mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
Merge branch '2.9dev' into get_full_server_response
This commit is contained in:
commit
3fa8449351
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1,3 @@
|
||||
.DS_Store
|
||||
tmp.json
|
||||
*.bak
|
||||
|
15
CREDITS.md
15
CREDITS.md
@ -19,15 +19,21 @@
|
||||
* Frank Breedijk
|
||||
- Detection of insecure redirects
|
||||
- JSON and CSV output
|
||||
- CA pinning
|
||||
- Client simulations
|
||||
- CI integration, test cases for it
|
||||
|
||||
* David Cooper
|
||||
- Detection + output of multiple certificates
|
||||
- several cleanups of server certificate related stuff
|
||||
- several minor fixes
|
||||
- several fixes
|
||||
- improved parsing of TLS ServerHello messages
|
||||
- speed improvements when testing all ciphers
|
||||
- extensive CN <--> hostname check
|
||||
- seperate check for curves
|
||||
|
||||
- Christoph Badura
|
||||
- NetBSD fixes
|
||||
|
||||
* Jean Marsault
|
||||
- client auth: ideas, code snipplets
|
||||
@ -45,10 +51,10 @@
|
||||
- ARM binary support
|
||||
|
||||
* Jeroen Wiert Pluimers
|
||||
- supplied new Darwin binaries
|
||||
- Darwin binaries support
|
||||
|
||||
* Julien Vehent
|
||||
- supplied Darwin binary
|
||||
- supplied 1st Darwin binary
|
||||
|
||||
* Rechi
|
||||
- initial MX stuff
|
||||
@ -58,6 +64,7 @@
|
||||
- avahi/mDNS support
|
||||
- HTTP2/ALPN
|
||||
- bugfixes
|
||||
- former ARM binary support
|
||||
|
||||
* Дилян Палаузов
|
||||
- bug fix for 3des report
|
||||
@ -93,3 +100,5 @@
|
||||
|
||||
* Ivan Ristic/Qualys for the liberal license which made it possible to use the client data
|
||||
|
||||
* my family for supporting me doing this work
|
||||
|
||||
|
113
Readme.md
113
Readme.md
@ -1,113 +0,0 @@
|
||||
|
||||
## Intro
|
||||
|
||||
[![Build Status](https://travis-ci.org/drwetter/testssl.sh.svg?branch=master)](https://travis-ci.org/drwetter/testssl.sh)
|
||||
[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/drwetter/testssl.sh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
||||
|
||||
`testssl.sh` is a free command line tool which checks a server's service on
|
||||
any port for the support of TLS/SSL ciphers, protocols as well as some
|
||||
cryptographic flaws.
|
||||
|
||||
#### Key features
|
||||
|
||||
* Clear output: you can tell easily whether anything is good or bad
|
||||
* Ease of installation: It works for Linux, Darwin, FreeBSD, NetBSD and
|
||||
MSYS2/Cygwin out of the box: no need to install or configure something,
|
||||
no gems, CPAN, pip or the like.
|
||||
* Flexibility: You can test any SSL/TLS enabled and STARTTLS service, not
|
||||
only webservers at port 443
|
||||
* Toolbox: Several command line options help you to run YOUR test and
|
||||
configure YOUR output
|
||||
* Reliability: features are tested thoroughly
|
||||
* Verbosity: If a particular check cannot be performed because of a missing
|
||||
capability on your client side, you'll get a warning
|
||||
* Privacy: It's only you who sees the result, not a third party
|
||||
* Freedom: It's 100% open source. You can look at the code, see what's
|
||||
going on and you can change it.
|
||||
* Heck, even the development is open (github)
|
||||
|
||||
#### General
|
||||
|
||||
Here in the master branch you find the development version of the software
|
||||
-- with new features and maybe some bugs. For the stable version and **a
|
||||
more thorough description of the command line options** please see
|
||||
[testssl.sh](https://testssl.sh/ "Go to the site with the stable version
|
||||
and more documentation").
|
||||
|
||||
testssl.sh is working on every Linux/BSD distribution out of the box with
|
||||
some limitations of disabled features from the openssl client -- some
|
||||
workarounds are done with bash-socket-based checks. It also works on other
|
||||
unixoid system out of the box, supposed they have `/bin/bash` and standard
|
||||
tools like sed and awk installed. MacOS X and Windows (using MSYS2 or
|
||||
cygwin) work too. OpenSSL version >= 1 is a must. OpenSSL version >= 1.0.2
|
||||
is needed for better LOGJAM checks and to display bit strengths for key
|
||||
exchanges.
|
||||
|
||||
#### Current Development
|
||||
|
||||
Planned features in the release 2.7dev/2.8 are:
|
||||
|
||||
https://github.com/drwetter/testssl.sh/milestones/2.7dev%20%282.8%29
|
||||
|
||||
Done so far:
|
||||
|
||||
* Trust chain check against certificate stores from Apple (OS), Linux (OS),
|
||||
Microsoft (OS), Mozilla (Firefox Browser), works for openssl >=1.0.1
|
||||
* IPv6 (status: 80% working, details see
|
||||
https://github.com/drwetter/testssl.sh/issues/11
|
||||
* works on servers requiring a x509 certificate for authentication
|
||||
* SSL Session ID check
|
||||
* Avahi/mDNS based name resolution
|
||||
* HTTP2/ALPN protocol check
|
||||
* Logging to a file / dir
|
||||
* Logging to JSON + CSV
|
||||
* Check for multiple server certificates
|
||||
* Browser cipher simulation
|
||||
* Assistance for color-blind users
|
||||
* Even more compatibility improvements for FreeBSD, NetBSD, Gentoo, RH-ish, F5 and Cisco systems
|
||||
* Considerable speed improvements for each cipher runs (-e/-E)
|
||||
* More robust socket interface
|
||||
* OpenSSL 1.1.0 compliant
|
||||
* Whole number of bugs squashed
|
||||
|
||||
Update notification here or @ [twitter](https://twitter.com/drwetter).
|
||||
|
||||
#### Contributions
|
||||
|
||||
Contributions, feedback, bug reports are welcome! For contributions please
|
||||
note: One patch per feature -- bug fix/improvement. Please test your
|
||||
changes thouroughly as reliability is important for this project.
|
||||
|
||||
There's [coding guideline](https://github.com/drwetter/testssl.sh/wiki/Coding-Style).
|
||||
|
||||
Please file bug reports @ https://github.com/drwetter/testssl.sh/issues.
|
||||
|
||||
#### Documentation
|
||||
|
||||
For a start see the
|
||||
[wiki](https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation).
|
||||
Help is needed here.
|
||||
|
||||
#### Bug reports
|
||||
|
||||
Please file bugs in the issue tracker. Do not forget to provide detailed information, see https://github.com/drwetter/testssl.sh/wiki/Bug-reporting. (Nobody can read your thoughts
|
||||
-- yet. And only agencies your screen) ;-)
|
||||
|
||||
----
|
||||
|
||||
## External/related projects
|
||||
|
||||
Please address questions not specifically to the code of testssl.sh to the
|
||||
respective projects
|
||||
|
||||
#### Cool web frontend
|
||||
* https://github.com/TKCERT/testssl.sh-webfrontend
|
||||
|
||||
#### Ready-to-go docker images are available at:
|
||||
* https://quay.io/repository/jumanjiman/testssl
|
||||
* https://hub.docker.com/r/mvance/testssl/
|
||||
|
||||
#### Brew package
|
||||
|
||||
* see [#233](https://github.com/drwetter/testssl.sh/issues/233) and
|
||||
[https://github.com/Homebrew/homebrew](https://github.com/Homebrew/homebrew)
|
511
etc/Apple.pem
511
etc/Apple.pem
@ -106,55 +106,6 @@ c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
|
||||
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
|
||||
MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
|
||||
b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
|
||||
MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
|
||||
ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
|
||||
BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
|
||||
6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
|
||||
GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
|
||||
dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
|
||||
1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
|
||||
62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
|
||||
BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
|
||||
AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
|
||||
MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
|
||||
cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
|
||||
b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
|
||||
IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
|
||||
iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
|
||||
GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
|
||||
4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
|
||||
XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
|
||||
MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
|
||||
b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
|
||||
MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
|
||||
EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
|
||||
BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
|
||||
xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
|
||||
87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
|
||||
2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
|
||||
WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
|
||||
0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
|
||||
A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
|
||||
AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
|
||||
pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
|
||||
ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
|
||||
aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
|
||||
hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
|
||||
hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
|
||||
dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
|
||||
P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
|
||||
iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
|
||||
xqE=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFVTCCBD2gAwIBAgIEO/OB0DANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJj
|
||||
aDEOMAwGA1UEChMFYWRtaW4xETAPBgNVBAsTCFNlcnZpY2VzMSIwIAYDVQQLExlD
|
||||
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1BZG1pbi1Sb290LUNB
|
||||
@ -424,28 +375,6 @@ kj5ReAFziqQjyqSI8R5cH0EWLX6VCqrpiUGYGxrdyyC/R14MJsVVNU3GMIuZZxTH
|
||||
CR+6R8faAQmHJEKVvRNgGQrv6n8Obs3BREM6StXj
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJKUDEO
|
||||
MAwGA1UEChMFTEdQS0kxGjAYBgNVBAsTEUFwcGxpY2F0aW9uIENBIEcyMB4XDTA2
|
||||
MDMzMTE1MDAwMFoXDTE2MDMzMTE0NTk1OVowOTELMAkGA1UEBhMCSlAxDjAMBgNV
|
||||
BAoTBUxHUEtJMRowGAYDVQQLExFBcHBsaWNhdGlvbiBDQSBHMjCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBALk1xhD422jbB8RATLAdHjbcw0H2z1UVbQh/
|
||||
XMZoVeXnV/GWUebhTXgPbkAVcDtl/hHf59PWWDU74Z8C/JRSRi6znmCbAp7JgtL2
|
||||
464JT4REtmKbAFFouDqt7GTRMkvplESDtA7OIYlrsDbAmMZLnMI+W2AqCTErLatM
|
||||
3rGg/VhWwoMdILzEhAmHe6iVl8YljoPgPpMN0cd9c6mo/BkAQC4iuHozQfV4/Vpx
|
||||
54LZSIhc7KiFhy1tgIlnGmm+EMBaju2IfT5vLDhrN85H2KIxMN5+U2Vsi4ZTQSBs
|
||||
vUilfq8AWlYSWIHR3IlZ+bXu+E2a2EQpi3mn9yKq6nxctBaIIA0CAwEAAaOBsjCB
|
||||
rzAdBgNVHQ4EFgQUf7hdjsQYa8Z9zC7prs405xdd4KEwDgYDVR0PAQH/BAQDAgEG
|
||||
MEwGA1UdHwRFMEMwQaA/oD2kOzA5MQswCQYDVQQGEwJKUDEOMAwGA1UEChMFTEdQ
|
||||
S0kxGjAYBgNVBAsTEUFwcGxpY2F0aW9uIENBIEcyMA8GA1UdEwEB/wQFMAMBAf8w
|
||||
HwYDVR0jBBgwFoAUf7hdjsQYa8Z9zC7prs405xdd4KEwDQYJKoZIhvcNAQEFBQAD
|
||||
ggEBADzYczZABkhKVBn1J0g5JaVuQue2zRvLOTS3m+xPKr535MqE/B3rmyJA1fT7
|
||||
aIdy/Eddag5SSuO1XUjGIpbmM21tq/bN18skWoyoRZ4+YYJ9lNUF8Bo1X3EvLlS1
|
||||
QQXvhg1S75yYG/EsTDrR84bTjD56L4ZFjoMyJlu/U8oOUVbcmsJaMBkNp57Vqpsg
|
||||
OWl4IfSXbdEOEUwu0xtasPmXeFwqj1Jl7kxCJcI3MA5tKzWUgwbor0U7BGanMLv5
|
||||
4CE7Y259RF06alPvERck/VSyWmxzViHJbC2XpEKzJ2EFIWNt6ii8TxpvQtyYq1XT
|
||||
HhvAkj+bweY7F1bixJhDJe62ywA=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc
|
||||
MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp
|
||||
b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT
|
||||
@ -706,30 +635,6 @@ u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq
|
||||
4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET
|
||||
MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE
|
||||
AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw
|
||||
CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg
|
||||
YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE
|
||||
Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX
|
||||
mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD
|
||||
XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW
|
||||
S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp
|
||||
FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw
|
||||
AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD
|
||||
AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu
|
||||
ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z
|
||||
ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv
|
||||
Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw
|
||||
DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6
|
||||
yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq
|
||||
EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/
|
||||
CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB
|
||||
EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN
|
||||
PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV
|
||||
BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu
|
||||
MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy
|
||||
@ -939,38 +844,38 @@ VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
|
||||
03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF0zCCA7ugAwIBAgIVALhZFHE/V9+PMcAzPdLWGXojF7TrMA0GCSqGSIb3DQEB
|
||||
DQUAMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dp
|
||||
ZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
|
||||
MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBIDIwHhcNMTExMDA2
|
||||
MDgzOTU2WhcNNDYxMDA2MDgzOTU2WjCBgDELMAkGA1UEBhMCUEwxIjAgBgNVBAoT
|
||||
GVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0
|
||||
aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0
|
||||
d29yayBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvfl4+ObV
|
||||
gAxknYYblmRnPyI6HnUBfe/7XGeMycxca6mR5rlC5SBLm9qbe7mZXdmbgEvXhEAr
|
||||
J9PoujC7Pgkap0mV7ytAJMKXx6fumyXvqAoAl4Vaqp3cKcniNQfrcE1K1sGzVrih
|
||||
QTib0fsxf4/gX+GxPw+OFklg1waNGPmqJhCrKtPQ0WeNG0a+RzDVLnLRxWPa52N5
|
||||
RH5LYySJhi40PylMUosqp8DikSiJucBb+R3Z5yet/5oCl8HGUJKbAiy9qbk0WQq/
|
||||
hEr/3/6zn+vZnuCYI+yma3cWKtvMrTscpIfcRnNeGWJoRVfkkIJCu0LW8GHgwaM9
|
||||
ZqNd9BjuiMmNF0UpmTJ1AjHuKSbIawLmtWJFfzcVWiNoidQ+3k4nsPBADLxNF8tN
|
||||
orMe0AZa3faTz1d1mfX6hhpneLO/lv403L3nUlbls+V1e9dBkQXcXWnjlQ1DufyD
|
||||
ljmVe2yAWk8TcsbXfSl6RLpSpCrVQUYJIP4ioLZbMI28iQzV13D4h1L92u+sUS4H
|
||||
s07+0AnacO+Y+lbmbdu1V0vc5SwlFcieLnhO+NqcnoYsylfzGuXIkosagpZ6w7xQ
|
||||
EmnYDlpGizrrJvojybawgb5CAKT41v4wLsfSRvbljnX98sy50IdbzAYQYLuDNbde
|
||||
Z95H7JlI8aShFf6tjGKOOVVPORa5sWOd/7cCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
|
||||
AwEB/zAdBgNVHQ4EFgQUtqFUOQLDoD+Oirz61PgcptE6Dv0wDgYDVR0PAQH/BAQD
|
||||
AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQCdU8KBJdw1LK4K3VqbRjBWu9S0bEuG5gql
|
||||
0pKKmo3cj7TudvQDy+ubAXirKmu1uiNOMXy1LN0taWczbmNdORgS+KAoU0SHq2rE
|
||||
kpYfKqIcup3dJ/tSTbCPWujtjcNo45KgJgyHkLAD6mplKAjERnjgW7oO8DPcJ7Z+
|
||||
iD29kqSWfkGogAh71jYSvBAVmyS8q619EYkvMe340s9Tjuu0U6fnBMovpiLEEdzr
|
||||
mMkiXUFq3ApSBFu8LqB9x7aSuySg8zfRK0OozPFoeBp+b2OQe590yGvZC1X2eQM9
|
||||
g8dBQJL7dgs3JRc8rz76PFwbhvlKDD+KxF4OmPGt7s/g/SE1xzNhzKI3GEN8M+mu
|
||||
doKCB0VIO8lnbq2jheiWVs+8u/qry7dXJ40aL5nzIzM0jspTY9NXNFBPz0nBBbrF
|
||||
qId744aP+0OiEumsUewEdkzw+o+5MRPpCLckCfmgtwc2WFfPxLt+SWaVNQS2dzW4
|
||||
qVMpX5KF+FLEWk79BmE5+33QdkeSzOwrvYRu5ptFwX1isVMtnnWg58koUNflvKiq
|
||||
B3hquXS0YPOEjQPcrpHadEQNe0Kpd9YrfKHGbBNTIqkSmqX5TyhFNbCXT0ZlhcX0
|
||||
/WKiomr8NDAGft8M4HOBlslEKt4fguxscletKWSk8cYpjjVgU85r2QK+OTB14Pdc
|
||||
Y2rwQMEsjQ==
|
||||
MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB
|
||||
gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
|
||||
QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG
|
||||
A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz
|
||||
OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ
|
||||
VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp
|
||||
ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3
|
||||
b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA
|
||||
DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn
|
||||
0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB
|
||||
OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE
|
||||
fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E
|
||||
Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m
|
||||
o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i
|
||||
sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW
|
||||
OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez
|
||||
Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS
|
||||
adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n
|
||||
3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
|
||||
AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC
|
||||
AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ
|
||||
F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf
|
||||
CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29
|
||||
XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm
|
||||
djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/
|
||||
WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb
|
||||
AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq
|
||||
P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko
|
||||
b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj
|
||||
XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P
|
||||
5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi
|
||||
DrW5viSP
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
|
||||
@ -1601,40 +1506,6 @@ y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
|
||||
NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV
|
||||
BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
|
||||
c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt
|
||||
ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4
|
||||
MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg
|
||||
SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl
|
||||
a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi
|
||||
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h
|
||||
4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk
|
||||
tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s
|
||||
tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL
|
||||
dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4
|
||||
c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um
|
||||
TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z
|
||||
+kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O
|
||||
Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW
|
||||
OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW
|
||||
fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2
|
||||
l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
|
||||
/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw
|
||||
FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+
|
||||
8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI
|
||||
6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO
|
||||
TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME
|
||||
wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY
|
||||
Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn
|
||||
xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q
|
||||
DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q
|
||||
Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t
|
||||
hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4
|
||||
7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7
|
||||
QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE5zCCA8+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQ0Ex
|
||||
EDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoTFEVj
|
||||
aG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZp
|
||||
@ -2419,35 +2290,6 @@ naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls
|
||||
QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN
|
||||
AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp
|
||||
dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw
|
||||
MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw
|
||||
CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ
|
||||
MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||
AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB
|
||||
SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz
|
||||
ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH
|
||||
LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP
|
||||
PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL
|
||||
2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w
|
||||
ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC
|
||||
MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk
|
||||
AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0
|
||||
AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz
|
||||
AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz
|
||||
AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f
|
||||
BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE
|
||||
FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY
|
||||
P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi
|
||||
CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g
|
||||
kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95
|
||||
HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS
|
||||
na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q
|
||||
qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z
|
||||
TbvGRNs2yyqcjg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN
|
||||
MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo
|
||||
b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw
|
||||
@ -2517,43 +2359,6 @@ uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
|
||||
XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV
|
||||
MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe
|
||||
TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0
|
||||
dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB
|
||||
KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0
|
||||
N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC
|
||||
dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu
|
||||
MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL
|
||||
b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD
|
||||
zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi
|
||||
3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8
|
||||
WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY
|
||||
Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi
|
||||
NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC
|
||||
ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4
|
||||
QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0
|
||||
YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz
|
||||
aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
|
||||
IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm
|
||||
ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg
|
||||
ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs
|
||||
amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv
|
||||
IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3
|
||||
Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6
|
||||
ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1
|
||||
YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg
|
||||
dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs
|
||||
b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G
|
||||
CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO
|
||||
xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP
|
||||
0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ
|
||||
QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk
|
||||
f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK
|
||||
8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
|
||||
MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
|
||||
MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
|
||||
@ -2601,6 +2406,28 @@ Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ
|
||||
/L7fCg0=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt
|
||||
MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg
|
||||
Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i
|
||||
YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x
|
||||
CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG
|
||||
b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
|
||||
bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3
|
||||
HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx
|
||||
WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX
|
||||
1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk
|
||||
u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P
|
||||
99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r
|
||||
M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
|
||||
AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB
|
||||
BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh
|
||||
cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5
|
||||
gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO
|
||||
ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf
|
||||
aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
|
||||
Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL
|
||||
BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
|
||||
BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00
|
||||
@ -2820,31 +2647,6 @@ rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
|
||||
7CAFYd4=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
|
||||
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
|
||||
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
|
||||
ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
|
||||
fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
|
||||
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
|
||||
BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
|
||||
cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
|
||||
HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
|
||||
CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
|
||||
3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
|
||||
6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
|
||||
HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
|
||||
Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
|
||||
Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
|
||||
DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
|
||||
5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
|
||||
Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
|
||||
gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
|
||||
aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
|
||||
izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
|
||||
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
|
||||
GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
|
||||
@ -3772,162 +3574,6 @@ e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
|
||||
TpPDpFQUWw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjEL
|
||||
MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
|
||||
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
|
||||
Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQzWhcNMjUxMjMxMjI1
|
||||
OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
|
||||
SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UEAxMc
|
||||
VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jf
|
||||
tMjWQ+nEdVl//OEd+DFwIxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKg
|
||||
uNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2J
|
||||
XjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK
|
||||
8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+99
|
||||
5OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3
|
||||
kUrL84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
|
||||
dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6
|
||||
Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz
|
||||
JTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290
|
||||
Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
|
||||
TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iS
|
||||
GNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprt
|
||||
ZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8
|
||||
au0WOB9/WIFaGusyiC2y8zl3gK9etmF1KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaV
|
||||
hgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeI
|
||||
dUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL
|
||||
MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
|
||||
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
|
||||
Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1
|
||||
OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
|
||||
SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc
|
||||
VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW
|
||||
Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q
|
||||
Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2
|
||||
1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq
|
||||
ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1
|
||||
Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud
|
||||
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX
|
||||
XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy
|
||||
dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6
|
||||
Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz
|
||||
JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290
|
||||
Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
|
||||
TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN
|
||||
irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8
|
||||
TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6
|
||||
g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB
|
||||
95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj
|
||||
S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDtjCCAp6gAwIBAgIOBcAAAQACQdAGCk3OdRAwDQYJKoZIhvcNAQEFBQAwdjEL
|
||||
MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV
|
||||
BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDQgQ0ExJTAjBgNVBAMTHFRDIFRydXN0
|
||||
Q2VudGVyIENsYXNzIDQgQ0EgSUkwHhcNMDYwMzIzMTQxMDIzWhcNMjUxMjMxMjI1
|
||||
OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i
|
||||
SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgNCBDQTElMCMGA1UEAxMc
|
||||
VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgNCBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBALXNTJytrlG7fEjFDSmGehSt2VA9CXIgDRS2Y8b+WJ7gIV7z
|
||||
jyIZ3E6RIM1viCmis8GsKnK6i1S4QF/yqvhDhsIwXMynXX/GCEnkDjkvjhjWkd0j
|
||||
FnmA22xIHbzB3ygQY9GB493fL3l1oht48pQB5hBiecugfQLANIJ7x8CtHUzXapZ2
|
||||
W78mhEj9h/aECqqSB5lIPGG8ToVYx5ct/YFKocabEvVCUNFkPologiJw3fX64yhC
|
||||
L04y87OjNopq1mJcrPoBbbTgci6VaLTxkwzGioLSHVPqfOA/QrcSWrjN2qUGZ8uh
|
||||
d32llvCSHmcOHUJG5vnt+0dTf1cERh9GX8eu4I8CAwEAAaNCMEAwDwYDVR0TAQH/
|
||||
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFB/quz4lGwa9pd1iBX7G
|
||||
TFq/6A9DMA0GCSqGSIb3DQEBBQUAA4IBAQBYpCubTPfkpJKknGWYGWIi/HIy6QRd
|
||||
xMRwLVpG3kxHiiW5ot3u6hKvSI3vK2fbO8w0mCr3CEf/Iq978fTr4jgCMxh1KBue
|
||||
dmWsiANy8jhHHYz1nwqIUxAUu4DlDLNdjRfuHhkcho0UZ3iMksseIUn3f9MYv5x5
|
||||
+F0IebWqak2SNmy8eesOPXmK2PajVnBd3ttPedJ60pVchidlvqDTB4FAVd0Qy+BL
|
||||
iILAkH0457+W4Ze6mqtCD9Of2J4VMxHL94J59bXAQVaS4d9VA61Iz9PyLrHHLVZM
|
||||
ZHQqMc7cdalUR6SnQnIJ5+ECpkeyBM1CE+FhDOB4OiIgohxgQoaH96Xm
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTEL
|
||||
MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
|
||||
BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1
|
||||
c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1NDI4WhcNMjUxMjMx
|
||||
MjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIg
|
||||
R21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYwJAYD
|
||||
VQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSR
|
||||
JJZ4Hgmgm5qVSkr1YnwCqMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3T
|
||||
fCZdzHd55yx4Oagmcw6iXSVphU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeu
|
||||
jRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3z
|
||||
wZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQ
|
||||
fezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYD
|
||||
VR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAO
|
||||
BgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G
|
||||
CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X1
|
||||
7caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNerNXxTPqYn
|
||||
8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3ghUJGooWMNjs
|
||||
ydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT
|
||||
ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/
|
||||
2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF3zCCA8egAwIBAgIOGTMAAQACKBqaBLzyVUUwDQYJKoZIhvcNAQEFBQAwejEL
|
||||
MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
|
||||
BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEnMCUGA1UEAxMeVEMgVHJ1
|
||||
c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJMB4XDTA2MDMyMjE1NTgzNFoXDTMwMTIz
|
||||
MTIyNTk1OVowejELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVy
|
||||
IEdtYkgxJDAiBgNVBAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEnMCUG
|
||||
A1UEAxMeVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJMIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEAi9R3azRs5TbYalxeOO781R15Azt7g2JEgk6I
|
||||
7d6D/+7MUGIFBZWZdpj2ufJf2AaRksL2LWYXH/1TA+iojWOpbuHWG4y8mLOLO9Tk
|
||||
Lsp9hUkmW3m4GotAnn+7yT9jLM/RWny6KCJBElpN+Rd3/IX9wkngKhh/6aAsnPlE
|
||||
/AxoOUL1JwW+jhV6YJ3wO8c85j4WvK923mq3ouGrRkXrjGV90ZfzlxElq1nroCLZ
|
||||
gt2Y7X7i+qBhCkoy3iwX921E6oFHWZdXNwM53V6CItQzuPomCba8OYgvURVOm8M7
|
||||
3xOCiN1LNPIz1pDp81PcNXzAw9l8eLPNcD+NauCjgUjkKa1juPD8KGQ7mbN9/pqd
|
||||
iPaZIgiRRxaJNXhdd6HPv0nh/SSUK2k2e+gc5iqQilvVOzRZQtxtz7sPQRxVzfUN
|
||||
Wy4WIibvYR6X/OJTyM9bo8ep8boOhhLLE8oVx+zkNo3aXBM9ZdIOXXB03L+PemrB
|
||||
Lg/Txl4PK1lszGFs/sBhTtnmT0ayWuIZFHCE+CAA7QGnl37DvRJckiMXoKUdRRcV
|
||||
I5qSCLUiiI3cKyTr4LEXaNOvYb3ZhXj2jbp4yjeNY77nrB/fpUcJucglMVRGURFV
|
||||
DYlcjdrSGC1z8rjVJ/VIIjfRYvd7Dcg4i6FKsPzQ8eu3hmPn4A5zf/1yUbXpfeJV
|
||||
BWR4Z38CAwEAAaNjMGEwHwYDVR0jBBgwFoAUzdeQoW6jv9sw1toyJZAM5jkegGUw
|
||||
DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFM3XkKFu
|
||||
o7/bMNbaMiWQDOY5HoBlMA0GCSqGSIb3DQEBBQUAA4ICAQB+FojoEw42zG4qhQc4
|
||||
xlaJeuNHIWZMUAgxWlHQ/KZeFHXeTDvs8e3MfhEHSmHu6rOOOqQzxu2KQmZP8Tx7
|
||||
yaUFQZmx7Cxb7tyW0ohTS3g0uW7muw/FeqZ8Dhjfbw90TNGp8aHp2FRkzF6WeKJW
|
||||
GsFzshXGVwXf2vdIJIqOf2qp+U3pPmrOYCx9LZAI9mOPFdAtnIz/8f38DBZQVhT7
|
||||
upeG7rRJA1TuG1l/MDoCgoYhrv7wFfLfToPmmcW6NfcgkIw47XXP4S73BDD7Ua2O
|
||||
giRAyn0pXdXZ92Vk/KqfdLh9kl3ShCngE+qK99CrxK7vFcXCifJ7tjtJmGHzTnKR
|
||||
N4xJkunI7Cqg90lufA0kxmts8jgvynAF5X/fxisrgIDV2m/LQLvYG/AkyRDIRAJ+
|
||||
LtOYqqIN8SvQ2vqOHP9U6OFKbt2o1ni1N6WsZNUUI8cOpevhCTjXwHxgpV2Yj4wC
|
||||
1dxWqPNNWKkL1HxkdAEy8t8PSoqpAqKiHYR3wvHMl700GXRd4nQ+dSf3r7/ufA5t
|
||||
VIimVuImrTESPB5BeW0X6hNeH/Vcn0lZo7Ivo0LD+qh+v6WfSMlgYmIK371F3uNC
|
||||
tVGW/cT1Gpm4UqJEzS1hjBWPgdVdotSQPYxuQGHDWV3Y2eH2dEcieXR92sqjbzcV
|
||||
NvAsGnE8EXbfXRo+VGN4a2V+Hw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAwezEL
|
||||
MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV
|
||||
BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UEAxMfVEMgVHJ1
|
||||
c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkwODE1MjdaFw0yOTEy
|
||||
MzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRl
|
||||
ciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0ExKDAm
|
||||
BgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJSUkwggEiMA0GCSqG
|
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2pxisLlxErALyBpXsq6DFJmzNEubkKLF
|
||||
5+cvAqBNLaT6hdqbJYUtQCggbergvbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYv
|
||||
DIRlzg9uwliT6CwLOunBjvvya8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8v
|
||||
zArZQe+f/prhsq75U7Xl6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRT
|
||||
yGG299J5KmcYdkhtWyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yj
|
||||
dipFtK+/fz6HP3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBh
|
||||
MB8GA1UdIwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMB
|
||||
Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI
|
||||
4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42Fmhfz
|
||||
dkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhnYIg5IFHY
|
||||
aAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhKBgePxLcHsU0G
|
||||
DeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRclkvxOvIAu2y0+pZV
|
||||
CIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGGjYnuJ8Tb4rwZjgvDwxPH
|
||||
LQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9HKgl8ZS0Zg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw
|
||||
NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv
|
||||
b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD
|
||||
@ -4059,31 +3705,6 @@ WIVFF/Onlu5fu1NHXdqNEfzldKDUvCfii3L2iATTZyHwU9CALE+2eIA+PIaLgnM1
|
||||
cbBsn0R9fFLO4El62S9eH1tqOzO20OAOK65yJIsOpSE=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
|
||||
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
|
||||
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
|
||||
aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
|
||||
MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
|
||||
BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
|
||||
VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
|
||||
fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
|
||||
TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
|
||||
fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
|
||||
1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
|
||||
kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
|
||||
A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
|
||||
VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
|
||||
ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
|
||||
dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
|
||||
Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
|
||||
HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
|
||||
pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
|
||||
jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
|
||||
xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
|
||||
dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF
|
||||
MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL
|
||||
ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx
|
||||
@ -4517,30 +4138,6 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
|
||||
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
|
||||
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
|
||||
cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
|
||||
LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
|
||||
aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
|
||||
dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
|
||||
VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
|
||||
aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
|
||||
bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
|
||||
IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
|
||||
LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
|
||||
GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
|
||||
+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
|
||||
U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
|
||||
NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
|
||||
ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
|
||||
ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
|
||||
CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
|
||||
g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
|
||||
fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
|
||||
2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
|
||||
bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB
|
||||
vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
|
||||
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
|
||||
|
7077
etc/Linux.pem
7077
etc/Linux.pem
File diff suppressed because it is too large
Load Diff
2640
etc/Microsoft.pem
2640
etc/Microsoft.pem
File diff suppressed because it is too large
Load Diff
312
etc/Mozilla.pem
312
etc/Mozilla.pem
@ -1,7 +1,7 @@
|
||||
##
|
||||
## Bundle of CA Root Certificates
|
||||
##
|
||||
## Certificate data from Mozilla as of: Wed Jan 20 04:12:04 2016
|
||||
## Certificate data from Mozilla as of: Wed Sep 14 03:12:05 2016
|
||||
##
|
||||
## This is a bundle of X.509 certificates of public Certificate Authorities
|
||||
## (CA). These were automatically extracted from Mozilla's root certificates
|
||||
@ -13,11 +13,10 @@
|
||||
## an Apache+mod_ssl webserver for SSL client authentication.
|
||||
## Just configure this file as the SSLCACertificateFile.
|
||||
##
|
||||
## Conversion done with mk-ca-bundle.pl version 1.25.
|
||||
## SHA1: 0ab47e2f41518f8d223eab517cb799e5b071231e
|
||||
## Conversion done with mk-ca-bundle.pl version 1.26.
|
||||
## SHA256: 01bbf1ecdd693f554ff4dcbe15880b3e6c33188a956c15ff845d313ca69cfeb8
|
||||
##
|
||||
|
||||
# taken from https://curl.haxx.se/docs/caextract.html
|
||||
|
||||
GlobalSign Root CA
|
||||
==================
|
||||
@ -630,28 +629,6 @@ EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
|
||||
llpwrN9M
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Staat der Nederlanden Root CA
|
||||
=============================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJOTDEeMBwGA1UE
|
||||
ChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFhdCBkZXIgTmVkZXJsYW5kZW4g
|
||||
Um9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEyMTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4w
|
||||
HAYDVQQKExVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxh
|
||||
bmRlbiBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFt
|
||||
vsznExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw719tV2U02P
|
||||
jLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MOhXeiD+EwR+4A5zN9RGca
|
||||
C1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+UtFE5A3+y3qcym7RHjm+0Sq7lr7HcsBth
|
||||
vJly3uSJt3omXdozSVtSnA71iq3DuD3oBmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn6
|
||||
22r+I/q85Ej0ZytqERAhSQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRV
|
||||
HSAAMDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMvcm9v
|
||||
dC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA7Jbg0zTBLL9s+DAN
|
||||
BgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k/rvuFbQvBgwp8qiSpGEN/KtcCFtR
|
||||
EytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzmeafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbw
|
||||
MVcoEoJz6TMvplW0C5GUR5z6u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3y
|
||||
nGQI0DvDKcWy7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR
|
||||
iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
UTN USERFirst Hardware Root CA
|
||||
==============================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
@ -732,41 +709,6 @@ IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes
|
||||
t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
NetLock Notary (Class A) Root
|
||||
=============================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQI
|
||||
EwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6
|
||||
dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9j
|
||||
ayBLb3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oX
|
||||
DTE5MDIxOTIzMTQ0N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQH
|
||||
EwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYD
|
||||
VQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFz
|
||||
cyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSM
|
||||
D7tM9DceqQWC2ObhbHDqeLVu0ThEDaiDzl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZ
|
||||
z+qMkjvN9wfcZnSX9EUi3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC
|
||||
/tmwqcm8WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LYOph7
|
||||
tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2EsiNCubMvJIH5+hCoR6
|
||||
4sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCCApswDgYDVR0PAQH/BAQDAgAGMBIG
|
||||
A1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaC
|
||||
Ak1GSUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pv
|
||||
bGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu
|
||||
IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2Vn
|
||||
LWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0
|
||||
ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFz
|
||||
IGxlaXJhc2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBh
|
||||
IGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVu
|
||||
b3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1YW5jZSBh
|
||||
bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sg
|
||||
Q1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFp
|
||||
bCBhdCBjcHNAbmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5
|
||||
ayZrU3/b39/zcT0mwBQOxmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjP
|
||||
ytoUMaFP0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQQeJB
|
||||
CWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxkf1qbFFgBJ34TUMdr
|
||||
KuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK8CtmdWOMovsEPoMOmzbwGOQmIMOM
|
||||
8CgHrTwXZoi1/baI
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
XRamp Global CA Root
|
||||
====================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
@ -1877,30 +1819,6 @@ IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm
|
||||
66+KAQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
CA Disig
|
||||
========
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMK
|
||||
QnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwHhcNMDYw
|
||||
MzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlz
|
||||
bGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgm
|
||||
GErENx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnXmjxUizkD
|
||||
Pw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYDXcDtab86wYqg6I7ZuUUo
|
||||
hwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhWS8+2rT+MitcE5eN4TPWGqvWP+j1scaMt
|
||||
ymfraHtuM6kMgiioTGohQBUgDCZbg8KpFhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8w
|
||||
gfwwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0P
|
||||
AQH/BAQDAgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cuZGlz
|
||||
aWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5zay9jYS9jcmwvY2Ff
|
||||
ZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2svY2EvY3JsL2NhX2Rpc2lnLmNybDAa
|
||||
BgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEwDQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59t
|
||||
WDYcPQuBDRIrRhCA/ec8J9B6yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3
|
||||
mkkp7M5+cTxqEEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/
|
||||
CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeBEicTXxChds6K
|
||||
ezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFNPGO+I++MzVpQuGhU+QqZMxEA
|
||||
4Z7CRneC9VkGjCFMhwnN5ag=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Juur-SK
|
||||
=======
|
||||
-----BEGIN CERTIFICATE-----
|
||||
@ -3892,3 +3810,227 @@ MluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0
|
||||
Daupn75OcsqF1NnstTJFGG+rrQIwfcf3aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYu
|
||||
a/GRspBl9JrmkO5K
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
SZAFIR ROOT CA2
|
||||
===============
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
|
||||
A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
|
||||
BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
|
||||
BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
|
||||
VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
|
||||
qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
|
||||
DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
|
||||
2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
|
||||
ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
|
||||
ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
|
||||
AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
|
||||
AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
|
||||
O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
|
||||
oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
|
||||
4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
|
||||
+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Certum Trusted Network CA 2
|
||||
===========================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
|
||||
BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
|
||||
bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
|
||||
ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
|
||||
TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
|
||||
cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
|
||||
IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
|
||||
7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
|
||||
CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
|
||||
Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
|
||||
uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
|
||||
GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
|
||||
9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
|
||||
Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
|
||||
hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
|
||||
BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
|
||||
AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
|
||||
hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
|
||||
Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
|
||||
L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
|
||||
clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
|
||||
pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
|
||||
w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
|
||||
J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
|
||||
ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
|
||||
is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
|
||||
zAYspsbiDrW5viSP
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Hellenic Academic and Research Institutions RootCA 2015
|
||||
=======================================================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
|
||||
BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
|
||||
aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
|
||||
YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
|
||||
MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
|
||||
QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
|
||||
BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
|
||||
MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
|
||||
bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
|
||||
iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
|
||||
6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
|
||||
FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
|
||||
i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
|
||||
GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
|
||||
fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
|
||||
iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
|
||||
Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
|
||||
AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
|
||||
hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
|
||||
D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
|
||||
d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
|
||||
d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
|
||||
82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
|
||||
davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
|
||||
Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
|
||||
J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
|
||||
JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
|
||||
p/UsQu0yrbYhnr68
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Hellenic Academic and Research Institutions ECC RootCA 2015
|
||||
===========================================================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
|
||||
aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
|
||||
cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
|
||||
aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
|
||||
MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
|
||||
IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
|
||||
VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
|
||||
Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
|
||||
dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
|
||||
Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
|
||||
BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
|
||||
GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
|
||||
dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Certplus Root CA G1
|
||||
===================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUAMD4xCzAJBgNV
|
||||
BAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTAe
|
||||
Fw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhD
|
||||
ZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggIPADCCAgoCggIBANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHN
|
||||
r49aiZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt6kuJPKNx
|
||||
Qv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP0FG7Yn2ksYyy/yARujVj
|
||||
BYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTv
|
||||
LRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDEEW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2
|
||||
z4QTd28n6v+WZxcIbekN1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc
|
||||
4nBvCGrch2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCTmehd
|
||||
4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV4EJQeIQEQWGw9CEj
|
||||
jy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPOWftwenMGE9nTdDckQQoRb5fc5+R+
|
||||
ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
|
||||
A1UdDgQWBBSowcCbkahDFXxdBie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHY
|
||||
lwuBsTANBgkqhkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh
|
||||
66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7/SMNkPX0XtPG
|
||||
YX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BSS7CTKtQ+FjPlnsZlFT5kOwQ/
|
||||
2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F
|
||||
6ALEUz65noe8zDUa3qHpimOHZR4RKttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilX
|
||||
CNQ314cnrUlZp5GrRHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWe
|
||||
tUNy6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEVV/xuZDDC
|
||||
VRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5g4VCXA9DO2pJNdWY9BW/
|
||||
+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl++O/QmueD6i9a5jc2NvLi6Td11n0bt3+
|
||||
qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo=
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
Certplus Root CA G2
|
||||
===================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4xCzAJBgNVBAYT
|
||||
AkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjAeFw0x
|
||||
NDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0
|
||||
cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
|
||||
BM0PW1aC3/BFGtat93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uN
|
||||
Am8xIk0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0PAQH/BAQD
|
||||
AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMB8GA1Ud
|
||||
IwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqGSM49BAMDA2gAMGUCMHD+sAvZ94OX7PNV
|
||||
HdTcswYO/jOYnYs5kGuUIe22113WTNchp+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjl
|
||||
vPl5adytRSv3tjFzzAalU5ORGpOucGpnutee5WEaXw==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
OpenTrust Root CA G1
|
||||
====================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV
|
||||
BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcx
|
||||
MB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM
|
||||
CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEB
|
||||
AQUAA4ICDwAwggIKAoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7fa
|
||||
Yp6bwiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX/uMftk87
|
||||
ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR077F9jAHiOH3BX2pfJLKO
|
||||
YheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGPuY4zbGneWK2gDqdkVBFpRGZPTBKnjix9
|
||||
xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLxp2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO
|
||||
9z0M+Yo0FMT7MzUj8czxKselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq
|
||||
3ywgsNw2TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+WG+Oi
|
||||
n6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPwvFEVVJSmdz7QdFG9
|
||||
URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYYEQRVzXR7z2FwefR7LFxckvzluFqr
|
||||
TJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
|
||||
/zAdBgNVHQ4EFgQUl0YhVyE12jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/Px
|
||||
N3DlCPaTKbYwDQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E
|
||||
PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kfgLMtMrpkZ2Cv
|
||||
uVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbSFXJfLkur1J1juONI5f6ELlgK
|
||||
n0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLh
|
||||
X4SPgPL0DTatdrOjteFkdjpY3H1PXlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80
|
||||
nR14SohWZ25g/4/Ii+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcm
|
||||
GS3tTAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L9109S5zvE/
|
||||
bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/KyPu1svf0OnWZzsD2097+o
|
||||
4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJAwSQiumPv+i2tCqjI40cHLI5kqiPAlxA
|
||||
OXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj1oxx
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
OpenTrust Root CA G2
|
||||
====================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUAMEAxCzAJBgNV
|
||||
BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcy
|
||||
MB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM
|
||||
CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEB
|
||||
AQUAA4ICDwAwggIKAoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+
|
||||
Ntmh/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78eCbY2albz
|
||||
4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/61UWY0jUJ9gNDlP7ZvyCV
|
||||
eYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fEFY8ElggGQgT4hNYdvJGmQr5J1WqIP7wt
|
||||
UdGejeBSzFfdNTVY27SPJIjki9/ca1TSgSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz
|
||||
3GIZ38i1MH/1PCZ1Eb3XG7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj
|
||||
3CzMpSZyYhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaHvGOz
|
||||
9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4t/bQWVyJ98LVtZR0
|
||||
0dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/gh7PU3+06yzbXfZqfUAkBXKJOAGT
|
||||
y3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
|
||||
/zAdBgNVHQ4EFgQUajn6QiL35okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59
|
||||
M4PLuG53hq8wDQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz
|
||||
Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0nXGEL8pZ0keI
|
||||
mUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qTRmTFAHneIWv2V6CG1wZy7HBG
|
||||
S4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpTwm+bREx50B1ws9efAvSyB7DH5fitIw6mVskp
|
||||
EndI2S9G/Tvw/HRwkqWOOAgfZDC2t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ
|
||||
6e18CL13zSdkzJTaTkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97kr
|
||||
gCf2o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU3jg9CcCo
|
||||
SmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eAiN1nE28daCSLT7d0geX0
|
||||
YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14fWKGVyasvc0rQLW6aWQ9VGHgtPFGml4vm
|
||||
u7JwqkwR3v98KzfUetF3NI/n+UL3PIEMS1IK
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
OpenTrust Root CA G3
|
||||
====================
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAxCzAJBgNVBAYT
|
||||
AkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEczMB4X
|
||||
DTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9w
|
||||
ZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQA
|
||||
IgNiAARK7liuTcpm3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5B
|
||||
ta1doYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4GA1UdDwEB
|
||||
/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAf
|
||||
BgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAKBggqhkjOPQQDAwNpADBmAjEAj6jcnboM
|
||||
BBf6Fek9LykBl7+BFjNAk2z8+e2AcG+qj9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta
|
||||
3U1fJAuwACEl74+nBCZx4nxp5V2a+EEfOzmTk51V6s2N8fvB
|
||||
-----END CERTIFICATE-----
|
||||
|
@ -8,11 +8,14 @@ The certificate stores were retrieved by
|
||||
* Microsoft: For Windows >= 7/2008 Microsoft decided not to provide
|
||||
a full certificate store by default or via update as all other OS do.
|
||||
It's being populated with time -- supposed you use e.g. IE while browsing.
|
||||
Thus this file is smaller as the others.
|
||||
This store was destilled from three different windows installations via
|
||||
"certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities"
|
||||
--> "Certificates".
|
||||
Third Party Root Certificates were for now deliberately omitted.
|
||||
and the Third Party Store.
|
||||
Feedback is welcome, see #317.
|
||||
It's still behind what MS publishes what [should be included](http://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants-v-2016-april.aspx).
|
||||
Unfortunately there doesn't seem to be store to DL. Let me know if
|
||||
you have a pointer
|
||||
* Apple: It comes from Apple OS X keychain app. Open Keychain Access.
|
||||
In the Finder window, under Favorites --> "Applications" --> "Utilities"
|
||||
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
|
||||
|
256
etc/ca_hashes.txt
Normal file
256
etc/ca_hashes.txt
Normal file
@ -0,0 +1,256 @@
|
||||
+OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2
|
||||
+sld48JKF0GUgAz/qjylHXEWYwZkqbYMh1i07w3Fj4g= A-Trust-nQual-03
|
||||
/1aAzXOlcD2gSBegdf1GJQanNQbEuBoVg+9UlHjSZHY= /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
|
||||
/PfamDYD6IhiAw2WE32OEwMbrftNVsH9TKzDOfa9uyo= America Online Root Certification Authority 2
|
||||
/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1
|
||||
/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009
|
||||
0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2
|
||||
0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA
|
||||
0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6
|
||||
1qGEQ9NI25lPk0zNjmNdgzonrB5W+K+vfJfLT0Pqtos= Certification Authority of WoSign
|
||||
28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= /C=RO/O=certSIGN/OU=certSIGN ROOT CA
|
||||
2Psz44XJwtpymoRwa6kn3Lt5Jz4SL/2WczY7cLfzbLs= Root CA Generalitat Valenciana
|
||||
2xXABitSDzGKGdrP7NZPnno/vmCf1YZ5byCuAo6OMFg= CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
|
||||
31MLrJ/NkUwlLC+9zt3GGD1K6MaArWXwPiBIYd17HHM= Microsoft Root Certificate Authority
|
||||
3V7RwJD59EgGG6qUprsRAXVE6e76ogzHFM5sYz9dxik= CFCA EV ROOT
|
||||
4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services
|
||||
58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU= COMODO ECC Certification Authority
|
||||
5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority
|
||||
5co3vHtsNhl5vGsSPKmh2wGQRtf/X1ffuFSxnRCwaC8= Atos TrustedRoot 2011
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA
|
||||
60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority
|
||||
7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009
|
||||
80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3
|
||||
8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2
|
||||
96/0GycJ8XX4q6F+VnsnBGst1Uv25+Jj0ylYc0N7nP8= A-Trust-Qual-03
|
||||
9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2
|
||||
9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
|
||||
9TwiBZgX3Zb0AGUWOdL4V+IQcKWavtkHlADZ9pVQaQA= Thawte Premium Server CA
|
||||
9YV9iGK8K6PJ3co/hBRtyNgfTVedKzh79gBlOB7mQd0= Class 3P Primary CA
|
||||
9zvl66U2kSxVf7hVUXrR7gSHvY9jSYw5SRZBd7oGxd4= I.CA - Standard root certificate
|
||||
AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority
|
||||
AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA
|
||||
AjdtCQisIwQcx9Zm2drxklVPf8NjF6qcuACQhhayivg= Microsoft Root Certificate Authority 2011
|
||||
AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
|
||||
B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1
|
||||
BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority
|
||||
BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root
|
||||
BVcK5usPzrQhDm23lIa3CUyvIAQB4Um2Z3RBtfJeRJs= ACCVRAIZ1
|
||||
Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2
|
||||
Blb1lVIEyNK8ixykdeKk+m4STRJFEnhBV8hYtVRxFBo= http:
|
||||
CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign
|
||||
CT23Z4iPaxMnVV29Qrtck/7exQRMeoS8bqMqV4wiNcA= http:
|
||||
D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object
|
||||
DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3
|
||||
EASNAtrRvSDsXdZoz1gbc5Yc6O6YL+vHiUZu/Uj37HM= avast! Web
|
||||
EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU= GTE CyberTrust Global Root
|
||||
ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1
|
||||
F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU= GeoTrust Global CA 2
|
||||
FJ8u5juaXlgDJAp3DcmR/C40ReYoMcJFpJvE8fc4/5w= OISTE WISeKey Global Root GB CA
|
||||
FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2
|
||||
Fbso2SB+E/i8lVfdeF66dzvqlE4E1+CP+KpV7zGUqiA= KEYNECTIS ROOT CA
|
||||
Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3
|
||||
FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
|
||||
FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
|
||||
FtgtZ6Htjon5q1j30P0+sNABdof8ruzUBHXxAIOltZM= SecureSign RootCA1
|
||||
G4qJUxcBYIye88ZfXWCpSLG625dTYiougcCkooS+Y8w= CA DATEV STD 01
|
||||
GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3
|
||||
Ga2Y3gIVXX4z6d0h8ORWEP0R0oBEuDGLvr+fYzeIjfA= CA DATEV BT 01
|
||||
Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011
|
||||
H0IkzshPyZztiB/2/P0+IfjFGcVHqmpd094kcwLOUNE= CNNIC ROOT
|
||||
HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA
|
||||
HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048)
|
||||
I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA
|
||||
I4SdCUkj1EpIgbY6sYXpvhWqyO8sMETZNLx/JuLSzWk= America Online Root Certification Authority 1
|
||||
ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs= USERTrust ECC Certification Authority
|
||||
IgUKkoNkgcLzwfhBfTdEehZwB6ybpk6iKMtqHhTGS4s= I.CA - Qualified root certificate
|
||||
IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3
|
||||
JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA
|
||||
JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5
|
||||
JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA
|
||||
JsGNxu6m9jL2drzrodjCtINS8pwtX82oeOCdy4Mt1uU= Equifax Secure eBusiness CA-1
|
||||
K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA
|
||||
KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com
|
||||
KikzfD1iJMxT8LteXVggwNiEiwSHEyjwkP7jzWv4IbQ= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
|
||||
Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2
|
||||
KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2
|
||||
KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2
|
||||
Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email
|
||||
LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA
|
||||
M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
|
||||
MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4
|
||||
MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2
|
||||
MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4
|
||||
Md4MsZ8q27DRzXsbMe+O4+tZt0RZrvlLSAvu7rhcZMk= http:
|
||||
MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC
|
||||
MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority
|
||||
NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1
|
||||
NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1
|
||||
NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorit\xC3\xA9 Racine
|
||||
O0WRggXFkSmKGSKli0kh0B9kj6nSi93frSSu7FlCz78= /C=ES/O=FNMT/OU=FNMT Clase 2 CA
|
||||
OBo/x6iwgvooYTpNB/LHVT9OGRjuB8qp6LfO3lqcoGo= Certification Authority of WoSign G2
|
||||
OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root
|
||||
OoA+fApDop/XNnLj0LssNlPZSO3gs8sdtM51qFfomvE= Buypass Class 3 CA 1
|
||||
Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068
|
||||
P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA
|
||||
PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6
|
||||
QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC
|
||||
QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2
|
||||
QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3
|
||||
R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA
|
||||
RGLBB8SF3WpUQ/XnoWBEFgNKN0w/TRCHXxw3FQJ1Y68= Microsoft Root Authority
|
||||
RK+K/PE5XSqOMO+BLOGc6y6JSN/SHgD7qjRon5okch8= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1
|
||||
RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services
|
||||
S3Lf7T7cy19JRWguKVcxoIZKxrW4Wxk+zS8GtJAMHP0= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 H5
|
||||
S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig
|
||||
SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority
|
||||
SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3
|
||||
SiZZZm3AIDuRb1PYCtj2GsML6hYfSFzHUn5qWTfkkhY= T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 H6
|
||||
SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3
|
||||
TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware
|
||||
Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root
|
||||
UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna
|
||||
UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4
|
||||
VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA
|
||||
VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
|
||||
Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3
|
||||
VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3
|
||||
WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1
|
||||
WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA
|
||||
Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4
|
||||
WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA
|
||||
Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root
|
||||
YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2
|
||||
YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009
|
||||
YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority
|
||||
Yo46EVb2+qkvlLQJJY1Muj8gR0gNMBlPrz++0F6utbI= e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
|
||||
Z+oZMkOuODk5ta2eNWprK/k6k7zc+CikcIJJeIMIP4Y= Staat der Nederlanden Root CA
|
||||
Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2
|
||||
Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2
|
||||
ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
|
||||
ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano
|
||||
ZrAFOYJqN0hJMBkeAo9i2rHLyJs6zUctxOWQXke/c2Q= Macao Post eSignTrust Root Certification Authority (G02)
|
||||
a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II
|
||||
a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1
|
||||
aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA
|
||||
akNrWNnYMOjVuKZCUFrWtBQGrc1olNlBT3vgoUZ7rbc= CA DATEV STD 02
|
||||
axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA
|
||||
aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2
|
||||
bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial
|
||||
bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority
|
||||
bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= /C=JP/O=Japanese Government/OU=ApplicationCA
|
||||
cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3
|
||||
cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2
|
||||
cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign
|
||||
cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root
|
||||
du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2
|
||||
dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA
|
||||
dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA
|
||||
egUvWN1fX0JTrxfoxOkAplWFMtYlqYpuGmCYxVCv5UI= Cybertrust Public SureServer SV CA
|
||||
eu3d82sY+Ky3N5/hzhgyErI1DQeIq+DoJFe+m62tbVQ= CA WoSign ECC Root
|
||||
fDtG2b6PJ0H5gAOVIYWOTN0wd0+zKzshzuoGqnnGqsY= SecureSign RootCA2
|
||||
fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE= GeoTrust Universal CA 2
|
||||
fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign
|
||||
foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU= Cybertrust Global Root
|
||||
fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3
|
||||
gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2
|
||||
gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4
|
||||
gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority
|
||||
gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications
|
||||
grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= COMODO RSA Certification Authority
|
||||
h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA
|
||||
hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3
|
||||
hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA
|
||||
hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3
|
||||
hsE6NAjdGqd+6LaUfAOVh3L1MSSMFie++yxPSwTQRJY= IGC
|
||||
i+p269YTev+fHsw8CMrx3sR9uRaQ1XVMTp8VIywKLng= CA DATEV INT 01
|
||||
i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2
|
||||
iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign
|
||||
iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root
|
||||
ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3
|
||||
itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2
|
||||
j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2
|
||||
jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3
|
||||
jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA
|
||||
jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048
|
||||
k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II
|
||||
kRni9BNXl3eVSZFwPu4joEUjoxK1xl9/k3SqMQDr2Oc= Class 3TS Primary CA
|
||||
knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008
|
||||
ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority
|
||||
kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2
|
||||
lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking
|
||||
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root
|
||||
lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA
|
||||
lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com
|
||||
lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6
|
||||
lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority
|
||||
lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA= GeoTrust Universal CA
|
||||
ly+8bVW/77Gr43WK19Z6NJu++AwG8dhQAd+5EBuavBs= CA DATEV INT 02
|
||||
lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA
|
||||
mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy
|
||||
mAki7uB/hrx/Xl6V1X24va5o4XpCHE5yqWpwioeSASQ= Microsec e-Szigno Root CA
|
||||
mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4
|
||||
myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3
|
||||
nG9qEjy6pO402+zu4kyX1ziHjLQj88InOQNCT10fbdU= Thawte Server CA
|
||||
nZih+2BTjEzEhX/xqMgDT69vxZIJP2GZlLLIE9JQuGQ= Class 1 Primary CA
|
||||
ncOKntz4KEK2dNoYa21iFaueLsbXL1ewioknKMMUMfM= SecureSign RootCA3
|
||||
ndVfxXP1RstqODHRES2HEKb0+C3If1+unToaAo3Tbks= China Internet Network Information Center EV Certificates Root
|
||||
nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw= Entrust.net Secure Server Certification Authority
|
||||
odRdBilzQbHzpzXPo48oPmh5/sBigaNh5fQXzHDSnck= CA DATEV BT 02
|
||||
olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09
|
||||
otyYyny77hgislsme9XKUC+nsM9P/wcD7mpBZwPzx+o= Class 3 Primary CA
|
||||
p5jZL3bJxnVeX1X4bNFK7cwGVTceJ8zeA3d0XOPFABM= Certipost E-Trust Primary Qualified CA
|
||||
pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado
|
||||
pLibtwZW6kmPLZ4ApJf9udzSC4G4k46VK7ot+fZXKcM= Halcom CA FO
|
||||
pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= /C=TW/O=Government Root Certification Authority
|
||||
puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root
|
||||
pvH5v4oKndwID7SbHvw9GhwsMtwOE2pbAMlzFvKj3BE= Equifax Secure Global eBusiness CA-1
|
||||
q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III
|
||||
q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3
|
||||
qBKTRF2xlqIDD55FX+PHSppPgxewKwFAYCeocIF0Q0w= /C=TW/O=Government Root Certification Authority
|
||||
qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root
|
||||
qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
|
||||
qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority
|
||||
qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA
|
||||
qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA
|
||||
qzh2w9pd4MnPZzaGjuW4i/m6Hf+cnXLS/lqNL3gwIWY= Thawte Timestamping CA
|
||||
qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II
|
||||
r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA
|
||||
rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II
|
||||
ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6
|
||||
sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA
|
||||
sIP/U29/SKkIHilKAYe1PoGXcUAtnUgQMG3gMQJOX0Y= AC1 RAIZ MTIN
|
||||
sPbxW0gX6+b+C0v819Os5MdYsKtvip2i7ZLmGCOdnJg= ACEDICOM Root
|
||||
sRJBQqWhpaKIGcc1NA7/jJ4vgWj+47oYfyU7waOS1+I= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
|
||||
sh0qdDMYcSuhbzmRnZYaS6+6O8qaQ6dbH8/iLF1wyro= EC-ACC
|
||||
st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I
|
||||
sxguKJrjTd8r5kOrecJEMBYF+g8equbRD7kpYAr4TfA= Certipost E-Trust Primary Normalised CA
|
||||
tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg= /O=RSA Security Inc/OU=RSA Security 2048 V3
|
||||
tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1
|
||||
u0Eo7JYg8tKknOjixOJXrrrZOg8RxWtfpLAOI3Wfo50= SecureSign RootCA11
|
||||
uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3
|
||||
vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA
|
||||
vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2
|
||||
vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services
|
||||
vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority
|
||||
vt2LyX6oZJcZWgeKmZojegYK664HvAoLm3eJgrpfYvQ= Halcom CA PO 2
|
||||
wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA
|
||||
wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority
|
||||
x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium
|
||||
x/WEI22GOV6Pb4LAEIhqLFbgcaahw+0odrijpyxe+7U= I.CA - Standard Certification Authority, 09
|
||||
x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1
|
||||
x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4= USERTrust RSA Certification Authority
|
||||
xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA
|
||||
xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= /C=JP/O=LGPKI/OU=Application CA G2
|
||||
xeolnGKYA1CGSfAhd/Y8MvqFzErVw18NVBxF3xCkn9c= PSCProcert
|
||||
xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root
|
||||
y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK
|
||||
y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2
|
||||
yZBbDuASAik8oCbmTwhBJELFUEwG5Eyn6XJtYfIOQIk= Microsoft Root Certificate Authority 2010
|
||||
zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root
|
||||
ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA
|
||||
ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008
|
||||
zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA
|
9
t/10_ca_hashes_up_to_date.t
Executable file
9
t/10_ca_hashes_up_to_date.t
Executable file
@ -0,0 +1,9 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More tests => 1;
|
||||
|
||||
|
||||
my $newer_bundles=`find etc/*.pem -newer etc/ca_hashes.txt`;
|
||||
is($newer_bundles,"","List of CA bundles newer then etc/ca_hashes.txt should be empty. If not run utils/create_ca_hashes.sh");
|
||||
done_testing;
|
79
t/11_hpkp.t
Executable file
79
t/11_hpkp.t
Executable file
@ -0,0 +1,79 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
use Data::Dumper;
|
||||
use JSON;
|
||||
|
||||
my $tests = 0;
|
||||
|
||||
my (
|
||||
$out,
|
||||
$json,
|
||||
$found,
|
||||
);
|
||||
# OK
|
||||
pass("Running testssl.sh against ssl.sectionzero.org"); $tests++;
|
||||
$out = `./testssl.sh -H --jsonfile tmp.json --color 0 ssl.sectionzero.org`;
|
||||
$json = json('tmp.json');
|
||||
|
||||
# It is better to have findings in a hash
|
||||
# Look for a host cert match in the process.
|
||||
my $found = 0;
|
||||
my %findings;
|
||||
foreach my $f ( @$json ) {
|
||||
$findings{$f->{id}} = $f;
|
||||
if ( $f->{finding} =~ /matches the host certificate/ ) {
|
||||
$found++;
|
||||
}
|
||||
}
|
||||
is($found,1,"We found 1 'matches the host certificate' finding"); $tests++;
|
||||
like($out,'/Host cert/',"There is a 'host cert match' in the text output"); $tests++;
|
||||
|
||||
# Sub CA match
|
||||
ok( exists $findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"},"We have a finding for SPKI YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"); $tests++;
|
||||
like($findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"}->{finding},'/matches Intermediate CA \'Let\'s Encrypt Authority X3\' pinned in the HPKP header/',"We have our Sub CA finding"); $tests++;
|
||||
is($findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"}->{severity}, "OK", "The finding is ok"); $tests++;
|
||||
like($out,'/Sub CA\: YLh1dUR9y6Kja30RrAn7JKnbQG\/uEtLMkBgFF2Fuihg/',"There is a 'Sub CA match' in the text output"); $tests++;
|
||||
|
||||
# Root CA match Lets encrypt
|
||||
ok( exists $findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"},"We have a finding for SPKI Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"); $tests++;
|
||||
like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/matches Root CA \'DST Root CA X3\' pinned in the HPKP header/',"This is a Root CA finding"); $tests++;
|
||||
like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/DST Root CA X3/',"Correct Root CA"); $tests++;
|
||||
like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/matches Root CA \'DST Root CA X3\' pinned in the HPKP header\. \(Root CA part of the chain\)/',"CA is indeed part of chain"); $tests++;
|
||||
is($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{severity}, "INFO", "The finding is informational"); $tests++;
|
||||
like($out,'/Root CA\: Vjs8r4z\+80wjNcr1YKepWQboSIRi63WsWXhIMN\+eWys/',"There is a 'Root CA match' in the text output"); $tests++;
|
||||
|
||||
# Root CA StartCom
|
||||
ok( exists $findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"},"We have a finding for SPKI 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"); $tests++;
|
||||
like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/matches Root CA \'StartCom Certification Authority\' pinned in the HPKP header/',"This is a Root CA finding"); $tests++;
|
||||
like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/StartCom Certification Authority/',"Correct Root CA"); $tests++;
|
||||
like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/matches Root CA \'StartCom Certification Authority\' pinned in the HPKP header\. \(Root backup SPKI\)/',"CA is indeed NOT part of chain"); $tests++;
|
||||
is($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{severity}, "INFO", "The finding is informational"); $tests++;
|
||||
like($out,'/Backups\: 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU/',"There is a 'Root CA match' in the text output"); $tests++;
|
||||
|
||||
# Bad PIN
|
||||
ok( exists $findings{"hpkp_MTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTI"},"We have a finding for SPKI MTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTI"); $tests++;
|
||||
like($findings{"hpkp_MTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTI"}->{finding},'/doesn\'t match anything/',"It doesn't match indeed"); $tests++;
|
||||
is($findings{"hpkp_MTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTI"}->{severity}, "INFO", "The finding is informational"); $tests++;
|
||||
like($out,'/MTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTIzYmFkMTI/',"There is an 'unmatched key' in the text output"); $tests++;
|
||||
|
||||
like($findings{hpkp_spkis}->{finding},'/5 keys pinned/',"5 keys pinned in json"); $tests++;
|
||||
like($out,'/5 keys/',"5 keys pinned in text output"); $tests++;
|
||||
|
||||
like($findings{hpkp_age}->{finding},'/90 days/',"90 days in json"); $tests++;
|
||||
like($out,'/90 days/',"90 days in text output"); $tests++;
|
||||
|
||||
like($findings{hpkp_subdomains}->{finding},'/this domain only/',"this domain only in json"); $tests++;
|
||||
like($out,'/just this domain/',"just this domain text output"); $tests++;
|
||||
|
||||
like($findings{hpkp_preload}->{finding},'/NOT marked for/',"no preloading in json"); $tests++;
|
||||
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
my $file = shift;
|
||||
$file = `cat $file`;
|
||||
unlink $file;
|
||||
return from_json($file);
|
||||
}
|
517
testssl.sh
517
testssl.sh
@ -91,7 +91,9 @@ egrep -q "dev|rc" <<< "$VERSION" && \
|
||||
|
||||
readonly PROG_NAME=$(basename "$0")
|
||||
readonly RUN_DIR=$(dirname "$0")
|
||||
INSTALL_DIR=""
|
||||
TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # if you run testssl.sh from a different path you can set either TESTSSL_INSTALL_DIR
|
||||
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # or CA_BUNDLES_PATH to find the CA BUNDLES. TESTSSL_INSTALL_DIR helps you to find the RFC mapping also
|
||||
MAPPING_FILE_RFC=""
|
||||
OPENSSL_LOCATION=""
|
||||
HNAME="$(hostname)"
|
||||
HNAME="${HNAME%%.*}"
|
||||
@ -141,7 +143,7 @@ SHOW_SIGALGO=${SHOW_SIGALGO:-false} # "secret" switch whether testssl.sh sho
|
||||
SNEAKY=${SNEAKY:-false} # is the referer and useragent we leave behind just usual?
|
||||
QUIET=${QUIET:-false} # don't output the banner. By doing this yiu acknowledge usage term appearing in the banner
|
||||
SSL_NATIVE=${SSL_NATIVE:-false} # we do per default bash sockets where possible "true": switch back to "openssl native"
|
||||
ASSUMING_HTTP=${ASSUMING_HTTP:-false} # in seldom cases (WAF, old servers, grumpy SSL) service detection fails. "True" enforces HTTP checks
|
||||
ASSUME_HTTP=${ASSUME_HTTP:-false} # in seldom cases (WAF, old servers, grumpy SSL) service detection fails. "True" enforces HTTP checks
|
||||
BUGS=${BUGS:-""} # -bugs option from openssl, needed for some BIG IP F5
|
||||
DEBUG=${DEBUG:-0} # 1: normal putput the files in /tmp/ are kept for further debugging purposes
|
||||
# 2: list more what's going on , also lists some errors of connections
|
||||
@ -175,6 +177,7 @@ HPKP_MIN=${HPKP_MIN:-30} # >=30 days should be ok for HPKP_MIN, p
|
||||
DAYS2WARN1=${DAYS2WARN1:-60} # days to warn before cert expires, threshold 1
|
||||
DAYS2WARN2=${DAYS2WARN2:-30} # days to warn before cert expires, threshold 2
|
||||
VULN_THRESHLD=${VULN_THRESHLD:-1} # if vulnerabilities to check >$VULN_THRESHLD we DON'T show a separate header line in the output each vuln. check
|
||||
NODNS=${NODNS:-false} # always do DNS lookups per default. For some pentests it might save time to set this to true
|
||||
readonly CLIENT_MIN_PFS=5 # number of ciphers needed to run a test for PFS
|
||||
# generated from 'kEECDH:kEDH:!aNULL:!eNULL:!DES:!3DES:!RC4' with openssl 1.0.2i and openssl 1.1.0
|
||||
readonly ROBUST_PFS_CIPHERS="DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-SEED-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-SEED-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305"
|
||||
@ -196,6 +199,7 @@ CLIENT_AUTH=false
|
||||
NO_SSL_SESSIONID=false
|
||||
HOSTCERT=""
|
||||
HEADERFILE=""
|
||||
HEADERVALUE=""
|
||||
HTTP_STATUS_CODE=""
|
||||
PROTOS_OFFERED=""
|
||||
TLS_EXTENSIONS=""
|
||||
@ -248,7 +252,6 @@ TLS_NOW=""
|
||||
NOW_TIME=""
|
||||
HTTP_TIME=""
|
||||
GET_REQ11=""
|
||||
HEAD_REQ10=""
|
||||
readonly UA_STD="TLS tester from $SWURL"
|
||||
readonly UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"
|
||||
FIRST_FINDING=true # Is this the first finding we are outputting to file?
|
||||
@ -365,6 +368,7 @@ pr_off() { [[ "$COLOR" -ne 0 ]] && out "\033[m"; }
|
||||
pr_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[1m$1" || out "$1"; pr_off; }
|
||||
pr_boldln() { pr_bold "$1" ; outln; }
|
||||
pr_italic() { [[ "$COLOR" -ne 0 ]] && out "\033[3m$1" || out "$1"; pr_off; }
|
||||
pr_italicln() { pr_italic "$1" ; outln; }
|
||||
pr_underline() { [[ "$COLOR" -ne 0 ]] && out "\033[4m$1" || out "$1"; pr_off; }
|
||||
pr_reverse() { [[ "$COLOR" -ne 0 ]] && out "\033[7m$1" || out "$1"; pr_off; }
|
||||
pr_reverse_bold() { [[ "$COLOR" -ne 0 ]] && out "\033[7m\033[1m$1" || out "$1"; pr_off; }
|
||||
@ -487,7 +491,7 @@ fileout() { # ID, SEVERITY, FINDING
|
||||
|
||||
if "$do_json"; then
|
||||
"$FIRST_FINDING" || echo -n "," >> $JSONFILE
|
||||
echo -e " {
|
||||
echo " {
|
||||
\"id\" : \"$1\",
|
||||
\"ip\" : \"$NODE/$NODEIP\",
|
||||
\"port\" : \"$PORT\",
|
||||
@ -543,13 +547,17 @@ colon_to_spaces() {
|
||||
}
|
||||
|
||||
strip_lf() {
|
||||
echo "$1" | tr -d '\n' | tr -d '\r'
|
||||
tr -d '\n' <<< "$1" | tr -d '\r'
|
||||
}
|
||||
|
||||
strip_spaces() {
|
||||
echo "${1// /}"
|
||||
}
|
||||
|
||||
trim_trailing_space() {
|
||||
echo "${1%%*( )}"
|
||||
}
|
||||
|
||||
toupper() {
|
||||
echo -n "$1" | tr 'a-z' 'A-Z'
|
||||
}
|
||||
@ -664,19 +672,19 @@ asciihex_to_binary_file(){
|
||||
|
||||
for (( i=0; i <= len-16 ; i=i+16 )); do
|
||||
ip2=$i+2; ip4=$i+4; ip6=$i+6; ip8=$i+8; ip10=$i+10; ip12=$i+12; ip14=$i+14
|
||||
echo -e -n "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}\x${string:ip14:2}" >> "$file"
|
||||
printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}\x${string:ip14:2}" >> "$file"
|
||||
done
|
||||
|
||||
ip2=$i+2; ip4=$i+4; ip6=$i+6; ip8=$i+8; ip10=$i+10; ip12=$i+12; ip14=$i+14
|
||||
remainder=$len-$i
|
||||
case $remainder in
|
||||
2) echo -e -n "\x${string:i:2}" >> "$file" ;;
|
||||
4) echo -e -n "\x${string:i:2}\x${string:ip2:2}" >> "$file" ;;
|
||||
6) echo -e -n "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}" >> "$file" ;;
|
||||
8) echo -e -n "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}" >> "$file" ;;
|
||||
10) echo -e -n "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}" >> "$file" ;;
|
||||
12) echo -e -n "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}" >> "$file" ;;
|
||||
14) echo -e -n "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}" >> "$file" ;;
|
||||
2) printf -- "\x${string:i:2}" >> "$file" ;;
|
||||
4) printf -- "\x${string:i:2}\x${string:ip2:2}" >> "$file" ;;
|
||||
6) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}" >> "$file" ;;
|
||||
8) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}" >> "$file" ;;
|
||||
10) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}" >> "$file" ;;
|
||||
12) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}" >> "$file" ;;
|
||||
14) printf -- "\x${string:i:2}\x${string:ip2:2}\x${string:ip4:2}\x${string:ip6:2}\x${string:ip8:2}\x${string:ip10:2}\x${string:ip12:2}" >> "$file" ;;
|
||||
esac
|
||||
return 0
|
||||
}
|
||||
@ -685,7 +693,7 @@ asciihex_to_binary_file(){
|
||||
|
||||
# determines whether the port has an HTTP service running or not (plain TLS, no STARTTLS)
|
||||
# arg1 could be the protocol determined as "working". IIS6 needs that
|
||||
runs_HTTP() {
|
||||
service_detection() {
|
||||
local -i ret=0
|
||||
local -i was_killed
|
||||
local addcmd=""
|
||||
@ -721,10 +729,10 @@ runs_HTTP() {
|
||||
fileout "client_auth" "INFO" "certificate based authentication => skipping all HTTP checks"
|
||||
else
|
||||
out " Couldn't determine what's running on port $PORT"
|
||||
if $ASSUMING_HTTP; then
|
||||
if "$ASSUME_HTTP"; then
|
||||
SERVICE=HTTP
|
||||
out " -- ASSUMING_HTTP set though"
|
||||
fileout "service" "DEBUG" "Couldn't determine service, --ASSUMING_HTTP set"
|
||||
out " -- ASSUME_HTTP set though"
|
||||
fileout "service" "DEBUG" "Couldn't determine service, --ASSUME_HTTP set"
|
||||
ret=0
|
||||
else
|
||||
out ", assuming no HTTP service => skipping all HTTP checks"
|
||||
@ -922,6 +930,42 @@ run_http_date() {
|
||||
detect_ipv4
|
||||
}
|
||||
|
||||
|
||||
|
||||
# HEADERFILE needs to contain the HTTP header (made sure by invoker)
|
||||
# arg1: key=word to match
|
||||
# arg2: hint for fileout()
|
||||
# returns:
|
||||
# 0 if header not found
|
||||
# 1-n nr of headers found, then in HEADERVALUE the first value from key
|
||||
|
||||
detect_header() {
|
||||
local key="$1"
|
||||
local -i nr=0
|
||||
|
||||
nr=$(grep -Faciw "$key:" $HEADERFILE)
|
||||
if [[ $nr -eq 0 ]]; then
|
||||
HEADERVALUE=""
|
||||
return 0
|
||||
elif [[ $nr -eq 1 ]]; then
|
||||
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | sed 's/^.*://')
|
||||
return 1
|
||||
else
|
||||
pr_svrty_medium "misconfiguration: "
|
||||
pr_italic "$key"
|
||||
pr_svrty_medium " ${nr}x"
|
||||
out " -- checking first one "
|
||||
out "\n$spaces"
|
||||
# first awk matches the key, second extracts the from the first line the value, be careful with quotes here!
|
||||
HEADERVALUE=$(grep -Faiw "$key:" $HEADERFILE | sed 's/^.*://' | head -1)
|
||||
[[ $DEBUG -ge 2 ]] && pr_italic "$HEADERVALUE" && out "\n$spaces"
|
||||
fileout "$2""_multiple" "WARN" "Multiple $2 headers. Using first header: $HEADERVALUE"
|
||||
return $nr
|
||||
fi
|
||||
}
|
||||
# wir brauchen hier eine Funktion, die generell den Header detectiert
|
||||
|
||||
|
||||
includeSubDomains() {
|
||||
if grep -aiqw includeSubDomains "$1"; then
|
||||
pr_done_good ", includeSubDomains"
|
||||
@ -945,16 +989,16 @@ preload() {
|
||||
run_hsts() {
|
||||
local hsts_age_sec
|
||||
local hsts_age_days
|
||||
local spaces=" "
|
||||
|
||||
if [[ ! -s $HEADERFILE ]]; then
|
||||
run_http_header "$1" || return 3
|
||||
fi
|
||||
#pr_bold " HSTS "
|
||||
pr_bold " Strict Transport Security "
|
||||
grep -iaw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE
|
||||
if [[ $? -eq 0 ]]; then
|
||||
grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -waq "1" || out "(two HSTS header, using 1st one) "
|
||||
hsts_age_sec=$(sed -e 's/[^0-9]*//g' $TMPFILE | head -1)
|
||||
detect_header "Strict-Transport-Security" "HSTS"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "$HEADERVALUE" >$TMPFILE
|
||||
hsts_age_sec=$(sed -e 's/[^0-9]*//g' <<< $HEADERVALUE)
|
||||
debugme echo "hsts_age_sec: $hsts_age_sec"
|
||||
if [[ -n $hsts_age_sec ]]; then
|
||||
hsts_age_days=$(( hsts_age_sec / 86400))
|
||||
@ -977,15 +1021,16 @@ run_hsts() {
|
||||
if includeSubDomains "$TMPFILE"; then
|
||||
fileout "hsts_subdomains" "OK" "HSTS includes subdomains"
|
||||
else
|
||||
fileout "hsts_subdomains" "WARN" "HSTS only for this domain, consider to include subdomains as well"
|
||||
fileout "hsts_subdomains" "INFO" "HSTS only for this domain"
|
||||
fi
|
||||
if preload "$TMPFILE"; then
|
||||
fileout "hsts_preload" "OK" "HSTS domain is marked for preloading"
|
||||
else
|
||||
fileout "hsts_preload" "INFO" "HSTS domain is NOT marked for preloading"
|
||||
#FIXME: To be checked against preloading lists,
|
||||
# e.g. https://dxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSTSPreloadList.inc
|
||||
# https://chromium.googlesource.com/chromium/src/+/master/net/http/transport_security_state_static.json
|
||||
fi
|
||||
#FIXME: To be checked against e.g. https://dxr.mozilla.org/mozilla-central/source/security/manager/boot/src/nsSTSPreloadList.inc
|
||||
# and https://chromium.googlesource.com/chromium/src/+/master/net/http/transport_security_state_static.json
|
||||
else
|
||||
out "--"
|
||||
fileout "hsts" "NOT ok" "No support for HTTP Strict Transport Security"
|
||||
@ -1001,17 +1046,20 @@ run_hpkp() {
|
||||
local -i hpkp_age_sec
|
||||
local -i hpkp_age_days
|
||||
local -i hpkp_nr_keys
|
||||
local hpkp_key hpkp_key_hostcert
|
||||
local hpkp_spki hpkp_spki_hostcert
|
||||
local -a backup_spki
|
||||
local spaces=" "
|
||||
local key_found=false
|
||||
local spaces_indented=" "
|
||||
local certificate_found=false
|
||||
local i
|
||||
local hpkp_headers
|
||||
local first_hpkp_header
|
||||
local spki
|
||||
local ca_hashes="$TESTSSL_INSTALL_DIR/etc/ca_hashes.txt"
|
||||
|
||||
if [[ ! -s $HEADERFILE ]]; then
|
||||
run_http_header "$1" || return 3
|
||||
fi
|
||||
#pr_bold " HPKP "
|
||||
pr_bold " Public Key Pinning "
|
||||
egrep -aiw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE >$TMPFILE
|
||||
if [[ $? -eq 0 ]]; then
|
||||
@ -1030,7 +1078,7 @@ run_hpkp() {
|
||||
out "\n$spaces Examining first one: "
|
||||
first_hpkp_header=$(awk -F':' '/Public-Key-Pins/ { print $1 }' $HEADERFILE | head -1)
|
||||
pr_italic "$first_hpkp_header, "
|
||||
fileout "hpkp_multiple" "WARN" "Multiple HPKP headershpkp_headers. Using first header: $first_hpkp_header"
|
||||
fileout "hpkp_multiple" "WARN" "Multiple HPKP headers $hpkp_headers. Using first header: $first_hpkp_header"
|
||||
fi
|
||||
|
||||
# remove leading Public-Key-Pins*, any colons, double quotes and trailing spaces and taking the first -- whatever that is
|
||||
@ -1041,13 +1089,13 @@ run_hpkp() {
|
||||
tr ' ' '\n' < $TMPFILE.2 >$TMPFILE
|
||||
|
||||
hpkp_nr_keys=$(grep -ac pin-sha $TMPFILE)
|
||||
out "# of keys: "
|
||||
if [[ $hpkp_nr_keys -eq 1 ]]; then
|
||||
pr_svrty_high "1 (NOT ok), "
|
||||
fileout "hpkp_keys" "NOT ok" "Only one key pinned in HPKP header, this means the site may become unavailable if the key is revoked"
|
||||
pr_svrty_high "1 key (NOT ok), "
|
||||
fileout "hpkp_spkis" "HIGH" "Only one key pinned in HPKP header, this means the site may become unavailable if the key is revoked"
|
||||
else
|
||||
out "$hpkp_nr_keys, "
|
||||
fileout "hpkp_keys" "OK" "$hpkp_nr_keys keys pinned in HPKP header, additional keys are available if the current key is revoked"
|
||||
pr_done_good "$hpkp_nr_keys"
|
||||
out " keys, "
|
||||
fileout "hpkp_spkis" "OK" "$hpkp_nr_keys keys pinned in HPKP header, additional keys are available if the current key is revoked"
|
||||
fi
|
||||
|
||||
# print key=value pair with awk, then strip non-numbers, to be improved with proper parsing of key-value with awk
|
||||
@ -1073,33 +1121,155 @@ run_hpkp() {
|
||||
fileout "hpkp_preload" "INFO" "HPKP header is NOT marked for browser preloading"
|
||||
fi
|
||||
|
||||
# Get the SPKIs first
|
||||
spki=$(tr ';' '\n' < $TMPFILE | tr -d ' ' | tr -d '\"' | awk -F'=' '/pin.*=/ { print $2 }')
|
||||
debugme outln "\n$spki"
|
||||
|
||||
# Look at the host certificate first
|
||||
# get the key fingerprint from the host certificate
|
||||
if [[ ! -s "$HOSTCERT" ]]; then
|
||||
get_host_cert || return 1
|
||||
fi
|
||||
# get the key fingerprint from the host certificate
|
||||
hpkp_key_hostcert="$($OPENSSL x509 -in $HOSTCERT -pubkey -noout | grep -v PUBLIC | \
|
||||
|
||||
hpkp_spki_hostcert="$($OPENSSL x509 -in $HOSTCERT -pubkey -noout | grep -v PUBLIC | \
|
||||
$OPENSSL base64 -d | $OPENSSL dgst -sha256 -binary | $OPENSSL base64)"
|
||||
# compare it with the ones provided in the header
|
||||
while read hpkp_key; do
|
||||
if [[ "$hpkp_key_hostcert" == "$hpkp_key" ]] || [[ "$hpkp_key_hostcert" == "$hpkp_key=" ]]; then
|
||||
out "\n$spaces matching host key: "
|
||||
pr_done_good "$hpkp_key"
|
||||
fileout "hpkp_keymatch" "OK" "Key matches a key pinned in the HPKP header"
|
||||
key_found=true
|
||||
fi
|
||||
debugme out "\n $hpkp_key | $hpkp_key_hostcert"
|
||||
done < <(tr ';' '\n' < $TMPFILE | tr -d ' ' | tr -d '\"' | awk -F'=' '/pin.*=/ { print $2 }')
|
||||
if ! $key_found ; then
|
||||
out "\n$spaces"
|
||||
pr_svrty_high " No matching key for pins found "
|
||||
out "(CAs pinned? -- not checked for yet)"
|
||||
fileout "hpkp_keymatch" "DEBUG" "The TLS key does not match any key pinned in the HPKP header. If you pinned a CA key you can ignore this"
|
||||
hpkp_ca="$($OPENSSL x509 -in $HOSTCERT -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')"
|
||||
|
||||
# Get keys/hashes from intermediate certificates
|
||||
$OPENSSL s_client -showcerts $STARTTLS $BUGS $PROXY -showcerts -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||
# Place the server's certificate in $HOSTCERT and any intermediate
|
||||
# certificates that were provided in $TEMPDIR/intermediatecerts.pem
|
||||
# http://backreference.org/2010/05/09/ocsp-verification-with-openssl/
|
||||
awk -v n=-1 "/Certificate chain/ {start=1}
|
||||
/-----BEGIN CERTIFICATE-----/{ if (start) {inc=1; n++} }
|
||||
inc { print > (\"$TEMPDIR/level\" n \".crt\") }
|
||||
/---END CERTIFICATE-----/{ inc=0 }" $TMPFILE
|
||||
nrsaved=$(count_words "$(echo $TEMPDIR/level?.crt 2>/dev/null)")
|
||||
rm $TEMPDIR/level0.crt 2>/dev/null
|
||||
|
||||
printf ""> "$TEMPDIR/intermediate.hashes"
|
||||
if [[ nrsaved -ge 2 ]]; then
|
||||
for cert_fname in $TEMPDIR/level?.crt; do
|
||||
hpkp_spki_ca="$($OPENSSL x509 -in "$cert_fname" -pubkey -noout | grep -v PUBLIC | $OPENSSL base64 -d |
|
||||
$OPENSSL dgst -sha256 -binary | $OPENSSL enc -base64)"
|
||||
hpkp_name="$(get_cn_from_cert $cert_fname)"
|
||||
hpkp_ca="$($OPENSSL x509 -in $cert_fname -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')"
|
||||
[[ -n $hpkp_name ]] || hpkp_name=$($OPENSSL x509 -in "$cert_fname" -subject -noout | sed 's/^subject= //')
|
||||
echo "$hpkp_spki_ca $hpkp_name" >> "$TEMPDIR/intermediate.hashes"
|
||||
done
|
||||
fi
|
||||
|
||||
# This is where the matching magic starts, first host certificate, intermediate, then root out of the stores
|
||||
spki_match=false
|
||||
has_backup_spki=false
|
||||
i=0
|
||||
for hpkp_spki in $spki; do
|
||||
certificate_found=false
|
||||
# compare collected SPKIs against the host certificate
|
||||
if [[ "$hpkp_spki_hostcert" == "$hpkp_spki" ]] || [[ "$hpkp_spki_hostcert" == "$hpkp_spki=" ]]; then
|
||||
certificate_found=true # We have a match
|
||||
spki_match=true
|
||||
out "\n$spaces_indented Host cert: "
|
||||
pr_done_good "$hpkp_spki"
|
||||
fileout "hpkp_$hpkp_spki" "OK" "SPKI $hpkp_spki matches the host certificate"
|
||||
fi
|
||||
debugme out "\n $hpkp_spki | $hpkp_spki_hostcert"
|
||||
|
||||
# Check for intermediate match
|
||||
if ! "$certificate_found"; then
|
||||
hpkp_matches=$(grep "$hpkp_spki" $TEMPDIR/intermediate.hashes 2>/dev/null)
|
||||
if [[ -n $hpkp_matches ]]; then # hpkp_matches + hpkp_spki + '='
|
||||
# We have a match
|
||||
certificate_found=true
|
||||
spki_match=true
|
||||
out "\n$spaces_indented Sub CA: "
|
||||
pr_done_good "$hpkp_spki"
|
||||
ca_cn="$(sed "s/^[a-zA-Z0-9\+\/]*=* *//" <<< $"$hpkp_matches" )"
|
||||
pr_italic " $ca_cn"
|
||||
fileout "hpkp_$hpkp_spki" "OK" "SPKI $hpkp_spki matches Intermediate CA \"$ca_cn\" pinned in the HPKP header"
|
||||
fi
|
||||
fi
|
||||
|
||||
# we compare now against a precompiled list of SPKIs against the ROOT CAs we have in $ca_hashes
|
||||
if ! "$certificate_found"; then
|
||||
hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes | sort -u)
|
||||
if [[ -n $hpkp_matches ]]; then
|
||||
certificate_found=true # root CA found
|
||||
spki_match=true
|
||||
if [[ $(count_lines "$hpkp_matches") -eq 1 ]]; then
|
||||
# replace by awk
|
||||
match_ca=$(sed "s/[a-zA-Z0-9\+\/]*=* *//" <<< "$hpkp_matches")
|
||||
else
|
||||
match_ca=""
|
||||
|
||||
fi
|
||||
ca_cn="$(sed "s/^[a-zA-Z0-9\+\/]*=* *//" <<< $"$hpkp_matches" )"
|
||||
if [[ "$match_ca" == "$hpkp_ca" ]]; then # part of the chain
|
||||
out "\n$spaces_indented Root CA: "
|
||||
pr_done_good "$hpkp_spki"
|
||||
pr_italic " $ca_cn"
|
||||
fileout "hpkp_$hpkp_spki" "INFO" "SPKI $hpkp_spki matches Root CA \"$ca_cn\" pinned in the HPKP header. (Root CA part of the chain)"
|
||||
else # not part of chain
|
||||
match_ca=""
|
||||
has_backup_spki=true # Root CA outside the chain --> we save it for unmatched
|
||||
fileout "hpkp_$hpkp_spki" "INFO" "SPKI $hpkp_spki matches Root CA \"$ca_cn\" pinned in the HPKP header. (Root backup SPKI)"
|
||||
backup_spki[i]="$(strip_lf "$hpkp_spki")" # save it for later
|
||||
backup_spki_str[i]="$ca_cn" # also the name=CN of the root CA
|
||||
i=$((i + 1))
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# still no success --> it's probably a backup SPKI
|
||||
if ! "$certificate_found"; then
|
||||
# Most likely a backup SPKI, unfortunately we can't tell for what it is: host, intermediates
|
||||
has_backup_spki=true
|
||||
backup_spki[i]="$(strip_lf "$hpkp_spki")" # save it for later
|
||||
backup_spki_str[i]="" # no root ca
|
||||
i=$((i + 1))
|
||||
fileout "hpkp_$hpkp_spki" "INFO" "SPKI $hpkp_spki doesn't match anything. This is ok for a backup for any certificate"
|
||||
# CSV/JSON output here for the sake of simplicity, rest we do en bloc below
|
||||
fi
|
||||
done
|
||||
|
||||
# now print every backup spki out we saved before
|
||||
out "\n$spaces_indented Backups: "
|
||||
|
||||
# for i=0 manually do the same as below as there's other indentation here
|
||||
if [[ -n "${backup_spki_str[0]}" ]]; then
|
||||
pr_done_good "${backup_spki[0]}"
|
||||
#out " Root CA: "
|
||||
pr_italicln " ${backup_spki_str[0]}"
|
||||
else
|
||||
outln "${backup_spki[0]}"
|
||||
fi
|
||||
# now for i=1
|
||||
for ((i=1; i < ${#backup_spki[@]} ;i++ )); do
|
||||
if [[ -n "${backup_spki_str[i]}" ]]; then
|
||||
# it's a Root CA outside the chain
|
||||
pr_done_good "$spaces_indented ${backup_spki[i]}"
|
||||
#out " Root CA: "
|
||||
pr_italicln " ${backup_spki_str[i]}"
|
||||
else
|
||||
outln "$spaces_indented ${backup_spki[i]}"
|
||||
fi
|
||||
done
|
||||
|
||||
# If all else fails...
|
||||
if ! "$spki_match"; then
|
||||
"$has_backup_spki" && out "$spaces" # we had a few lines with backup SPKIs already
|
||||
pr_svrty_highln " No matching key for SPKI found "
|
||||
fileout "hpkp_spkimatch" "HIGH" "None of the SPKI match your host certificate, intermediate CA or known root CAs. You may have bricked this site"
|
||||
fi
|
||||
|
||||
if ! "$has_backup_spki"; then
|
||||
pr_svrty_highln " No backup keys found. Loss/compromise of the currently pinned key(s) will lead to bricked site. "
|
||||
fileout "hpkp_backup" "HIGH" "No backup keys found. Loss/compromise of the currently pinned key(s) will lead to bricked site."
|
||||
fi
|
||||
else
|
||||
out "--"
|
||||
outln "--"
|
||||
fileout "hpkp" "INFO" "No support for HTTP Public Key Pinning"
|
||||
fi
|
||||
outln
|
||||
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
return $?
|
||||
@ -1236,7 +1406,7 @@ run_application_banner() {
|
||||
return 0
|
||||
}
|
||||
|
||||
run_cookie_flags() { # ARG1: Path, ARG2: path
|
||||
run_cookie_flags() { # ARG1: Path
|
||||
local -i nr_cookies
|
||||
local nr_httponly nr_secure
|
||||
local negative_word
|
||||
@ -1260,7 +1430,7 @@ run_cookie_flags() { # ARG1: Path, ARG2: path
|
||||
grep -ai '^Set-Cookie' $HEADERFILE >$TMPFILE
|
||||
if [[ $? -eq 0 ]]; then
|
||||
nr_cookies=$(count_lines "$TMPFILE")
|
||||
out "$nr_cookies issued:"
|
||||
out "$nr_cookies issued: "
|
||||
fileout "cookie_count" "INFO" "$nr_cookies cookie(s) issued at \"$1\"$msg302_"
|
||||
if [[ $nr_cookies -gt 1 ]]; then
|
||||
negative_word="NONE"
|
||||
@ -1312,50 +1482,44 @@ run_more_flags() {
|
||||
if [[ ! -s $HEADERFILE ]]; then
|
||||
run_http_header "$1" || return 3
|
||||
fi
|
||||
|
||||
pr_bold " Security headers "
|
||||
# convert spaces to | (for egrep)
|
||||
egrep_pattern=$(echo "$good_flags2test $other_flags2test"| sed -e 's/ /|\^/g' -e 's/^/\^/g')
|
||||
egrep -ai "$egrep_pattern" $HEADERFILE >$TMPFILE
|
||||
if [[ $? -ne 0 ]]; then
|
||||
outln "--"
|
||||
fileout "sec_headers" "WARN" "No security (or other interesting) headers detected"
|
||||
ret=1
|
||||
else
|
||||
ret=0
|
||||
for f2t in $good_flags2test; do
|
||||
debugme echo "---> $f2t"
|
||||
result_str=$(grep -wi "^$f2t" $TMPFILE | grep -vi "$f2t"-)
|
||||
result_str=$(strip_lf "$result_str")
|
||||
[[ -z "$result_str" ]] && continue
|
||||
for f2t in $good_flags2test; do
|
||||
debugme echo "---> $f2t"
|
||||
detect_header $f2t $f2t
|
||||
if [[ $? -ge 1 ]]; then
|
||||
if ! "$first"; then
|
||||
out "$spaces" # output leading spaces if the first header
|
||||
else
|
||||
first=false
|
||||
fi
|
||||
# extract and print key(=flag) in green:
|
||||
pr_done_good "${result_str%%:*}:"
|
||||
#pr_done_good "$(sed 's/:.*$/:/' <<< "$result_str")"
|
||||
# print value in plain text:
|
||||
outln "${result_str#*:}"
|
||||
fileout "${result_str%%:*}" "OK" "${result_str%%:*}: ${result_str#*:}"
|
||||
done
|
||||
# now the same with other flags
|
||||
for f2t in $other_flags2test; do
|
||||
result_str=$(grep -i "^$f2t" $TMPFILE)
|
||||
[[ -z "$result_str" ]] && continue
|
||||
if ! $first; then
|
||||
pr_done_good "$f2t"; outln "$HEADERVALUE"
|
||||
fileout "$f2t" "OK" "$f2t: $HEADERVALUE"
|
||||
fi
|
||||
done
|
||||
|
||||
for f2t in $other_flags2test; do
|
||||
debugme echo "---> $f2t"
|
||||
detect_header $f2t $f2t
|
||||
if [[ $? -ge 1 ]]; then
|
||||
if ! "$first"; then
|
||||
out "$spaces" # output leading spaces if the first header
|
||||
else
|
||||
first=false
|
||||
fi
|
||||
# extract and print key(=flag) underlined
|
||||
pr_litecyan "${result_str%%:*}:"
|
||||
# print value in plain text:
|
||||
outln "${result_str#*:}"
|
||||
fileout "${result_str%%:*}" "WARN" "${result_str%%:*}: ${result_str#*:}"
|
||||
done
|
||||
pr_litecyan "$f2t"; outln "$HEADERVALUE"
|
||||
fileout "$f2t" "WARN" "$f2t: $HEADERVALUE"
|
||||
fi
|
||||
done
|
||||
#TODO: I am not testing for the correctness or anything stupid yet, e.g. "X-Frame-Options: allowall" or Access-Control-Allow-Origin: *
|
||||
|
||||
if "$first"; then
|
||||
pr_svrty_mediumln "--"
|
||||
fileout "sec_headers" "MEDIUM" "No security (or other interesting) headers detected"
|
||||
ret=1
|
||||
else
|
||||
ret=0
|
||||
fi
|
||||
#TODO: I am not testing for the correctness or anything stupid yet, e.g. "X-Frame-Options: allowall"
|
||||
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
return $ret
|
||||
@ -1560,11 +1724,9 @@ rfc2openssl() {
|
||||
|
||||
|
||||
show_rfc_style(){
|
||||
[[ -z "$ADD_RFC_STR" ]] && return 1
|
||||
#[[ -z "$1" ]] && return 0
|
||||
|
||||
local rfcname="" hexcode
|
||||
local -i i
|
||||
|
||||
hexcode="$(toupper "$1")"
|
||||
case ${#hexcode} in
|
||||
3) hexcode="0x00,0x${hexcode:1:2}" ;;
|
||||
@ -1592,7 +1754,7 @@ neat_header(){
|
||||
# arg4: encryption (maybe included "export")
|
||||
neat_list(){
|
||||
local hexcode="$1"
|
||||
local ossl_cipher="$2"
|
||||
local ossl_cipher="$2" tls_cipher=""
|
||||
local kx enc strength
|
||||
|
||||
kx="${3//Kx=/}"
|
||||
@ -1606,6 +1768,8 @@ neat_list(){
|
||||
|
||||
echo "$export" | grep -iq export && strength="$strength,exp"
|
||||
|
||||
[[ -n "$ADD_RFC_STR" ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
||||
|
||||
#printf -- "%q" "$kx" | xxd | head -1
|
||||
# length correction for color escape codes (printf counts the escape color codes!!)
|
||||
if printf -- "%q" "$kx" | egrep -aq '.;3.m|E\[1m' ; then # here's a color code which screws up the formatting with printf below
|
||||
@ -1618,7 +1782,7 @@ neat_list(){
|
||||
done
|
||||
fi
|
||||
#echo "${#kx}" # should be always 20 / 13
|
||||
printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$(show_rfc_style "$hexcode")"
|
||||
printf -- " %-7s %-33s %-10s %-10s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher"
|
||||
}
|
||||
|
||||
test_just_one(){
|
||||
@ -2986,7 +3150,6 @@ run_protocols() {
|
||||
local latest_supported="" # version.major and version.minor of highest version supported by the server.
|
||||
local detected_version_string latest_supported_string
|
||||
local lines nr_ciphers_detected
|
||||
local extra_spaces=" "
|
||||
|
||||
outln; pr_headline " Testing protocols "
|
||||
|
||||
@ -3008,7 +3171,7 @@ run_protocols() {
|
||||
fi
|
||||
outln
|
||||
|
||||
pr_bold " SSLv2 $extra_spaces";
|
||||
pr_bold " SSLv2 ";
|
||||
if ! "$SSL_NATIVE"; then
|
||||
sslv2_sockets
|
||||
case $? in
|
||||
@ -3042,7 +3205,6 @@ run_protocols() {
|
||||
fi
|
||||
fi ;;
|
||||
esac
|
||||
pr_off
|
||||
debugme outln
|
||||
else
|
||||
run_prototest_openssl "-ssl2"
|
||||
@ -3067,7 +3229,7 @@ run_protocols() {
|
||||
esac
|
||||
fi
|
||||
|
||||
pr_bold " SSLv3 $extra_spaces";
|
||||
pr_bold " SSLv3 ";
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "00" "$TLS_CIPHER"
|
||||
else
|
||||
@ -3106,7 +3268,7 @@ run_protocols() {
|
||||
;; # no local support
|
||||
esac
|
||||
|
||||
pr_bold " TLS 1 $extra_spaces";
|
||||
pr_bold " TLS 1 ";
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "01" "$TLS_CIPHER"
|
||||
else
|
||||
@ -3155,7 +3317,7 @@ run_protocols() {
|
||||
;; # no local support
|
||||
esac
|
||||
|
||||
pr_bold " TLS 1.1 $extra_spaces";
|
||||
pr_bold " TLS 1.1 ";
|
||||
if "$using_sockets"; then
|
||||
tls_sockets "02" "$TLS_CIPHER"
|
||||
else
|
||||
@ -3207,8 +3369,8 @@ run_protocols() {
|
||||
;; # no local support
|
||||
esac
|
||||
|
||||
pr_bold " TLS 1.2 $extra_spaces";
|
||||
if "$using_sockets" ; then
|
||||
pr_bold " TLS 1.2 ";
|
||||
if "$using_sockets" && "$EXPERIMENTAL"; then #TODO: IIS servers do have a problem here with our handshake
|
||||
tls_sockets "03" "$TLS12_CIPHER"
|
||||
else
|
||||
run_prototest_openssl "-tls1_2"
|
||||
@ -3261,55 +3423,6 @@ run_protocols() {
|
||||
fileout "tls1_2" "INFO" "TLSv1.2 is not tested due to lack of local support"
|
||||
;; # no local support
|
||||
esac
|
||||
|
||||
# Testing version negotiation. RFC 5246, Appendix E.1, states:
|
||||
#
|
||||
# If a TLS server receives a ClientHello containing a version number
|
||||
# greater than the highest version supported by the server, it MUST
|
||||
# reply according to the highest version supported by the server.
|
||||
if [[ -n $latest_supported ]] && "$using_sockets"; then
|
||||
pr_bold " Version tolerance "
|
||||
tls_sockets "05" "$TLS12_CIPHER"
|
||||
case $? in
|
||||
0)
|
||||
pr_svrty_criticalln "server claims support for non-existent TLSv1.4"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Server claims support for non-existent TLSv1.4 (NOT ok)"
|
||||
;;
|
||||
1)
|
||||
pr_svrty_criticalln "version negotiation did not work -- connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Version negotiation did not work -- connection failed rather than downgrading to $latest_supported_string (NOT ok)"
|
||||
;;
|
||||
2)
|
||||
case $DETECTED_TLS_VERSION in
|
||||
0304)
|
||||
pr_svrty_criticalln "server claims support for TLSv1.3, which is still a working draft (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Server claims support for TLSv1.3, which is still a working draft (NOT ok)"
|
||||
;;
|
||||
0303|0302|0301|0300)
|
||||
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
|
||||
detected_version_string="SSLv3"
|
||||
else
|
||||
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
|
||||
fi
|
||||
if [[ 0x$DETECTED_TLS_VERSION -lt 0x$latest_supported ]]; then
|
||||
pr_svrty_criticalln "server supports $latest_supported_string, but downgraded to $detected_version_string (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Downgraded to $detected_version_string rather than $latest_supported_string (NOT ok)"
|
||||
else
|
||||
pr_done_bestln "downgraded to $detected_version_string (OK)"
|
||||
fileout "TLS Version Negotiation" "OK" "Downgraded to $detected_version_string"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
pr_svrty_criticalln "server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "TLSv1.4: server responded with version number ${DETECTED_TLS_VERSION:0:2}.${DETECTED_TLS_VERSION:2:2} (NOT ok)"
|
||||
;;
|
||||
esac ;;
|
||||
5)
|
||||
pr_svrty_criticalln "server claims support for non-existent TLSv1.4 (NOT ok)"
|
||||
fileout "TLS Version Negotiation" "NOT ok" "Server claims support for non-existent TLSv1.4 (NOT ok)"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
@ -3848,7 +3961,7 @@ determine_trust() {
|
||||
local all_ok=true
|
||||
local some_ok=false
|
||||
local code
|
||||
local ca_bundles="$INSTALL_DIR/etc/*.pem"
|
||||
local ca_bundles=""
|
||||
local spaces=" "
|
||||
local -i certificates_provided=1+$(grep -c "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TEMPDIR/intermediatecerts.pem)
|
||||
local addtl_warning
|
||||
@ -3864,6 +3977,13 @@ determine_trust() {
|
||||
fileout "${json_prefix}chain_of_trust_warn" "WARN" "$addtl_warning"
|
||||
fi
|
||||
debugme outln
|
||||
|
||||
# if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES
|
||||
if [[ -z $CA_BUNDLES_PATH ]]; then
|
||||
ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem"
|
||||
else
|
||||
ca_bundles="$CA_BUNDLES_PATH/*.pem"
|
||||
fi
|
||||
for bundle_fname in $ca_bundles; do
|
||||
certificate_file[i]=$(basename ${bundle_fname//.pem})
|
||||
if [[ ! -r $bundle_fname ]]; then
|
||||
@ -5143,7 +5263,7 @@ run_pfs() {
|
||||
|
||||
|
||||
spdy_pre(){
|
||||
if [[ -n "$STARTTLS" ]]; then
|
||||
if [[ -n "$STARTTLS" ]] || [[ "$SERVICE" != HTTP ]]; then
|
||||
[[ -n "$1" ]] && out "$1"
|
||||
out "(SPDY is an HTTP protocol and thus not tested here)"
|
||||
fileout "spdy_npn" "INFO" "SPDY/NPN : (SPY is an HTTP protocol and thus not tested here)"
|
||||
@ -5164,7 +5284,7 @@ spdy_pre(){
|
||||
}
|
||||
|
||||
http2_pre(){
|
||||
if [[ -n "$STARTTLS" ]]; then
|
||||
if [[ -n "$STARTTLS" ]] || [[ "$SERVICE" != HTTP ]]; then
|
||||
[[ -n "$1" ]] && out "$1"
|
||||
outln "(HTTP/2 is a HTTP protocol and thus not tested here)"
|
||||
fileout "https_alpn" "INFO" "HTTP2/ALPN : HTTP/2 is and HTTP protocol and thus not tested"
|
||||
@ -5187,9 +5307,8 @@ http2_pre(){
|
||||
run_spdy() {
|
||||
local tmpstr
|
||||
local -i ret=0
|
||||
local extra_spaces=" "
|
||||
|
||||
pr_bold " SPDY/NPN $extra_spaces"
|
||||
pr_bold " SPDY/NPN "
|
||||
if ! spdy_pre ; then
|
||||
outln
|
||||
return 0
|
||||
@ -5226,9 +5345,8 @@ run_http2() {
|
||||
local -i ret=0
|
||||
local had_alpn_proto=false
|
||||
local alpn_finding=""
|
||||
local extra_spaces=" "
|
||||
|
||||
pr_bold " HTTP2/ALPN $extra_spaces"
|
||||
pr_bold " HTTP2/ALPN "
|
||||
if ! http2_pre ; then
|
||||
outln
|
||||
return 0
|
||||
@ -5985,9 +6103,9 @@ parse_tls_serverhello() {
|
||||
fi
|
||||
echo "===============================================================================" >> $TMPFILE
|
||||
if [[ "${tls_cipher_suite:0:2}" == "00" ]]; then
|
||||
echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:2:2}"))" >> $TMPFILE
|
||||
echo "Cipher : $(show_rfc_style "x${tls_cipher_suite:2:2}")" >> $TMPFILE
|
||||
else
|
||||
echo "Cipher : $(strip_spaces $(show_rfc_style "x${tls_cipher_suite:0:4}"))" >> $TMPFILE
|
||||
echo "Cipher : $(show_rfc_style "x${tls_cipher_suite:0:4}")" >> $TMPFILE
|
||||
fi
|
||||
echo "===============================================================================" >> $TMPFILE
|
||||
|
||||
@ -6793,9 +6911,13 @@ run_renego() {
|
||||
echo R | $OPENSSL s_client $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $addcmd $PROXY >$TMPFILE 2>>$ERRFILE
|
||||
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
||||
case "$sec_client_renego" in
|
||||
0)
|
||||
pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
||||
fileout "sec_client_renego" "NOT ok" "Secure Client-Initiated Renegotiation : VULNERABLE (NOT ok), DoS threat"
|
||||
0) if [[ $SERVICE == "HTTP" ]]; then
|
||||
pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
||||
fileout "sec_client_renego" "WARN" "Secure Client-Initiated Renegotiation : VULNERABLE (NOT ok), DoS threat"
|
||||
else
|
||||
pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
|
||||
fileout "sec_client_renego" "MEDIUM" "Secure Client-Initiated Renegotiation : VULNERABLE (NOT ok), potential DoS threat"
|
||||
fi
|
||||
;;
|
||||
1)
|
||||
pr_done_goodln "not vulnerable (OK)"
|
||||
@ -6803,7 +6925,7 @@ run_renego() {
|
||||
;;
|
||||
*)
|
||||
pr_warningln "FIXME (bug): $sec_client_renego"
|
||||
fileout "sec_client_renego" "WARN" "Secure Client-Initiated Renegotiation : FIXME (bug) $sec_client_renego - Please report"
|
||||
fileout "sec_client_renego" "DEBUG" "Secure Client-Initiated Renegotiation : FIXME (bug) $sec_client_renego - Please report"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
@ -7508,42 +7630,42 @@ old_fart() {
|
||||
fatal "Your $OPENSSL $OSSL_VER version is an old fart... . It doesn\'t make much sense to proceed." -5
|
||||
}
|
||||
|
||||
# try very hard to determine the install path
|
||||
# FIXME: mapping-rfc.txt no longer used. Need another method to determine install path
|
||||
# try very hard to determine the install path to get ahold of the mapping file and the CA bundles
|
||||
# TESTSSL_INSTALL_DIR can be supplied via environment so that the RFC mapping and CA bundles can be found
|
||||
# (mapping file provides "keycode/ RFC style name", see RFCs, cipher(1),
|
||||
# www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
||||
get_install_dir() {
|
||||
local mapping_file_rfc=""
|
||||
#INSTALL_DIR=$(cd "$(dirname "$0")" && pwd)/$(basename "$0")
|
||||
INSTALL_DIR=$(dirname ${BASH_SOURCE[0]})
|
||||
[[ -z "$TESTSSL_INSTALL_DIR" ]] && TESTSSL_INSTALL_DIR="$(dirname ${BASH_SOURCE[0]})"
|
||||
|
||||
[[ -r "$RUN_DIR/etc/mapping-rfc.txt" ]] && mapping_file_rfc="$RUN_DIR/etc/mapping-rfc.txt"
|
||||
[[ -r "$INSTALL_DIR/etc/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/etc/mapping-rfc.txt"
|
||||
if [[ ! -r "$mapping_file_rfc" ]]; then
|
||||
[[ -r "$RUN_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$RUN_DIR/etc/mapping-rfc.txt"
|
||||
[[ -r "$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt"
|
||||
if [[ ! -r "$MAPPING_FILE_RFC" ]]; then
|
||||
# those will disapper:
|
||||
[[ -r "$RUN_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$RUN_DIR/mapping-rfc.txt"
|
||||
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/mapping-rfc.txt"
|
||||
[[ -r "$RUN_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$RUN_DIR/mapping-rfc.txt"
|
||||
[[ -r "$TESTSSL_INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/mapping-rfc.txt"
|
||||
fi
|
||||
|
||||
# we haven't found the mapping file yet...
|
||||
if [[ ! -r "$mapping_file_rfc" ]] && which readlink &>/dev/null ; then
|
||||
readlink -f ls &>/dev/null && \
|
||||
INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \
|
||||
INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]}))
|
||||
TESTSSL_INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \
|
||||
TESTSSL_INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]}))
|
||||
# not sure whether Darwin has -f
|
||||
INSTALL_DIR=$(dirname $INSTALL_DIR 2>/dev/null)
|
||||
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/mapping-rfc.txt"
|
||||
[[ -r "$INSTALL_DIR/etc/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/etc/mapping-rfc.txt"
|
||||
TESTSSL_INSTALL_DIR=$(dirname $TESTSSL_INSTALL_DIR 2>/dev/null)
|
||||
[[ -r "$TESTSSL_INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/mapping-rfc.txt"
|
||||
[[ -r "$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt"
|
||||
# will disappear:
|
||||
fi
|
||||
|
||||
# still no mapping file:
|
||||
if [[ ! -r "$mapping_file_rfc" ]] && which realpath &>/dev/null ; then
|
||||
INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]}))
|
||||
mapping_file_rfc="$INSTALL_DIR/etc/mapping-rfc.txt"
|
||||
if [[ ! -r "$MAPPING_FILE_RFC" ]] && which realpath &>/dev/null ; then
|
||||
TESTSSL_INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]}))
|
||||
MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/etc/mapping-rfc.txt"
|
||||
# will disappear
|
||||
[[ -r "$INSTALL_DIR/mapping-rfc.txt" ]] && mapping_file_rfc="$INSTALL_DIR/mapping-rfc.txt"
|
||||
[[ -r "$TESTSSL_INSTALL_DIR/mapping-rfc.txt" ]] && MAPPING_FILE_RFC="$TESTSSL_INSTALL_DIR/mapping-rfc.txt"
|
||||
fi
|
||||
|
||||
[[ ! -r "$mapping_file_rfc" ]] && unset mapping_file_rfc && unset ADD_RFC_STR && pr_warningln "\nNo mapping file found"
|
||||
[[ ! -r "$mapping_file_rfc" ]] && pr_warningln "\nNo mapping file found"
|
||||
debugme echo "$mapping_file_rfc"
|
||||
}
|
||||
|
||||
@ -7688,7 +7810,6 @@ check4openssl_oldfarts() {
|
||||
outln
|
||||
}
|
||||
|
||||
|
||||
# FreeBSD needs to have /dev/fd mounted. This is a friendly hint, see #258
|
||||
check_bsd_mount() {
|
||||
if [[ "$(uname)" == FreeBSD ]]; then
|
||||
@ -7702,7 +7823,6 @@ check_bsd_mount() {
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
help() {
|
||||
cat << EOF
|
||||
|
||||
@ -7751,6 +7871,7 @@ special invocations:
|
||||
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
|
||||
--ip <ip> a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
|
||||
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
|
||||
-n, --nodns do not try any DNS lookup
|
||||
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance.
|
||||
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"
|
||||
|
||||
@ -7762,7 +7883,7 @@ partly mandatory parameters:
|
||||
|
||||
tuning options (can also be preset via environment variables):
|
||||
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
|
||||
--assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
||||
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
||||
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
||||
--openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME)
|
||||
--proxy <host>:<port> connect via the specified HTTP proxy
|
||||
@ -7852,7 +7973,7 @@ HAS_XMPP: $HAS_XMPP
|
||||
|
||||
PATH: $PATH
|
||||
PROG_NAME: $PROG_NAME
|
||||
INSTALL_DIR: $INSTALL_DIR
|
||||
TESTSSL_INSTALL_DIR: $TESTSSL_INSTALL_DIR
|
||||
RUN_DIR: $RUN_DIR
|
||||
|
||||
CAPATH: $CAPATH
|
||||
@ -7866,7 +7987,7 @@ HAS_SED_E: $HAS_SED_E
|
||||
|
||||
SHOW_EACH_C: $SHOW_EACH_C
|
||||
SSL_NATIVE: $SSL_NATIVE
|
||||
ASSUMING_HTTP $ASSUMING_HTTP
|
||||
ASSUME_HTTP $ASSUME_HTTP
|
||||
SNEAKY: $SNEAKY
|
||||
|
||||
DEBUG: $DEBUG
|
||||
@ -8547,6 +8668,7 @@ get_a_record() {
|
||||
local cname_temp=""
|
||||
local saved_openssl_conf="$OPENSSL_CONF"
|
||||
|
||||
"$NODNS" && return 0 # if no DNS lookup was instructed, leave here
|
||||
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
|
||||
if [[ "$NODE" == *.local ]]; then
|
||||
if which avahi-resolve &>/dev/null; then
|
||||
@ -8589,6 +8711,7 @@ get_aaaa_record() {
|
||||
local ip6=""
|
||||
local saved_openssl_conf="$OPENSSL_CONF"
|
||||
|
||||
"$NODNS" && return 0 # if no DNS lookup was instructed, leave here
|
||||
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
|
||||
if [[ -z "$ip6" ]]; then
|
||||
if [[ "$NODE" == *.local ]]; then
|
||||
@ -8661,9 +8784,10 @@ determine_ip_addresses() {
|
||||
|
||||
determine_rdns() {
|
||||
local saved_openssl_conf="$OPENSSL_CONF"
|
||||
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
|
||||
local nodeip="$(tr -d '[]' <<< $NODEIP)" # for DNS we do not need the square brackets of IPv6 addresses
|
||||
|
||||
"$NODNS" && rDNS="--" && return 0
|
||||
OPENSSL_CONF="" # see https://github.com/drwetter/testssl.sh/issues/134
|
||||
if [[ "$NODE" == *.local ]]; then
|
||||
if which avahi-resolve &>/dev/null; then
|
||||
rDNS=$(avahi-resolve -a $nodeip 2>/dev/null | awk '{ print $2 }')
|
||||
@ -8839,10 +8963,10 @@ determine_service() {
|
||||
ua="$UA_SNEAKY" || \
|
||||
ua="$UA_STD"
|
||||
GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
||||
HEAD_REQ11="HEAD $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
|
||||
GET_REQ10="GET $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
||||
HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
|
||||
runs_HTTP $OPTIMAL_PROTO
|
||||
#HEAD_REQ11="HEAD $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
|
||||
#GET_REQ10="GET $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
||||
#HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
|
||||
service_detection $OPTIMAL_PROTO
|
||||
else
|
||||
# STARTTLS
|
||||
protocol=${1%s} # strip trailing 's' in ftp(s), smtp(s), pop3(s), etc
|
||||
@ -9162,6 +9286,9 @@ parse_cmd_line() {
|
||||
CMDLINE_IP=$(parse_opt_equal_sign "$1" "$2")
|
||||
[[ $? -eq 0 ]] && shift
|
||||
;;
|
||||
-n|--nodns)
|
||||
NODNS=true
|
||||
;;
|
||||
-V|-V=*|--local|--local=*) # attention, this could have a value or not!
|
||||
do_display_only=true
|
||||
PATTERN2SHOW="$(parse_opt_equal_sign "$1" "$2")"
|
||||
@ -9312,7 +9439,7 @@ parse_cmd_line() {
|
||||
WIDE=true
|
||||
;;
|
||||
--assuming[_-]http|--assume[-_]http)
|
||||
ASSUMING_HTTP=true
|
||||
ASSUME_HTTP=true
|
||||
;;
|
||||
--sneaky)
|
||||
SNEAKY=true
|
||||
@ -9613,4 +9740,4 @@ fi
|
||||
exit $?
|
||||
|
||||
|
||||
# $Id: testssl.sh,v 1.549 2016/09/26 19:47:56 dirkw Exp $
|
||||
# $Id: testssl.sh,v 1.559 2016/10/15 20:55:22 dirkw Exp $
|
||||
|
48
utils/create_ca_hashes.sh
Executable file
48
utils/create_ca_hashes.sh
Executable file
@ -0,0 +1,48 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# vim:ts=5:sw=5:expandtab
|
||||
# we have a spaces softtab, that ensures readability with other editors too
|
||||
|
||||
# This file generates the file etc/ca_hashes.txt from the (root)certificate
|
||||
# Bundles in etc (etc/*.pem)
|
||||
|
||||
TEMPDIR="/tmp"
|
||||
OPENSSL="bin/openssl.Darwin.x86_64 "
|
||||
|
||||
# Check if we are in the right directory
|
||||
if [[ ! -e etc ]]; then
|
||||
echo "Please run this script from the base directory of the testssl.sh project"
|
||||
exit 99
|
||||
fi
|
||||
|
||||
echo "Extracting private key hashes from CA bundles"
|
||||
echo -n > "$TEMPDIR/cahashes"
|
||||
for bundle_fname in etc/*.pem; do
|
||||
if [[ ! -r $bundle_fname ]]; then
|
||||
echo "\"$bundle_fname\" cannot be found / not readable"
|
||||
exit 99
|
||||
fi
|
||||
bundle_name=$(echo -n $bundle_fname|sed s/^etc\\///|sed 's/\.pem$//')
|
||||
echo "CA Bundle: $bundle_name"
|
||||
# Split up the certificate bundle
|
||||
awk -v n=-1 "BEGIN {start=1}
|
||||
/-----BEGIN CERTIFICATE-----/{ if (start) {inc=1; n++} }
|
||||
inc { print >> (\"$TEMPDIR/$bundle_name.\" n \".$$.crt\") ; close (\"$TEMPDIR/$bundle_name.\" n \".$$.crt\") }
|
||||
/---END CERTIFICATE-----/{ inc=0 }" $bundle_fname
|
||||
for cert_fname in $TEMPDIR/$bundle_name.*.$$.crt; do
|
||||
echo -n "."
|
||||
hpkp_key_ca="$( ( $OPENSSL x509 -in "$cert_fname" -pubkey -noout | grep -v PUBLIC | $OPENSSL base64 -d |
|
||||
$OPENSSL dgst -sha256 -binary | $OPENSSL enc -base64 ) 2>/dev/null )"
|
||||
hpkp_name=$( $OPENSSL x509 -in "$cert_fname" -subject -noout 2>/dev/null | sed "s/^subject= //")
|
||||
if [[ $(echo $hpkp_name|grep 'CN='|wc -l) -eq 1 ]]; then
|
||||
hpkp_name=$(echo -n $hpkp_name|sed 's/^.*CN=//'|sed 's/\/.*$//')
|
||||
fi
|
||||
echo "$hpkp_key_ca $hpkp_name" >> "$TEMPDIR/cahashes"
|
||||
done
|
||||
echo
|
||||
done
|
||||
|
||||
# Make a backup first
|
||||
cp etc/ca_hashes.txt etc/ca_hashes.txt.bak
|
||||
|
||||
sort -u "$TEMPDIR/cahashes" > etc/ca_hashes.txt
|
@ -229,4 +229,4 @@ exit 0
|
||||
# 74.116.0.167 147.237.80.2 85.92.77.27
|
||||
|
||||
# vim:tw=110:ts=5:sw=5
|
||||
# $Id: prototype.ssl2proto-check.bash,v 1.9 2015/01/07 22:56:22 dirkw Exp $
|
||||
# $Id: prototype.ssl2proto-check.bash,v 1.10 2015/09/25 19:02:24 dirkw Exp $
|
||||
|
Loading…
Reference in New Issue
Block a user