC
|
||||
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email
|
||||
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware
|
||||
gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications
|
||||
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object
|
||||
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3
|
||||
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3
|
||||
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3
|
||||
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A=
|
||||
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4
|
||||
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5
|
||||
VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3
|
||||
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority
|
||||
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root
|
||||
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA
|
||||
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA
|
||||
qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority
|
||||
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority
|
||||
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4=
|
||||
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root
|
||||
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA
|
||||
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano
|
||||
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root
|
||||
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2
|
||||
tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1
|
||||
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA
|
||||
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA
|
||||
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig
|
||||
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1
|
||||
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2
|
||||
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna
|
||||
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root
|
||||
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine
|
||||
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA
|
||||
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU=
|
||||
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA
|
||||
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA
|
||||
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2
|
||||
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root
|
||||
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008
|
||||
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048
|
||||
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA
|
||||
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root
|
||||
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy
|
||||
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority
|
||||
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA
|
||||
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA
|
||||
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA
|
||||
7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009
|
||||
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009
|
||||
0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2
|
||||
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority
|
||||
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA
|
||||
OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root
|
||||
8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2
|
||||
Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3
|
||||
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA
|
||||
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2
|
||||
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3
|
||||
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA
|
||||
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4
|
||||
itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2
|
||||
PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6
|
||||
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3
|
||||
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root
|
||||
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4
|
||||
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority
|
||||
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2
|
||||
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA
|
||||
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority
|
||||
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1
|
||||
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA
|
||||
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U=
|
||||
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA
|
||||
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA
|
||||
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority
|
||||
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2
|
||||
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3
|
||||
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root
|
||||
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008
|
||||
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign
|
||||
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign
|
||||
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial
|
||||
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign
|
||||
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign
|
||||
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA
|
||||
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=
|
||||
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2
|
||||
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg=
|
||||
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011
|
||||
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1
|
||||
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009
|
||||
96/0GycJ8XX4q6F+VnsnBGst1Uv25+Jj0ylYc0N7nP8= A-Trust-Qual-03
|
||||
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2
|
||||
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
|
||||
9TwiBZgX3Zb0AGUWOdL4V+IQcKWavtkHlADZ9pVQaQA= Thawte Premium Server CA
|
||||
9YV9iGK8K6PJ3co/hBRtyNgfTVedKzh79gBlOB7mQd0= Class 3P Primary CA
|
||||
9zvl66U2kSxVf7hVUXrR7gSHvY9jSYw5SRZBd7oGxd4= I.CA - Standard root certificate
|
||||
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority
|
||||
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA
|
||||
AjdtCQisIwQcx9Zm2drxklVPf8NjF6qcuACQhhayivg= Microsoft Root Certificate Authority 2011
|
||||
AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
|
||||
B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1
|
||||
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking
|
||||
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK
|
||||
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1
|
||||
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009
|
||||
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány
|
||||
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority
|
||||
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium
|
||||
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services
|
||||
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA
|
||||
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3
|
||||
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2
|
||||
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3
|
||||
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority
|
||||
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root
|
||||
BVcK5usPzrQhDm23lIa3CUyvIAQB4Um2Z3RBtfJeRJs= ACCVRAIZ1
|
||||
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2
|
||||
Blb1lVIEyNK8ixykdeKk+m4STRJFEnhBV8hYtVRxFBo= http:
|
||||
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign
|
||||
CT23Z4iPaxMnVV29Qrtck/7exQRMeoS8bqMqV4wiNcA= http:
|
||||
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object
|
||||
DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3
|
||||
80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3
|
||||
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority
|
||||
tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg=
|
||||
RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services
|
||||
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA
|
||||
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC
|
||||
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA
|
||||
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE=
|
||||
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M=
|
||||
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q=
|
||||
qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA
|
||||
0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA
|
||||
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA
|
||||
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2
|
||||
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3
|
||||
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=
|
||||
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA
|
||||
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2
|
||||
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2
|
||||
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1
|
||||
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2
|
||||
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2
|
||||
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2
|
||||
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA
|
||||
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2
|
||||
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3
|
||||
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2
|
||||
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3
|
||||
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4
|
||||
0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6
|
||||
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4
|
||||
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6
|
||||
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4
|
||||
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6
|
||||
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2
|
||||
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA
|
||||
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2
|
||||
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3
|
||||
rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II
|
||||
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II
|
||||
a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II
|
||||
st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I
|
||||
qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II
|
||||
q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III
|
||||
EASNAtrRvSDsXdZoz1gbc5Yc6O6YL+vHiUZu/Uj37HM= avast! Web
|
||||
EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU= GTE CyberTrust Global Root
|
||||
ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1
|
||||
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3
|
||||
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA
|
||||
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2
|
||||
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3
|
||||
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA
|
||||
4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services
|
||||
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo=
|
||||
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
|
||||
0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA
|
||||
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority
|
||||
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root
|
||||
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root
|
||||
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC
|
||||
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email
|
||||
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware
|
||||
gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications
|
||||
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object
|
||||
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3
|
||||
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3
|
||||
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3
|
||||
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A=
|
||||
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4
|
||||
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5
|
||||
VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3
|
||||
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority
|
||||
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root
|
||||
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA
|
||||
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA
|
||||
qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority
|
||||
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority
|
||||
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4=
|
||||
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root
|
||||
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA
|
||||
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano
|
||||
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root
|
||||
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2
|
||||
tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1
|
||||
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA
|
||||
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA
|
||||
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig
|
||||
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1
|
||||
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2
|
||||
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna
|
||||
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root
|
||||
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine
|
||||
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA
|
||||
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU=
|
||||
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA
|
||||
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA
|
||||
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2
|
||||
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root
|
||||
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008
|
||||
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048
|
||||
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA
|
||||
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root
|
||||
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy
|
||||
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority
|
||||
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA
|
||||
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA
|
||||
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA
|
||||
7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009
|
||||
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009
|
||||
0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2
|
||||
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority
|
||||
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA
|
||||
OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root
|
||||
8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2
|
||||
F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU= GeoTrust Global CA 2
|
||||
FJ8u5juaXlgDJAp3DcmR/C40ReYoMcJFpJvE8fc4/5w= OISTE WISeKey Global Root GB CA
|
||||
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2
|
||||
Fbso2SB+E/i8lVfdeF66dzvqlE4E1+CP+KpV7zGUqiA= KEYNECTIS ROOT CA
|
||||
Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3
|
||||
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA
|
||||
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2
|
||||
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3
|
||||
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA
|
||||
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4
|
||||
itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2
|
||||
PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6
|
||||
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3
|
||||
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root
|
||||
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4
|
||||
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority
|
||||
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı
|
||||
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2
|
||||
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA
|
||||
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority
|
||||
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1
|
||||
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA
|
||||
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U=
|
||||
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA
|
||||
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA
|
||||
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority
|
||||
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2
|
||||
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3
|
||||
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root
|
||||
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008
|
||||
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign
|
||||
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign
|
||||
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial
|
||||
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign
|
||||
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign
|
||||
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA
|
||||
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=
|
||||
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2
|
||||
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg=
|
||||
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
|
||||
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
|
||||
FtgtZ6Htjon5q1j30P0+sNABdof8ruzUBHXxAIOltZM= SecureSign RootCA1
|
||||
G4qJUxcBYIye88ZfXWCpSLG625dTYiougcCkooS+Y8w= CA DATEV STD 01
|
||||
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3
|
||||
Ga2Y3gIVXX4z6d0h8ORWEP0R0oBEuDGLvr+fYzeIjfA= CA DATEV BT 01
|
||||
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011
|
||||
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1
|
||||
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009
|
||||
B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1
|
||||
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking
|
||||
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
H0IkzshPyZztiB/2/P0+IfjFGcVHqmpd094kcwLOUNE= CNNIC ROOT
|
||||
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA
|
||||
I4SdCUkj1EpIgbY6sYXpvhWqyO8sMETZNLx/JuLSzWk= America Online Root Certification Authority 1
|
||||
ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs= USERTrust ECC Certification Authority
|
||||
IgUKkoNkgcLzwfhBfTdEehZwB6ybpk6iKMtqHhTGS4s= I.CA - Qualified root certificate
|
||||
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3
|
||||
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA
|
||||
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5
|
||||
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA
|
||||
JsGNxu6m9jL2drzrodjCtINS8pwtX82oeOCdy4Mt1uU= Equifax Secure eBusiness CA-1
|
||||
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA
|
||||
KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK
|
||||
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1
|
||||
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009
|
||||
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány
|
||||
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||
KikzfD1iJMxT8LteXVggwNiEiwSHEyjwkP7jzWv4IbQ= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
|
||||
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2
|
||||
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2
|
||||
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2
|
||||
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email
|
||||
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA
|
||||
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
|
||||
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4
|
||||
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2
|
||||
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4
|
||||
Md4MsZ8q27DRzXsbMe+O4+tZt0RZrvlLSAvu7rhcZMk= http:
|
||||
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC
|
||||
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority
|
||||
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1
|
||||
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1
|
||||
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorit\xC3\xA9 Racine
|
||||
O0WRggXFkSmKGSKli0kh0B9kj6nSi93frSSu7FlCz78= /C=ES/O=FNMT/OU=FNMT Clase 2 CA
|
||||
OBo/x6iwgvooYTpNB/LHVT9OGRjuB8qp6LfO3lqcoGo= Certification Authority of WoSign G2
|
||||
OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root
|
||||
OoA+fApDop/XNnLj0LssNlPZSO3gs8sdtM51qFfomvE= Buypass Class 3 CA 1
|
||||
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA
|
||||
PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6
|
||||
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC
|
||||
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2
|
||||
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3
|
||||
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA
|
||||
RGLBB8SF3WpUQ/XnoWBEFgNKN0w/TRCHXxw3FQJ1Y68= Microsoft Root Authority
|
||||
RK+K/PE5XSqOMO+BLOGc6y6JSN/SHgD7qjRon5okch8= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services
|
||||
S3Lf7T7cy19JRWguKVcxoIZKxrW4Wxk+zS8GtJAMHP0= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 H5
|
||||
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig
|
||||
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority
|
||||
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3
|
||||
SiZZZm3AIDuRb1PYCtj2GsML6hYfSFzHUn5qWTfkkhY= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 H6
|
||||
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3
|
||||
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware
|
||||
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root
|
||||
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna
|
||||
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4
|
||||
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA
|
||||
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|
||||
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3
|
||||
VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3
|
||||
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1
|
||||
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA
|
||||
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4
|
||||
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA
|
||||
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root
|
||||
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2
|
||||
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009
|
||||
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority
|
||||
Yo46EVb2+qkvlLQJJY1Muj8gR0gNMBlPrz++0F6utbI= e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
|
||||
Z+oZMkOuODk5ta2eNWprK/k6k7zc+CikcIJJeIMIP4Y= Staat der Nederlanden Root CA
|
||||
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2
|
||||
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2
|
||||
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
|
||||
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano
|
||||
ZrAFOYJqN0hJMBkeAo9i2rHLyJs6zUctxOWQXke/c2Q= Macao Post eSignTrust Root Certification Authority (G02)
|
||||
a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II
|
||||
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1
|
||||
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA
|
||||
akNrWNnYMOjVuKZCUFrWtBQGrc1olNlBT3vgoUZ7rbc= CA DATEV STD 02
|
||||
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA
|
||||
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2
|
||||
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial
|
||||
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority
|
||||
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= /C=JP/O=Japanese Government/OU=ApplicationCA
|
||||
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3
|
||||
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2
|
||||
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign
|
||||
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root
|
||||
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2
|
||||
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA
|
||||
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA
|
||||
egUvWN1fX0JTrxfoxOkAplWFMtYlqYpuGmCYxVCv5UI= Cybertrust Public SureServer SV CA
|
||||
eu3d82sY+Ky3N5/hzhgyErI1DQeIq+DoJFe+m62tbVQ= CA WoSign ECC Root
|
||||
fDtG2b6PJ0H5gAOVIYWOTN0wd0+zKzshzuoGqnnGqsY= SecureSign RootCA2
|
||||
fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE= GeoTrust Universal CA 2
|
||||
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign
|
||||
foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU= Cybertrust Global Root
|
||||
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3
|
||||
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2
|
||||
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4
|
||||
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority
|
||||
gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications
|
||||
grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= COMODO RSA Certification Authority
|
||||
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA
|
||||
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3
|
||||
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA
|
||||
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3
|
||||
hsE6NAjdGqd+6LaUfAOVh3L1MSSMFie++yxPSwTQRJY= IGC
|
||||
i+p269YTev+fHsw8CMrx3sR9uRaQ1XVMTp8VIywKLng= CA DATEV INT 01
|
||||
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2
|
||||
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign
|
||||
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root
|
||||
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3
|
||||
itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2
|
||||
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2
|
||||
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3
|
||||
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA
|
||||
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048
|
||||
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II
|
||||
kRni9BNXl3eVSZFwPu4joEUjoxK1xl9/k3SqMQDr2Oc= Class 3TS Primary CA
|
||||
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008
|
||||
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority
|
||||
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2
|
||||
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking
|
||||
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root
|
||||
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6
|
||||
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority
|
||||
lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA= GeoTrust Universal CA
|
||||
ly+8bVW/77Gr43WK19Z6NJu++AwG8dhQAd+5EBuavBs= CA DATEV INT 02
|
||||
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA
|
||||
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy
|
||||
mAki7uB/hrx/Xl6V1X24va5o4XpCHE5yqWpwioeSASQ= Microsec e-Szigno Root CA
|
||||
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4
|
||||
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3
|
||||
nG9qEjy6pO402+zu4kyX1ziHjLQj88InOQNCT10fbdU= Thawte Server CA
|
||||
nZih+2BTjEzEhX/xqMgDT69vxZIJP2GZlLLIE9JQuGQ= Class 1 Primary CA
|
||||
ncOKntz4KEK2dNoYa21iFaueLsbXL1ewioknKMMUMfM= SecureSign RootCA3
|
||||
ndVfxXP1RstqODHRES2HEKb0+C3If1+unToaAo3Tbks= China Internet Network Information Center EV Certificates Root
|
||||
nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw= Entrust.net Secure Server Certification Authority
|
||||
odRdBilzQbHzpzXPo48oPmh5/sBigaNh5fQXzHDSnck= CA DATEV BT 02
|
||||
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09
|
||||
otyYyny77hgislsme9XKUC+nsM9P/wcD7mpBZwPzx+o= Class 3 Primary CA
|
||||
p5jZL3bJxnVeX1X4bNFK7cwGVTceJ8zeA3d0XOPFABM= Certipost E-Trust Primary Qualified CA
|
||||
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||
pLibtwZW6kmPLZ4ApJf9udzSC4G4k46VK7ot+fZXKcM= Halcom CA FO
|
||||
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= /C=TW/O=Government Root Certification Authority
|
||||
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root
|
||||
pvH5v4oKndwID7SbHvw9GhwsMtwOE2pbAMlzFvKj3BE= Equifax Secure Global eBusiness CA-1
|
||||
q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III
|
||||
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3
|
||||
qBKTRF2xlqIDD55FX+PHSppPgxewKwFAYCeocIF0Q0w= /C=TW/O=Government Root Certification Authority
|
||||
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root
|
||||
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
|
||||
qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority
|
||||
qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA
|
||||
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA
|
||||
qzh2w9pd4MnPZzaGjuW4i/m6Hf+cnXLS/lqNL3gwIWY= Thawte Timestamping CA
|
||||
qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II
|
||||
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA
|
||||
rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II
|
||||
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6
|
||||
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA
|
||||
sIP/U29/SKkIHilKAYe1PoGXcUAtnUgQMG3gMQJOX0Y= AC1 RAIZ MTIN
|
||||
sPbxW0gX6+b+C0v819Os5MdYsKtvip2i7ZLmGCOdnJg= ACEDICOM Root
|
||||
sRJBQqWhpaKIGcc1NA7/jJ4vgWj+47oYfyU7waOS1+I= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
|
||||
sh0qdDMYcSuhbzmRnZYaS6+6O8qaQ6dbH8/iLF1wyro= EC-ACC
|
||||
st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I
|
||||
sxguKJrjTd8r5kOrecJEMBYF+g8equbRD7kpYAr4TfA= Certipost E-Trust Primary Normalised CA
|
||||
tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg= /O=RSA Security Inc/OU=RSA Security 2048 V3
|
||||
tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1
|
||||
u0Eo7JYg8tKknOjixOJXrrrZOg8RxWtfpLAOI3Wfo50= SecureSign RootCA11
|
||||
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3
|
||||
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA
|
||||
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2
|
||||
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services
|
||||
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority
|
||||
vt2LyX6oZJcZWgeKmZojegYK664HvAoLm3eJgrpfYvQ= Halcom CA PO 2
|
||||
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA
|
||||
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority
|
||||
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium
|
||||
x/WEI22GOV6Pb4LAEIhqLFbgcaahw+0odrijpyxe+7U= I.CA - Standard Certification Authority, 09
|
||||
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1
|
||||
x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= USERTrust RSA Certification Authority
|
||||
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA
|
||||
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= /C=JP/O=LGPKI/OU=Application CA G2
|
||||
xeolnGKYA1CGSfAhd/Y8MvqFzErVw18NVBxF3xCkn9c= PSCProcert
|
||||
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root
|
||||
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK
|
||||
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2
|
||||
yZBbDuASAik8oCbmTwhBJELFUEwG5Eyn6XJtYfIOQIk= Microsoft Root Certificate Authority 2010
|
||||
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root
|
||||
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA
|
||||
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008
|
||||
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA
|
||||
|
|
|
@ -53,7 +53,7 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
|
|||
like($out, qr/Chain of trust.*?NOT ok.*\(self signed\)/,"Chain of trust should fail because of self signed"); $tests++;
|
||||
$found = 0;
|
||||
foreach my $f ( @$json ) {
|
||||
if ( $f->{id} eq "trust" ) {
|
||||
if ( $f->{id} eq "chain_of_trust" ) {
|
||||
$found = 1;
|
||||
like($f->{finding},qr/^All certificate trust checks failed/,"Finding says certificate cannot be trusted."); $tests++;
|
||||
is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
|
||||
|
@ -65,7 +65,7 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
|
|||
like($okout, qr/Chain of trust[^\n]*?Ok/,"Chain of trust should be ok"); $tests++;
|
||||
$found = 0;
|
||||
foreach my $f ( @$okjson ) {
|
||||
if ( $f->{id} eq "trust" ) {
|
||||
if ( $f->{id} eq "chain_of_trust" ) {
|
||||
$found = 1;
|
||||
is($f->{finding},"All certificate trust checks passed.","Finding says certificate can be trusted."); $tests++;
|
||||
is($f->{severity}, "OK", "Severity should be OK"); $tests++;
|
||||
|
@ -97,7 +97,7 @@ like($out, qr/Chain of trust.*?NOT ok\s+\(chain incomplete\)/,"Chain of trust sh
|
|||
$json = json('tmp.json');
|
||||
$found = 0;
|
||||
foreach my $f ( @$json ) {
|
||||
if ( $f->{id} eq "trust" ) {
|
||||
if ( $f->{id} eq "chain_of_trust" ) {
|
||||
$found = 1;
|
||||
like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
|
||||
is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
|
||||
|
@ -115,7 +115,7 @@ is($found,1,"We had a finding for this in the JSON output"); $tests++;
|
|||
#$json = json('tmp.json');
|
||||
#$found = 0;
|
||||
#foreach my $f ( @$json ) {
|
||||
# if ( $f->{id} eq "trust" ) {
|
||||
# if ( $f->{id} eq "chain_of_trust" ) {
|
||||
# $found = 1;
|
||||
# like($f->{finding},qr/^All certificate trust checks failed.*incomplete/,"Finding says certificate cannot be trusted."); $tests++;
|
||||
# is($f->{severity}, "NOT ok", "Severity should be NOT ok"); $tests++;
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More tests => 1;
|
||||
|
||||
|
||||
my $newer_bundles=`find etc/*.pem -newer etc/ca_hashes.txt`;
|
||||
is($newer_bundles,"","List of CA bundles newer then etc/ca_hashes.txt should be empty. If not run utils/create_ca_hashes.sh");
|
||||
done_testing;
|
|
@ -18,45 +18,45 @@ $out = `./testssl.sh -H --jsonfile tmp.json --color 0 ssl.sectionzero.org`;
|
|||
$json = json('tmp.json');
|
||||
|
||||
# It is better to have findings in a hash
|
||||
# Look for a leaf cert match in the process.
|
||||
# Look for a host cert match in the process.
|
||||
my $found = 0;
|
||||
my %findings;
|
||||
foreach my $f ( @$json ) {
|
||||
$findings{$f->{id}} = $f;
|
||||
if ( $f->{finding} =~ /matches the leaf certificate/ ) {
|
||||
if ( $f->{finding} =~ /matches the host certificate/ ) {
|
||||
$found++;
|
||||
}
|
||||
}
|
||||
is($found,1,"We found 1 'matches the leaf certificate' finding"); $tests++;
|
||||
like($out,'/Leaf cert match/',"There is a 'Leaf cert match' in the text output"); $tests++;
|
||||
is($found,1,"We found 1 'matches the host certificate' finding"); $tests++;
|
||||
like($out,'/Host cert match/',"There is a 'Leaf cert match' in the text output"); $tests++;
|
||||
|
||||
# Sub CA match
|
||||
ok( exists $findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"},"We have a finding for key YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"); $tests++;
|
||||
like($findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"}->{finding},'/Intermediate CA key matches a key pinned in the HPKP header/',"We have our Sub CA finding"); $tests++;
|
||||
is($findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"}->{severity}, "OK", "The finding is ok"); $tests++;
|
||||
like($out,'/Sub CA match \: YLh1dUR9y6Kja30RrAn7JKnbQG\/uEtLMkBgFF2Fuihg/',"There is a 'Sub CA match' in the text output"); $tests++;
|
||||
like($out,'/Sub CA match\: YLh1dUR9y6Kja30RrAn7JKnbQG\/uEtLMkBgFF2Fuihg/',"There is a 'Sub CA match' in the text output"); $tests++;
|
||||
|
||||
# Root CA match Lets encrypt
|
||||
ok( exists $findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"},"We have a finding for key Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"); $tests++;
|
||||
like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/Root CA key matches a key pinned in the HPKP header/',"This is a Root CA finding"); $tests++;
|
||||
like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/DST Root CA X3/',"Correct Root CA"); $tests++;
|
||||
like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/The CA is part of the chain/',"CA is indeed part of chain"); $tests++;
|
||||
is($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{severity}, "OK", "The finding is ok"); $tests++;
|
||||
like($out,'/Root CA match \: Vjs8r4z\+80wjNcr1YKepWQboSIRi63WsWXhIMN\+eWys/',"There is a 'Root CA match' in the text output"); $tests++;
|
||||
is($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{severity}, "INFO", "The finding is informational"); $tests++;
|
||||
like($out,'/Root CA match\: Vjs8r4z\+80wjNcr1YKepWQboSIRi63WsWXhIMN\+eWys/',"There is a 'Root CA match' in the text output"); $tests++;
|
||||
|
||||
# Root CA StartCom
|
||||
ok( exists $findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"},"We have a finding for key 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"); $tests++;
|
||||
like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/Root CA key matches a key pinned in the HPKP header/',"This is a Root CA finding"); $tests++;
|
||||
like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/StartCom Certification Authority/',"Correct Root CA"); $tests++;
|
||||
like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/The CA is not part of the chain/',"CA is indeed NOT part of chain"); $tests++;
|
||||
is($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{severity}, "OK", "The finding is ok"); $tests++;
|
||||
like($out,'/Root CA match \: 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU/',"There is a 'Root CA match' in the text output"); $tests++;
|
||||
is($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{severity}, "INFO", "The finding is informational"); $tests++;
|
||||
like($out,'/Root CA match\: 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU/',"There is a 'Root CA match' in the text output"); $tests++;
|
||||
|
||||
# Bad PIN
|
||||
ok( exists $findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"},"We have a finding for key 123bad123bad123bad123bad123bad123bd123bad12"); $tests++;
|
||||
like($findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"}->{finding},'/doesn\'t match anything/',"It doesn't match indeed"); $tests++;
|
||||
is($findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"}->{severity}, "WARN", "The finding is ok"); $tests++;
|
||||
like($out,'/Unmatched key : 123bad123bad123bad123bad123bad123bd123bad12/',"There is an 'unmatched key' in the text output"); $tests++;
|
||||
is($findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"}->{severity}, "INFO", "The finding is informational"); $tests++;
|
||||
like($out,'/Unmatched key\: 123bad123bad123bad123bad123bad123bd123bad12/',"There is an 'unmatched key' in the text output"); $tests++;
|
||||
|
||||
like($findings{hpkp_keys}->{finding},'/5 keys pinned/',"5 keys pinned in json"); $tests++;
|
||||
like($out,'/\# of keys: 5/',"5 keys pinned in text output"); $tests++;
|
609
testssl.sh
609
testssl.sh
|
@ -1056,8 +1056,8 @@ run_hpkp() {
|
|||
nrsaved=$(count_words "$(echo $TEMPDIR/level?.crt 2>/dev/null)")
|
||||
rm $TEMPDIR/level0.crt 2>/dev/null
|
||||
|
||||
echo -n > "$TEMPDIR/intermediate.hashes"
|
||||
if [[ nrsaved -ge 2 ]]; then
|
||||
echo -n "" > "$TEMPDIR/intermediate.hashes"
|
||||
for cert_fname in $TEMPDIR/level?.crt; do
|
||||
hpkp_key_ca="$($OPENSSL x509 -in "$cert_fname" -pubkey -noout | grep -v PUBLIC | $OPENSSL base64 -d |
|
||||
$OPENSSL dgst -sha256 -binary | $OPENSSL enc -base64)"
|
||||
|
@ -1067,31 +1067,28 @@ run_hpkp() {
|
|||
echo "$hpkp_key_ca $hpkp_name" >> "$TEMPDIR/intermediate.hashes"
|
||||
done
|
||||
fi
|
||||
rm $TEMPDIR/level*.crt 2>/dev/null
|
||||
# I'd like to keep all certs retrieved for debugging
|
||||
|
||||
# Get keys from Root CAs
|
||||
|
||||
# This is where the matching magic happens...
|
||||
pins_match=false
|
||||
for hpkp_key in $(echo $pins); do
|
||||
# exho needed here? ^^^^
|
||||
has_backup_pin=false
|
||||
for hpkp_key in $pins; do
|
||||
key_found=false
|
||||
# compare pin against the leaf certificate
|
||||
# compare pin against the host certificate
|
||||
if [[ "$hpkp_key_hostcert" == "$hpkp_key" ]] || [[ "$hpkp_key_hostcert" == "$hpkp_key=" ]]; then
|
||||
out "\n$spaces Host cert match: "
|
||||
pr_done_good "$hpkp_key"
|
||||
fileout "hpkp_$hpkp_key" "OK" "PIN $hpkp_key matches the leaf certificate"
|
||||
# We have a match
|
||||
key_found=true
|
||||
pins_match=true
|
||||
out "\n$spaces Host cert match: "
|
||||
pr_done_good "$hpkp_key"
|
||||
fileout "hpkp_$hpkp_key" "OK" "PIN $hpkp_key matches the host certificate"
|
||||
fi
|
||||
debugme out "\n $hpkp_key | $hpkp_key_hostcert"
|
||||
|
||||
# Check for intermediate match
|
||||
if ! "$key_found"; then
|
||||
# doesn't work, "grep: /tmp/ssltester.Dp2ovS/intermediate.hashes: No such file or directory" if teested against testss.sh
|
||||
if ! $key_found; then
|
||||
hpkp_matches=$(grep "$hpkp_key" $TEMPDIR/intermediate.hashes 2>/dev/null)
|
||||
if [[ -n $hpkp_matches ]]; then
|
||||
# We have a winner!
|
||||
# We have a match
|
||||
key_found=true
|
||||
pins_match=true
|
||||
out "\n$spaces Sub CA match: "
|
||||
|
@ -1101,10 +1098,10 @@ run_hpkp() {
|
|||
fi
|
||||
fi
|
||||
|
||||
if ! "$key_found"; then
|
||||
if ! $key_found; then
|
||||
hpkp_matches=$(grep -h "$hpkp_key" $ca_hashes | sort -u)
|
||||
if [[ -n $hpkp_matches ]]; then
|
||||
# We have a winner!
|
||||
# We have a match
|
||||
key_found=true
|
||||
pins_match=true
|
||||
if [[ $(count_lines "$hpkp_matches") -eq 1 ]]; then
|
||||
|
@ -1121,26 +1118,32 @@ run_hpkp() {
|
|||
out " (part of the chain)"
|
||||
fileout "hpkp_$hpkp_key" "INFO" "Root CA key matches a key pinned in the HPKP header. Key/OS/CA: $hpkp_matches. The CA is part of the chain"
|
||||
else
|
||||
# there's a root CA match for github AND this message.
|
||||
has_backup_pin=true
|
||||
out "\n$spaces This CA is not part of the chain and likely a backup PIN"
|
||||
fileout "hpkp_$hpkp_key" "INFO" "Root CA key matches a key pinned in the HPKP header. Key/OS/CA: $hpkp_matches. The CA is not part of the chain, this is a backup PIN"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! "$key_found" && [[ $DEBUG -eq 1 ]]; then
|
||||
# Houston we may have a problem
|
||||
if ! $key_found; then
|
||||
# Most likely a backup pin
|
||||
has_backup_pin=true
|
||||
out "\n\n$spaces Unmatched key: "
|
||||
out "$hpkp_key"
|
||||
out "\n$spaces (This is OK for a backup pin of a leaf cert)"
|
||||
fileout "hpkp_$hpkp_key" "INFO" "PIN $hpkp_key doesn't match anything. This could be ok if it is a backup pin for a leaf certificate"
|
||||
out "\n$spaces (This is OK for a backup pin of a host cert)"
|
||||
fileout "hpkp_$hpkp_key" "INFO" "PIN $hpkp_key doesn't match anything. This could be ok if it is a backup pin for a host certificate"
|
||||
fi
|
||||
done
|
||||
|
||||
# If all else fails...
|
||||
if ! "$pins_match"; then
|
||||
if ! $pins_match; then
|
||||
pr_svrty_high " No matching key for pins found "
|
||||
fileout "hpkp_keymatch" "NOT ok" "None of the HPKP PINS match your leaf certificate, intermediate CA or known root CAs. You may have bricked this site"
|
||||
fileout "hpkp_keymatch" "NOT ok" "None of the HPKP PINS match your host certificate, intermediate CA or known root CAs. You may have bricked this site"
|
||||
fi
|
||||
|
||||
if ! $has_backup_pin; then
|
||||
pr_svrty_high " No backup pins found. Loss/compromise of the currently pinned key(s) will lead to bricked site. "
|
||||
fileout "hpkp_backup" "NOT ok" "No backup pins found. Loss/compromise of the currently pinned key(s) will lead to bricked site."
|
||||
fi
|
||||
else
|
||||
out "--"
|
||||
|
@ -2107,7 +2110,7 @@ run_client_simulation() {
|
|||
local name tls proto cipher
|
||||
local using_sockets=true
|
||||
|
||||
if $SSL_NATIVE || [[ -n "$STARTTLS" ]]; then
|
||||
if "$SSL_NATIVE" || [[ -n "$STARTTLS" ]]; then
|
||||
using_sockets=false
|
||||
fi
|
||||
|
||||
|
@ -2849,7 +2852,7 @@ run_client_simulation() {
|
|||
for name in "${short[@]}"; do
|
||||
#FIXME: printf formatting would look better, especially if we want a wide option here
|
||||
out " ${names[i]} "
|
||||
if $using_sockets && [[ -n "${handshakebytes[i]}" ]]; then
|
||||
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
|
||||
client_simulation_sockets "${handshakebytes[i]}"
|
||||
sclient_success=$?
|
||||
if [[ $sclient_success -eq 0 ]]; then
|
||||
|
@ -2872,7 +2875,7 @@ run_client_simulation() {
|
|||
#FIXME: awk
|
||||
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
||||
[[ "$proto" == TLSv1 ]] && proto="TLSv1.0"
|
||||
if [[ "$proto" == TLSv1.2 ]] && ( ! $using_sockets || [[ -z "${handshakebytes[i]}" ]] ); then
|
||||
if [[ "$proto" == TLSv1.2 ]] && ( ! "$using_sockets" || [[ -z "${handshakebytes[i]}" ]] ); then
|
||||
# OpenSSL reports TLS1.2 even if the connection is TLS1.1 or TLS1.0. Need to figure out which one it is...
|
||||
for tls in ${tlsvers[i]}; do
|
||||
$OPENSSL s_client $tls -cipher ${ciphers[i]} ${protos[i]} $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||
|
@ -2898,7 +2901,7 @@ run_client_simulation() {
|
|||
fi
|
||||
#FiXME: awk
|
||||
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||
$using_sockets && [[ -n "${handshakebytes[i]}" ]] && [[ -n "$MAPPING_FILE_RFC" ]] && cipher="$(rfc2openssl "$cipher")"
|
||||
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && [[ -n "$MAPPING_FILE_RFC" ]] && cipher="$(rfc2openssl "$cipher")"
|
||||
outln "$proto $cipher"
|
||||
if [[ -n "${warning[i]}" ]]; then
|
||||
out " "
|
||||
|
@ -2982,30 +2985,32 @@ run_protocols() {
|
|||
local using_sockets=true
|
||||
local supported_no_ciph1="supported but couldn't detect a cipher (may need debugging)"
|
||||
local supported_no_ciph2="supported but couldn't detect a cipher"
|
||||
local via=""
|
||||
local latest_supported="" # version.major and version.minor of highest version supported by the server.
|
||||
local detected_version_string latest_supported_string
|
||||
local extra_spaces=" "
|
||||
|
||||
outln; pr_headline " Testing protocols "
|
||||
via="Protocol tested "
|
||||
|
||||
if $SSL_NATIVE; then
|
||||
if "$SSL_NATIVE"; then
|
||||
using_sockets=false
|
||||
pr_headlineln "(via native openssl)"
|
||||
via+="via native openssl"
|
||||
else
|
||||
if [[ -n "$STARTTLS" ]]; then
|
||||
pr_headlineln "(via openssl, SSLv2 via sockets) "
|
||||
via+="via openssl, SSLv2 via sockets"
|
||||
using_sockets=false
|
||||
else
|
||||
using_sockets=true
|
||||
pr_headlineln "(via sockets except TLS 1.2, SPDY+HTTP2) "
|
||||
via+="via sockets except for TLS1.2, SPDY+HTTP2"
|
||||
if "$EXPERIMENTAL"; then
|
||||
pr_headlineln "(via sockets except SPDY+HTTP2) "
|
||||
else
|
||||
pr_headlineln "(via sockets except TLS 1.2, SPDY+HTTP2) "
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
outln
|
||||
|
||||
pr_bold " SSLv2 ";
|
||||
if ! $SSL_NATIVE; then
|
||||
pr_bold " SSLv2 $extra_spaces";
|
||||
if ! "$SSL_NATIVE"; then
|
||||
sslv2_sockets #FIXME: messages/output need to be moved to this (higher) level
|
||||
else
|
||||
run_prototest_openssl "-ssl2"
|
||||
|
@ -3030,8 +3035,8 @@ run_protocols() {
|
|||
esac
|
||||
fi
|
||||
|
||||
pr_bold " SSLv3 ";
|
||||
if $using_sockets; then
|
||||
pr_bold " SSLv3 $extra_spaces";
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "00" "$TLS_CIPHER"
|
||||
else
|
||||
run_prototest_openssl "-ssl3"
|
||||
|
@ -3040,6 +3045,8 @@ run_protocols() {
|
|||
0)
|
||||
pr_svrty_highln "offered (NOT ok)"
|
||||
fileout "sslv3" "NOT ok" "SSLv3 is offered (NOT ok)"
|
||||
latest_supported="0300"
|
||||
latest_supported_string="SSLv3"
|
||||
add_tls_offered "ssl3"
|
||||
;;
|
||||
1)
|
||||
|
@ -3047,8 +3054,14 @@ run_protocols() {
|
|||
fileout "sslv3" "OK" "SSLv3 is not offered (OK)"
|
||||
;;
|
||||
2)
|
||||
pr_warningln "#FIXME: downgraded. still missing a test case here"
|
||||
fileout "sslv3" "WARN" "SSLv3: #FIXME: downgraded. still missing a test case here"
|
||||
if [[ "$DETECTED_TLS_VERSION" == 03* ]]; then
|
||||
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
|
||||
pr_svrty_criticalln "server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||
fileout "sslv3" "NOT ok" "SSLv3: server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||
else
|
||||
pr_svrty_criticalln "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fileout "sslv3" "NOT ok" "SSLv3: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fi
|
||||
;;
|
||||
5)
|
||||
fileout "sslv3" "WARN" "SSLv3 is $supported_no_ciph1"
|
||||
|
@ -3061,8 +3074,8 @@ run_protocols() {
|
|||
;; # no local support
|
||||
esac
|
||||
|
||||
pr_bold " TLS 1 ";
|
||||
if $using_sockets; then
|
||||
pr_bold " TLS 1 $extra_spaces";
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "01" "$TLS_CIPHER"
|
||||
else
|
||||
run_prototest_openssl "-tls1"
|
||||
|
@ -3071,17 +3084,34 @@ run_protocols() {
|
|||
0)
|
||||
outln "offered"
|
||||
fileout "tls1" "INFO" "TLSv1.0 is offered"
|
||||
latest_supported="0301"
|
||||
latest_supported_string="TLSv1.0"
|
||||
add_tls_offered "tls1"
|
||||
;; # nothing wrong with it -- per se
|
||||
1)
|
||||
outln "not offered"
|
||||
fileout "tls1" "INFO" "TLSv1.0 is not offered"
|
||||
;; # neither good or bad
|
||||
out "not offered"
|
||||
if ! "$using_sockets" || [[ -z $latest_supported ]]; then
|
||||
outln
|
||||
fileout "tls1" "INFO" "TLSv1.0 is not offered" # neither good or bad
|
||||
else
|
||||
pr_svrty_criticalln " -- connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
fileout "tls1" "NOT ok" "TLSv1.0: connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
fi
|
||||
;;
|
||||
2)
|
||||
pr_svrty_medium "not offered"
|
||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||
outln
|
||||
fileout "tls1" "MEDIUM" "TLSv1.0 is not offered, and downgraded to SSL"
|
||||
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
|
||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||
outln
|
||||
fileout "tls1" "MEDIUM" "TLSv1.0 is not offered, and downgraded to SSL"
|
||||
elif [[ "$DETECTED_TLS_VERSION" == 03* ]]; then
|
||||
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
|
||||
pr_svrty_criticalln " -- server responded with higher version number ($detected_version_string) than requested by client"
|
||||
fileout "tls1" "NOT ok" "TLSv1.0: server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||
else
|
||||
pr_svrty_criticalln " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
||||
fileout "tls1" "NOT ok" "TLSv1.0: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fi
|
||||
;;
|
||||
5)
|
||||
outln "$supported_no_ciph1" # protocol ok, but no cipher
|
||||
|
@ -3093,8 +3123,8 @@ run_protocols() {
|
|||
;; # no local support
|
||||
esac
|
||||
|
||||
pr_bold " TLS 1.1 ";
|
||||
if $using_sockets; then
|
||||
pr_bold " TLS 1.1 $extra_spaces";
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "02" "$TLS_CIPHER"
|
||||
else
|
||||
run_prototest_openssl "-tls1_1"
|
||||
|
@ -3103,17 +3133,37 @@ run_protocols() {
|
|||
0)
|
||||
outln "offered"
|
||||
fileout "tls1_1" "INFO" "TLSv1.1 is offered"
|
||||
latest_supported="0302"
|
||||
latest_supported_string="TLSv1.1"
|
||||
add_tls_offered "tls1_1"
|
||||
;; # nothing wrong with it
|
||||
1)
|
||||
outln "not offered"
|
||||
fileout "tls1_1" "INFO" "TLSv1.1 is not offered"
|
||||
;; # neither good or bad
|
||||
out "not offered"
|
||||
if ! "$using_sockets" || [[ -z $latest_supported ]]; then
|
||||
outln
|
||||
fileout "tls1_1" "INFO" "TLSv1.1 is not offered" # neither good or bad
|
||||
else
|
||||
pr_svrty_criticalln " -- connection failed rather than downgrading to $latest_supported_string"
|
||||
fileout "tls1_1" "NOT ok" "TLSv1.1: connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
fi
|
||||
;;
|
||||
2)
|
||||
out "not offered"
|
||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||
outln
|
||||
fileout "tls1_1" "NOT ok" "TLSv1.1 is not offered, and downgraded to a weaker protocol (NOT ok)"
|
||||
if [[ "$DETECTED_TLS_VERSION" == "$latest_supported" ]]; then
|
||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||
outln
|
||||
fileout "tls1_1" "NOT ok" "TLSv1.1 is not offered, and downgraded to a weaker protocol (NOT ok)"
|
||||
elif [[ "$DETECTED_TLS_VERSION" == "0300" ]] && [[ "$latest_supported" == "0301" ]]; then
|
||||
pr_svrty_criticalln " -- server supports TLSv1.0, but downgraded to SSLv3 (NOT ok)"
|
||||
fileout "tls1_1" "NOT ok" "TLSv1.1 is not offered, and downgraded to SSLv3 rather than TLSv1.0 (NOT ok)"
|
||||
elif [[ "$DETECTED_TLS_VERSION" == 03* ]] && [[ 0x$DETECTED_TLS_VERSION -gt 0x0302 ]]; then
|
||||
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
|
||||
pr_svrty_criticalln " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||
fileout "tls1_1" "NOT ok" "TLSv1.1 is not offered, server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||
else
|
||||
pr_svrty_criticalln " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fileout "tls1" "NOT ok" "TLSv1.1: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fi
|
||||
;;
|
||||
5)
|
||||
outln "$supported_no_ciph1"
|
||||
|
@ -3125,8 +3175,8 @@ run_protocols() {
|
|||
;; # no local support
|
||||
esac
|
||||
|
||||
pr_bold " TLS 1.2 ";
|
||||
if $using_sockets && $EXPERIMENTAL; then #TODO: IIS servers do have a problem here with our handshake
|
||||
pr_bold " TLS 1.2 $extra_spaces";
|
||||
if "$using_sockets" && "$EXPERIMENTAL"; then #TODO: IIS servers do have a problem here with our handshake
|
||||
tls_sockets "03" "$TLS12_CIPHER"
|
||||
else
|
||||
run_prototest_openssl "-tls1_2"
|
||||
|
@ -3135,17 +3185,41 @@ run_protocols() {
|
|||
0)
|
||||
pr_done_bestln "offered (OK)"
|
||||
fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)"
|
||||
latest_supported="0303"
|
||||
latest_supported_string="TLSv1.2"
|
||||
add_tls_offered "tls1_2"
|
||||
;; # GCM cipher in TLS 1.2: very good!
|
||||
1)
|
||||
pr_svrty_mediumln "not offered"
|
||||
fileout "tls1_2" "MEDIUM" "TLSv1.2 is not offered"
|
||||
;; # no GCM, penalty
|
||||
if ! "$using_sockets" || ! "$EXPERIMENTAL" || [[ -z $latest_supported ]]; then
|
||||
outln
|
||||
fileout "tls1_2" "MEDIUM" "TLSv1.2 is not offered" # no GCM, penalty
|
||||
else
|
||||
pr_svrty_criticalln " -- connection failed rather than downgrading to $latest_supported_string"
|
||||
fileout "tls1_1" "NOT ok" "TLSv1.2: connection failed rather than downgrading to $latest_supported_string"
|
||||
fi
|
||||
;;
|
||||
2)
|
||||
pr_svrty_medium "not offered"
|
||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||
outln
|
||||
fileout "tls1_2" "MEDIUM" "TLSv1.2 is not offered and downgraded to a weaker protocol"
|
||||
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
|
||||
detected_version_string="SSLv3"
|
||||
elif [[ "$DETECTED_TLS_VERSION" == 03* ]]; then
|
||||
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
|
||||
fi
|
||||
if [[ "$DETECTED_TLS_VERSION" == "$latest_supported" ]]; then
|
||||
[[ $DEBUG -eq 1 ]] && out " -- downgraded"
|
||||
outln
|
||||
fileout "tls1_2" "MEDIUM" "TLSv1.2 is not offered and downgraded to a weaker protocol"
|
||||
elif [[ "$DETECTED_TLS_VERSION" == 03* ]] && [[ 0x$DETECTED_TLS_VERSION -lt 0x$latest_supported ]]; then
|
||||
pr_svrty_criticalln " -- server supports $latest_supported_string, but downgraded to $detected_version_string"
|
||||
fileout "tls1_2" "NOT ok" "TLSv1.2 is not offered, and downgraded to $detected_version_string rather than $latest_supported_string (NOT ok)"
|
||||
elif [[ "$DETECTED_TLS_VERSION" == 03* ]] && [[ 0x$DETECTED_TLS_VERSION -gt 0x0303 ]]; then
|
||||
pr_svrty_criticalln " -- server responded with higher version number ($detected_version_string) than requested by client"
|
||||
fileout "tls1_2" "NOT ok" "TLSv1.2 is not offered, server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
|
||||
else
|
||||
pr_svrty_criticalln " -- server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2}"
|
||||
fileout "tls1" "NOT ok" "TLSv1.2: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fi
|
||||
;;
|
||||
5)
|
||||
outln "$supported_no_ciph1"
|
||||
|
@ -3157,6 +3231,54 @@ run_protocols() {
|
|||
;; # no local support
|
||||
esac
|
||||
|
||||
# Testing version negotiation. RFC 5246, Appendix E.1, states:
|
||||
#
|
||||
# If a TLS server receives a ClientHello containing a version number
|
||||
# greater than the highest version supported by the server, it MUST
|
||||
# reply according to the highest version supported by the server.
|
||||
if [[ -n $latest_supported ]] && "$using_sockets"; then
|
||||
pr_bold " Version tolerance "
|
||||
tls_sockets "05" "$TLS12_CIPHER"
|
||||
case $? in
|
||||
0)
|
||||
pr_svrty_criticalln "server claims support for non-existent TLSv1.4"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Server claims support for non-existent TLSv1.4 (NOT ok)"
|
||||
;;
|
||||
1)
|
||||
pr_svrty_criticalln "version negotiation did not work -- connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Version negotiation did not work -- connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
;;
|
||||
2)
|
||||
case $DETECTED_TLS_VERSION in
|
||||
0304)
|
||||
pr_svrty_criticalln "server claims support for TLSv1.3, which is still a working draft (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Server claims support for TLSv1.3, which is still a working draft (NOT ok)"
|
||||
;;
|
||||
0303|0302|0301|0300)
|
||||
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
|
||||
detected_version_string="SSLv3"
|
||||
else
|
||||
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
|
||||
fi
|
||||
if [[ 0x$DETECTED_TLS_VERSION -lt 0x$latest_supported ]]; then
|
||||
pr_svrty_criticalln "server supports $latest_supported_string, but downgraded to $detected_version_string (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Downgraded to $detected_version_string rather than $latest_supported_string (NOT ok)"
|
||||
else
|
||||
pr_done_bestln "downgraded to $detected_version_string (OK)"
|
||||
fileout "TLS Version Negotiation" "OK" "Downgraded to $detected_version_string"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
pr_svrty_criticalln "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "TLSv1.4: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
;;
|
||||
esac ;;
|
||||
5)
|
||||
pr_svrty_criticalln "server claims support for non-existent TLSv1.4 (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Server claims support for non-existent TLSv1.4 (NOT ok)"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
|
@ -3677,7 +3799,7 @@ determine_trust() {
|
|||
|
||||
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]] && [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.1.0" ]]; then
|
||||
addtl_warning="(Your openssl <= 1.0.2 might be too unreliable to determine trust)"
|
||||
fileout "${json_prefix}trust_warn" "WARN" "$addtl_warning"
|
||||
fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning"
|
||||
fi
|
||||
debugme outln
|
||||
for bundle_fname in $ca_bundles; do
|
||||
|
@ -3715,7 +3837,7 @@ determine_trust() {
|
|||
# all stores ok
|
||||
pr_done_good "Ok "; pr_warning "$addtl_warning"
|
||||
# we did to stdout the warning above already, so we could stay here with INFO:
|
||||
fileout "${json_prefix}trust" "OK" "All certificate trust checks passed. $addtl_warning"
|
||||
fileout "${json_prefix}chain_of_trust" "OK" "All certificate trust checks passed. $addtl_warning"
|
||||
else
|
||||
# at least one failed
|
||||
pr_svrty_critical "NOT ok"
|
||||
|
@ -3723,7 +3845,7 @@ determine_trust() {
|
|||
# all failed (we assume with the same issue), we're displaying the reason
|
||||
out " "
|
||||
verify_retcode_helper "${verify_retcode[2]}"
|
||||
fileout "${json_prefix}trust" "NOT ok" "All certificate trust checks failed: $(verify_retcode_helper "${verify_retcode[2]}"). $addtl_warning"
|
||||
fileout "${json_prefix}chain_of_trust" "NOT ok" "All certificate trust checks failed: $(verify_retcode_helper "${verify_retcode[2]}"). $addtl_warning"
|
||||
else
|
||||
# is one ok and the others not ==> display the culprit store
|
||||
if $some_ok ; then
|
||||
|
@ -3746,7 +3868,7 @@ determine_trust() {
|
|||
[[ "$DEBUG" -eq 0 ]] && out "$spaces"
|
||||
pr_done_good "OK: $ok_was"
|
||||
fi
|
||||
fileout "${json_prefix}trust" "NOT ok" "Some certificate trust checks failed : OK : $ok_was NOT ok: $notok_was $addtl_warning"
|
||||
fileout "${json_prefix}chain_of_trust" "NOT ok" "Some certificate trust checks failed : OK : $ok_was NOT ok: $notok_was $addtl_warning"
|
||||
fi
|
||||
[[ -n "$addtl_warning" ]] && out "\n$spaces" && pr_warning "$addtl_warning"
|
||||
fi
|
||||
|
@ -3883,42 +4005,128 @@ get_cn_from_cert() {
|
|||
return $?
|
||||
}
|
||||
|
||||
# Return 0 if the server name provided in arg1 matches the CN or SAN in arg2, otherwise return 1.
|
||||
# Return 0 if the name provided in arg1 is a wildcard name
|
||||
is_wildcard()
|
||||
{
|
||||
local certname="$1"
|
||||
|
||||
# If the first label in the DNS name begins "xn--", then assume it is an
|
||||
# A-label and not a wildcard name (RFC 6125, Section 6.4.3).
|
||||
[[ "${certname:0:4}" == "xn--" ]] && return 1
|
||||
|
||||
# Remove part of name preceding '*' or '.'. If no "*" appears in the
|
||||
# left-most label, then it is not a wildcard name (RFC 6125, Section 6.4.3).
|
||||
basename="$(echo -n "$certname" | sed 's/^[a-zA-Z0-9\-]*//')"
|
||||
[[ "${basename:0:1}" != "*" ]] && return 1 # not a wildcard name
|
||||
|
||||
# Check that there are no additional wildcard ('*') characters or any
|
||||
# other characters that do not belong in a DNS name.
|
||||
[[ -n $(echo -n "${basename:1}" | sed 's/^[\.a-zA-Z0-9\-]*//') ]] && return 1
|
||||
return 0
|
||||
}
|
||||
|
||||
# Return 0 if the name provided in arg2 is a wildcard name and it matches the name provided in arg1.
|
||||
wildcard_match()
|
||||
{
|
||||
local servername="$1"
|
||||
local certname="$2"
|
||||
local basename
|
||||
local -i basename_offset len_certname len_part1 len_basename
|
||||
local -i len_servername len_wildcard
|
||||
|
||||
len_servername=${#servername}
|
||||
len_certname=${#certname}
|
||||
|
||||
# Use rules from RFC 6125 to perform the match.
|
||||
|
||||
# Assume the "*" in the wildcard needs to be replaced by one or more
|
||||
# characters, although RFC 6125 is not clear about that.
|
||||
[[ $len_servername -lt $len_certname ]] && return 1
|
||||
|
||||
is_wildcard "$certname"
|
||||
[[ $? -ne 0 ]] && return 1
|
||||
|
||||
# Comparisons of DNS names are case insenstive, so convert both names to uppercase.
|
||||
certname="$(toupper "$certname")"
|
||||
servername="$(toupper "$servername")"
|
||||
|
||||
# Extract part of name that comes after the "*"
|
||||
basename="$(echo -n "$certname" | sed 's/^[A-Z0-9\-]*\*//')"
|
||||
len_basename=${#basename}
|
||||
len_part1=$len_certname-$len_basename-1
|
||||
len_wildcard=$len_servername-$len_certname+1
|
||||
basename_offset=$len_servername-$len_basename
|
||||
|
||||
# Check that initial part of $servername matches initial part of $certname
|
||||
# and that final part of $servername matches final part of $certname.
|
||||
[[ "${servername:0:len_part1}" != "${certname:0:len_part1}" ]] && return 1
|
||||
[[ "${servername:basename_offset:len_basename}" != "$basename" ]] && return 1
|
||||
|
||||
# Check that part of $servername that matches "*" is all part of a single
|
||||
# domain label.
|
||||
[[ -n $(echo -n "${servername:len_part1:len_wildcard}" | sed 's/^[A-Z0-9\-]*//') ]] && return 1
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# Compare the server name provided in arg1 to the CN and SAN in arg2 and return:
|
||||
# 0, if server name provided does not match any of the names in the CN or SAN
|
||||
# 1, if the server name provided matches a name in the SAN
|
||||
# 2, if the server name provided is a wildcard match against a name in the SAN
|
||||
# 4, if the server name provided matches the CN
|
||||
# 5, if the server name provided matches the CN AND a name in the SAN
|
||||
# 6, if the server name provided matches the CN AND is a wildcard match against a name in the SAN
|
||||
# 8, if the server name provided is a wildcard match against the CN
|
||||
# 9, if the server name provided matches a name in the SAN AND is a wildcard match against the CN
|
||||
# 10, if the server name provided is a wildcard match against the CN AND a name in the SAN
|
||||
|
||||
compare_server_name_to_cert()
|
||||
{
|
||||
local servername=$1
|
||||
local cert=$2
|
||||
local cn dns_sans ip_sans san basename
|
||||
|
||||
cn="$(get_cn_from_cert $cert)"
|
||||
if [[ -n "$cn" ]]; then
|
||||
[[ "$cn" == "$servername" ]] && return 0
|
||||
# If the CN contains a wildcard name, then do a wildcard match
|
||||
if echo -n "$cn" | grep -q '^*.'; then
|
||||
basename="$(echo -n "$cn" | sed 's/^\*.//')"
|
||||
[[ "$cn" == "*.$basename" ]] && [[ "$servername" == *".$basename" ]] && return 0
|
||||
fi
|
||||
fi
|
||||
local servername="$(toupper "$1")"
|
||||
local cert="$2"
|
||||
local cn dns_sans ip_sans san
|
||||
local -i ret=0
|
||||
|
||||
# Check whether any of the DNS names in the certificate match the servername
|
||||
dns_sans=$($OPENSSL x509 -in $cert -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
dns_sans=$($OPENSSL x509 -in "$cert" -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
tr ',' '\n' | grep "DNS:" | sed -e 's/DNS://g' -e 's/ //g')
|
||||
for san in $dns_sans; do
|
||||
[[ "$san" == "$servername" ]] && return 0
|
||||
# If $san is a wildcard name, then do a wildcard match
|
||||
if echo -n "$san" | grep -q '^*.'; then
|
||||
basename="$(echo -n "$san" | sed 's/^\*.//')"
|
||||
[[ "$san" == "*.$basename" ]] && [[ "$servername" == *".$basename" ]] && return 0
|
||||
fi
|
||||
[[ $(toupper "$san") == "$servername" ]] && ret=1 && break
|
||||
done
|
||||
|
||||
# Check whether any of the IP addresses in the certificate match the serername
|
||||
ip_sans=$($OPENSSL x509 -in $cert -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
tr ',' '\n' | grep "IP Address:" | sed -e 's/IP Address://g' -e 's/ //g')
|
||||
for san in $ip_sans; do
|
||||
[[ "$san" == "$servername" ]] && return 0
|
||||
done
|
||||
return 1
|
||||
if [[ $req -eq 0 ]]; then
|
||||
# Check whether any of the IP addresses in the certificate match the servername
|
||||
ip_sans=$($OPENSSL x509 -in "$cert" -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
tr ',' '\n' | grep "IP Address:" | sed -e 's/IP Address://g' -e 's/ //g')
|
||||
for san in $ip_sans; do
|
||||
[[ "$san" == "$servername" ]] && ret=1 && break
|
||||
done
|
||||
fi
|
||||
|
||||
# Check whether any of the DNS names in the certificate are wildcard names
|
||||
# that match the servername
|
||||
if [[ $req -eq 0 ]]; then
|
||||
for san in $dns_sans; do
|
||||
wildcard_match "$servername" "$san"
|
||||
[[ $? -eq 0 ]] && ret=2 && break
|
||||
done
|
||||
fi
|
||||
|
||||
cn="$(get_cn_from_cert "$cert")"
|
||||
|
||||
# If the CN contains any characters that are not valid for a DNS name,
|
||||
# then assume it does not contain a DNS name.
|
||||
[[ -n $(echo -n "$cn" | sed 's/^[\.a-zA-Z0-9*\-]*//') ]] && return $ret
|
||||
|
||||
# Check whether the CN in the certificate matches the servername
|
||||
[[ $(toupper "$cn") == "$servername" ]] && ret+=4 && return $ret
|
||||
|
||||
# Check whether the CN in the certificate is a wildcard name that matches
|
||||
# the servername
|
||||
wildcard_match "$servername" "$cn"
|
||||
[[ $? -eq 0 ]] && ret+=8
|
||||
|
||||
return $ret
|
||||
}
|
||||
|
||||
certificate_info() {
|
||||
|
@ -3931,13 +4139,13 @@ certificate_info() {
|
|||
local ocsp_response_status=$6
|
||||
local cert_sig_algo cert_sig_hash_algo cert_key_algo
|
||||
local expire days2expire secs2warn ocsp_uri crl startdate enddate issuer_CN issuer_C issuer_O issuer sans san cn
|
||||
local cn_nosni=""
|
||||
local issuer_DC issuerfinding cn_nosni=""
|
||||
local cert_fingerprint_sha1 cert_fingerprint_sha2 cert_fingerprint_serial
|
||||
local policy_oid
|
||||
local spaces=""
|
||||
local wildcard=false
|
||||
local trust_sni=0 trust_nosni=0 has_dns_sans
|
||||
local -i certificates_provided
|
||||
local cnfinding
|
||||
local cnfinding trustfinding trustfinding_nosni
|
||||
local cnok="OK"
|
||||
local expfinding expok="OK"
|
||||
local json_prefix="" # string to place at beginng of JSON IDs when there is more than one certificate
|
||||
|
@ -4149,19 +4357,6 @@ certificate_info() {
|
|||
if [[ -n "$cn" ]]; then
|
||||
pr_dquoted "$cn"
|
||||
cnfinding="$cn"
|
||||
if echo -n "$cn" | grep -q '^*.' ; then
|
||||
out " (wildcard certificate"
|
||||
cnfinding+="(wildcard certificate "
|
||||
if [[ "$cn" == "*.$(echo -n "$cn" | sed 's/^\*.//')" ]]; then
|
||||
out " match)"
|
||||
cnfinding+=" match)"
|
||||
wildcard=true
|
||||
else
|
||||
cnfinding+=" NO match)"
|
||||
cnok="INFO"
|
||||
#FIXME: we need to test also the SANs as they can contain a wild card (google.de .e.g) ==> 2.7dev
|
||||
fi
|
||||
fi
|
||||
else
|
||||
cn="no CN field in subject"
|
||||
out "($cn)"
|
||||
|
@ -4179,40 +4374,23 @@ certificate_info() {
|
|||
#FIXME: check for SSLv3/v2 and look whether it goes to a different CN (probably not polite)
|
||||
|
||||
debugme out "\"$NODE\" | \"$cn\" | \"$cn_nosni\""
|
||||
if [[ "$cn_nosni" == "$cn" ]]; then
|
||||
outln " (works w/o SNI)"
|
||||
cnfinding+=" (works w/o SNI)"
|
||||
elif [[ $NODE == "$cn_nosni" ]]; then
|
||||
if [[ $SERVICE == "HTTP" ]] || $CLIENT_AUTH ; then
|
||||
outln " (works w/o SNI)"
|
||||
cnfinding+=" (works w/o SNI)"
|
||||
else
|
||||
outln " (matches certificate directly)"
|
||||
cnfinding+=" (matches certificate directly)"
|
||||
# for services != HTTP it depends on the protocol, server and client but it is not named "SNI"
|
||||
if [[ "$(toupper "$cn_nosni")" == "$(toupper "$cn")" ]]; then
|
||||
outln
|
||||
elif [[ -z "$cn_nosni" ]]; then
|
||||
out " (request w/o SNI didn't succeed";
|
||||
cnfinding+=" (request w/o SNI didn't succeed"
|
||||
if [[ $cert_sig_algo =~ ecdsa ]]; then
|
||||
out ", usual for EC certificates"
|
||||
cnfinding+=", usual for EC certificates"
|
||||
fi
|
||||
outln ")"
|
||||
cnfinding+=")"
|
||||
elif [[ "$cn_nosni" == *"no CN field"* ]]; then
|
||||
outln ", (request w/o SNI: $cn_nosni)"
|
||||
cnfinding+=", (request w/o SNI: $cn_nosni)"
|
||||
else
|
||||
if [[ $SERVICE != "HTTP" ]]; then
|
||||
outln
|
||||
cnfinding+="\n"
|
||||
#pr_svrty_mediumln " (non-SNI clients don't match CN but for non-HTTP services it might be ok)"
|
||||
#FIXME: this is irritating and needs to be redone. Then also the wildcard match needs to be tested against "$cn_nosni"
|
||||
elif [[ -z "$cn_nosni" ]]; then
|
||||
out " (request w/o SNI didn't succeed";
|
||||
cnfinding+=" (request w/o SNI didn't succeed"
|
||||
if [[ $cert_sig_algo =~ ecdsa ]]; then
|
||||
out ", usual for EC certificates"
|
||||
cnfinding+=", usual for EC certificates"
|
||||
fi
|
||||
outln ")"
|
||||
cnfinding+=")"
|
||||
elif [[ "$cn_nosni" == *"no CN field"* ]]; then
|
||||
outln ", (request w/o SNI: $cn_nosni)"
|
||||
cnfinding+=", (request w/o SNI: $cn_nosni)"
|
||||
else
|
||||
out " (CN in response to request w/o SNI: "; pr_dquoted "$cn_nosni"; outln ")"
|
||||
cnfinding+=" (CN in response to request w/o SNI: \"$cn_nosni\")"
|
||||
fi
|
||||
out " (CN in response to request w/o SNI: "; pr_dquoted "$cn_nosni"; outln ")"
|
||||
cnfinding+=" (CN in response to request w/o SNI: \"$cn_nosni\")"
|
||||
fi
|
||||
fileout "${json_prefix}cn" "$cnok" "$cnfinding"
|
||||
|
||||
|
@ -4240,24 +4418,121 @@ certificate_info() {
|
|||
issuer_CN="$(awk -F'=' '/CN=/ { print $2 }' <<< "$issuer")"
|
||||
issuer_O="$(awk -F'=' '/O=/ { print $2 }' <<< "$issuer")"
|
||||
issuer_C="$(awk -F'=' '/ C=/ { print $2 }' <<< "$issuer")"
|
||||
issuer_DC="$(awk -F'=' '/DC=/ { print $2 }' <<< "$issuer")"
|
||||
|
||||
if [[ "$issuer_O" == "issuer=" ]] || [[ "$issuer_O" == "issuer= " ]] || [[ "$issuer_CN" == "$CN" ]]; then
|
||||
if [[ "$issuer_O" == "issuer=" ]] || [[ "$issuer_O" == "issuer= " ]] || [[ "$issuer_CN" == "$cn" ]]; then
|
||||
pr_svrty_criticalln "self-signed (NOT ok)"
|
||||
fileout "${json_prefix}issuer" "NOT ok" "Issuer: selfsigned (NOT ok)"
|
||||
else
|
||||
pr_dquoted "$issuer_CN"
|
||||
out " ("
|
||||
pr_dquoted "$issuer_O"
|
||||
if [[ -n "$issuer_C" ]]; then
|
||||
out " from "
|
||||
pr_dquoted "$issuer_C"
|
||||
fileout "${json_prefix}issuer" "INFO" "Issuer: \"$issuer_CN\" ( \"$issuer_O\" from \"$issuer_C\")"
|
||||
else
|
||||
fileout "${json_prefix}issuer" "INFO" "Issuer: \"$issuer_CN\" ( \"$issuer_O\" )"
|
||||
issuerfinding="$(pr_dquoted "$issuer_CN")"
|
||||
if [[ -z "$issuer_O" ]] && [[ -n "$issuer_DC" ]]; then
|
||||
for san in $issuer_DC; do
|
||||
if [[ -z "$issuer_O" ]]; then
|
||||
issuer_O="${san}"
|
||||
else
|
||||
issuer_O="${san}.${issuer_O}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
outln ")"
|
||||
if [[ -n "$issuer_O" ]]; then
|
||||
issuerfinding+=" ("
|
||||
issuerfinding+="$(pr_dquoted "$issuer_O")"
|
||||
if [[ -n "$issuer_C" ]]; then
|
||||
issuerfinding+=" from "
|
||||
issuerfinding+="$(pr_dquoted "$issuer_C")"
|
||||
fi
|
||||
issuerfinding+=")"
|
||||
fi
|
||||
outln "$issuerfinding"
|
||||
fileout "${json_prefix}issuer" "INFO" "Issuer: $issuerfinding"
|
||||
fi
|
||||
|
||||
out "$indent"; pr_bold " Trust (hostname) "
|
||||
compare_server_name_to_cert "$NODE" "$HOSTCERT"
|
||||
trust_sni=$?
|
||||
|
||||
# Find out if the subjectAltName extension is present and contains
|
||||
# a DNS name, since Section 6.3 of RFC 6125 says:
|
||||
# Security Warning: A client MUST NOT seek a match for a reference
|
||||
# identifier of CN-ID if the presented identifiers include a DNS-ID,
|
||||
# SRV-ID, URI-ID, or any application-specific identifier types
|
||||
# supported by the client.
|
||||
$OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | \
|
||||
grep -A2 "Subject Alternative Name" | grep -q "DNS:" && \
|
||||
has_dns_sans=true || has_dns_sans=false
|
||||
|
||||
case $trust_sni in
|
||||
0) trustfinding="certificate does not match supplied URI" ;;
|
||||
1) trustfinding="Ok via SAN" ;;
|
||||
2) trustfinding="Ok via SAN wildcard" ;;
|
||||
4) if $has_dns_sans; then
|
||||
trustfinding="Ok via CN, but not SAN"
|
||||
else
|
||||
trustfinding="Ok via CN"
|
||||
fi
|
||||
;;
|
||||
5) trustfinding="Ok via SAN and CN" ;;
|
||||
6) trustfinding="Ok via SAN wildcard and CN"
|
||||
;;
|
||||
8) if $has_dns_sans; then
|
||||
trustfinding="Ok via CN wildcard, but not SAN"
|
||||
else
|
||||
trustfinding="Ok via CN wildcard"
|
||||
fi
|
||||
;;
|
||||
9) trustfinding="Ok via CN wildcard and SAN"
|
||||
;;
|
||||
10) trustfinding="Ok via SAN wildcard and CN wildcard"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [[ $trust_sni -eq 0 ]]; then
|
||||
pr_svrty_medium "$trustfinding"
|
||||
trust_sni="fail"
|
||||
elif "$has_dns_sans" && ( [[ $trust_sni -eq 4 ]] || [[ $trust_sni -eq 8 ]] ); then
|
||||
pr_svrty_medium "$trustfinding"
|
||||
trust_sni="warn"
|
||||
else
|
||||
pr_done_good "$trustfinding"
|
||||
trust_sni="ok"
|
||||
fi
|
||||
|
||||
if [[ -n "$cn_nosni" ]]; then
|
||||
compare_server_name_to_cert "$NODE" "$HOSTCERT.nosni"
|
||||
trust_nosni=$?
|
||||
$OPENSSL x509 -in "$HOSTCERT.nosni" -noout -text 2>>$ERRFILE | \
|
||||
grep -A2 "Subject Alternative Name" | grep -q "DNS:" && \
|
||||
has_dns_sans=true || has_dns_sans=false
|
||||
fi
|
||||
|
||||
if "$has_dns_sans" && [[ $trust_nosni -eq 4 ]]; then
|
||||
trustfinding_nosni=" (w/o SNI: Ok via CN, but not SAN)"
|
||||
elif "$has_dns_sans" && [[ $trust_nosni -eq 8 ]]; then
|
||||
trustfinding_nosni=" (w/o SNI: Ok via CN wildcard, but not SAN)"
|
||||
elif [[ $trust_nosni -eq 0 ]] && ( [[ "$trust_sni" == "ok" ]] || [[ "$trust_sni" == "warn" ]] ); then
|
||||
trustfinding_nosni=" (SNI mandatory)"
|
||||
elif [[ "$trust_sni" == "ok" ]] || [[ "$trust_sni" == "warn" ]]; then
|
||||
trustfinding_nosni=" (works w/o SNI)"
|
||||
elif [[ $trust_nosni -ne 0 ]]; then
|
||||
trustfinding_nosni=" (however, works w/o SNI)"
|
||||
else
|
||||
trustfinding_nosni=""
|
||||
fi
|
||||
if "$has_dns_sans" && ( [[ $trust_nosni -eq 4 ]] || [[ $trust_nosni -eq 8 ]] ); then
|
||||
pr_svrty_mediumln "$trustfinding_nosni"
|
||||
else
|
||||
outln "$trustfinding_nosni"
|
||||
fi
|
||||
|
||||
if [[ "$trust_sni" == "ok" ]]; then
|
||||
fileout "${json_prefix}trust" "INFO" "${trustfinding}${trustfinding_nosni}"
|
||||
else
|
||||
fileout "${json_prefix}trust" "WARN" "${trustfinding}${trustfinding_nosni}"
|
||||
fi
|
||||
|
||||
out "$indent"; pr_bold " Chain of trust"; out " "
|
||||
determine_trust "$json_prefix" # Also handles fileout
|
||||
|
||||
# http://events.ccc.de/congress/2010/Fahrplan/attachments/1777_is-the-SSLiverse-a-safe-place.pdf, see page 40pp
|
||||
out "$indent"; pr_bold " EV cert"; out " (experimental) "
|
||||
# only the first one, seldom we have two
|
||||
|
@ -4327,10 +4602,6 @@ certificate_info() {
|
|||
out "$indent"; pr_bold " # of certificates provided"; outln " $certificates_provided"
|
||||
fileout "${json_prefix}certcount" "INFO" "# of certificates provided : $certificates_provided"
|
||||
|
||||
|
||||
out "$indent"; pr_bold " Chain of trust"; out " (experim.) "
|
||||
determine_trust "$json_prefix" # Also handles fileout
|
||||
|
||||
out "$indent"; pr_bold " Certificate Revocation List "
|
||||
crl="$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A 4 "CRL Distribution" | grep URI | sed 's/^.*URI://')"
|
||||
if [[ -z "$crl" ]]; then
|
||||
|
@ -4480,23 +4751,23 @@ run_server_defaults() {
|
|||
# $NODE being tested or if it has the same subject
|
||||
# (CN and SAN) as other certificates for this host.
|
||||
compare_server_name_to_cert "$NODE" "$HOSTCERT"
|
||||
success[n]=$?
|
||||
[[ $? -ne 0 ]] && success[n]=0 || success[n]=1
|
||||
|
||||
if [[ ${success[n]} -ne 0 ]]; then
|
||||
cn_nosni="$(get_cn_from_cert $HOSTCERT)"
|
||||
sans_nosni=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | grep "DNS:" | \
|
||||
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g')
|
||||
cn_nosni="$(toupper "$(get_cn_from_cert $HOSTCERT)")"
|
||||
sans_nosni="$(toupper "$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
tr ',' '\n' | grep "DNS:" | sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')")"
|
||||
|
||||
echo "${previous_hostcert[1]}" > $HOSTCERT
|
||||
cn_sni="$(get_cn_from_cert $HOSTCERT)"
|
||||
cn_sni="$(toupper "$(get_cn_from_cert $HOSTCERT)")"
|
||||
|
||||
# FIXME: Not sure what the matching rule should be. At
|
||||
# the moment, the no SNI certificate is considered a
|
||||
# match if the CNs are the same and the SANs (if
|
||||
# present) contain at least one DNS name in common.
|
||||
if [[ "$cn_nosni" == "$cn_sni" ]]; then
|
||||
sans_sni=$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | grep "DNS:" | \
|
||||
sed -e 's/DNS://g' -e 's/ //g' -e 's/,/ /g' -e 's/othername:<unsupported>//g')
|
||||
sans_sni="$(toupper "$($OPENSSL x509 -in $HOSTCERT -noout -text 2>>$ERRFILE | grep -A2 "Subject Alternative Name" | \
|
||||
tr ',' '\n' | grep "DNS:" | sed -e 's/DNS://g' -e 's/ //g' | tr '\n' ' ')")"
|
||||
if [[ "$sans_nosni" == "$sans_sni" ]]; then
|
||||
success[n]=0
|
||||
else
|
||||
|
@ -4793,8 +5064,9 @@ http2_pre(){
|
|||
run_spdy() {
|
||||
local tmpstr
|
||||
local -i ret=0
|
||||
local extra_spaces=" "
|
||||
|
||||
pr_bold " SPDY/NPN "
|
||||
pr_bold " SPDY/NPN $extra_spaces"
|
||||
if ! spdy_pre ; then
|
||||
outln
|
||||
return 0
|
||||
|
@ -4831,8 +5103,9 @@ run_http2() {
|
|||
local -i ret=0
|
||||
local had_alpn_proto=false
|
||||
local alpn_finding=""
|
||||
local extra_spaces=" "
|
||||
|
||||
pr_bold " HTTP2/ALPN "
|
||||
pr_bold " HTTP2/ALPN $extra_spaces"
|
||||
if ! http2_pre ; then
|
||||
outln
|
||||
return 0
|
||||
|
@ -8427,4 +8700,4 @@ fi
|
|||
exit $?
|
||||
|
||||
|
||||
# $Id: testssl.sh,v 1.527 2016/07/20 15:36:50 dirkw Exp $
|
||||
# $Id: testssl.sh,v 1.531 2016/07/23 13:12:12 dirkw Exp $
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
# vim:ts=5:sw=5:expandtab
|
||||
# we have a spaces softtab, that ensures readability with other editors too
|
||||
|
||||
# This file generates the file etc/ca_hashes.txt from the (root)certificate
|
||||
# Bundles in etc (etc/*.pem)
|
||||
|
||||
TEMPDIR="/tmp"
|
||||
OPENSSL="bin/openssl.Darwin.x86_64 "
|
||||
|
||||
# Check if we are in the right directory
|
||||
if [[ ! -e etc ]]; then
|
||||
echo "Please run this script from the base directory of the testssl.sh project"
|
||||
exit 99
|
||||
fi
|
||||
|
||||
echo "Extracting private key hashes from CA bundles"
|
||||
echo -n > "$TEMPDIR/cahashes"
|
||||
for bundle_fname in etc/*.pem; do
|
||||
if [[ ! -r $bundle_fname ]]; then
|
||||
echo "\"$bundle_fname\" cannot be found / not readable"
|
||||
exit 99
|
||||
fi
|
||||
bundle_name=$(echo -n $bundle_fname|sed s/^etc\\///|sed 's/\.pem$//')
|
||||
echo "CA Bundle: $bundle_name"
|
||||
# Split up the certificate bundle
|
||||
awk -v n=-1 "BEGIN {start=1}
|
||||
/-----BEGIN CERTIFICATE-----/{ if (start) {inc=1; n++} }
|
||||
inc { print >> (\"$TEMPDIR/$bundle_name.\" n \".$$.crt\") ; close (\"$TEMPDIR/$bundle_name.\" n \".$$.crt\") }
|
||||
/---END CERTIFICATE-----/{ inc=0 }" $bundle_fname
|
||||
for cert_fname in $TEMPDIR/$bundle_name.*.$$.crt; do
|
||||
echo -n "."
|
||||
hpkp_key_ca="$( ( $OPENSSL x509 -in "$cert_fname" -pubkey -noout | grep -v PUBLIC | $OPENSSL base64 -d |
|
||||
$OPENSSL dgst -sha256 -binary | $OPENSSL enc -base64 ) 2>/dev/null )"
|
||||
hpkp_name=$( $OPENSSL x509 -in "$cert_fname" -subject -noout 2>/dev/null | sed "s/^subject= //")
|
||||
if [[ $(echo $hpkp_name|grep 'CN='|wc -l) -eq 1 ]]; then
|
||||
hpkp_name=$(echo -n $hpkp_name|sed 's/^.*CN=//'|sed 's/\/.*$//')
|
||||
fi
|
||||
echo "$hpkp_key_ca $hpkp_name" >> "$TEMPDIR/cahashes"
|
||||
done
|
||||
echo
|
||||
done
|
||||
|
||||
# Make a backup first
|
||||
cp etc/ca_hashes.txt etc/ca_hashes.txt.bak
|
||||
|
||||
sort -u "$TEMPDIR/cahashes" > etc/ca_hashes.txt
|
Loading…
Reference in New Issue