]> git.saurik.com Git - apple/security.git/blob - certificates/EVRoots/evroot.config
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.30.12.tar.gz
[apple/security.git] / certificates / EVRoots / evroot.config
1 # ------------------------------------------------------------------------------
2 # Extended Validation CA Policy OIDs
3 # Last updated: 19 Aug 2014, MKC/KCM
4 #
5 # Each uncommented non-empty line contains a mapping from a CA-defined EV OID
6 # to the certificate file(s) in ./roots which are authoritative for that OID.
7 # These lines are processed by the buildEVRoots script to generate the plist.
8 #
9
10 # Actalis
11 # source: <rdar://problem/15836617>, <snrx://602642711>
12 # confirmed by http://portal.actalis.it/cms/translations/en/actalis/Info/Solutions/Documents/ActalisCA_Audit_Statement.pdf
13 #
14 # (1.3.159.1.17.1) = 06062B811F011101
15 #
16 # roots: Actalis Authentication Root CA.cer
17 #
18 1.3.159.1.17.1 "Actalis Authentication Root CA.cer"
19
20
21 # AffirmTrust
22 # source: <rdar://problem/7824821>
23 # confirmed by http://www.affirmtrust.com/images/AffirmTrust_CPS_v1.1_12-23-2010.pdf
24 #
25 # (1.3.6.1.4.1.34697.2.1) =
26 #
27 # roots: AffirmTrust-Commercial.der, AffirmTrust-Networking.der, AffirmTrust-Premium.der, AffirmTrust-Premium-ECC.der
28 #
29 1.3.6.1.4.1.34697.2.1 "AffirmTrust-Commercial.der"
30 1.3.6.1.4.1.34697.2.2 "AffirmTrust-Networking.der"
31 1.3.6.1.4.1.34697.2.3 "AffirmTrust-Premium.der"
32 1.3.6.1.4.1.34697.2.4 "AffirmTrust-Premium-ECC.der"
33
34
35 # Buypass (Norway)
36 # TestURL: https://valid.evident.ca23.ssl.buypass.no/
37 # TestURL: https://valid.evident.ca13.ssl.buypass.no
38 # source: <sonr://Request/66633590>
39 # confirmed by https://cert.webtrust.org/ViewSeal?id=848
40 # confirmed by http://www.buypass.no/Bedrift/Produkter+og+tjenester/SSL/SSL%20dokumentasjon
41 #
42 # (2.16.578.1.26.1.3.3) = 0608608442011A010303
43 #
44 # root: Buypass Class 3 CA 1 Buypass AS-983163327
45 #
46 # confirmed by email with John Arild Amdahl Johansen on Nov.12 2013
47 #
48 2.16.578.1.26.1.3.3 "Buypass Class 3 Root CA.cer" "BuypassClass3CA1.cer"
49
50
51 # Certigna
52 # TestURL: http://www.certigna.fr/ca/ACcertigna.crt
53 # confirmed by <sonr://138828330>
54 # 86F27C4BE875508EE8793C4BFC61791530729830
55 # source <sonr://Request/138828330>
56 #
57 # (1.2.250.1.177.1.18.2.2)
58 #
59 # root: Certigna.cer
60 #
61 1.2.250.1.177.1.18.2.2 "Certigna.cer"
62
63
64 # Certum (Unizeto) (Poland)
65 # source: <sonr://request/95347392>
66 # source: <rdar://problem/7656178>, <rdar://problem/16974747>
67 #
68 # ( 1 2 616 1 113527 2 5 1 1 ) = 060B2A84680186F67702050101
69 #
70 # root: Certum Trusted Network CA
71 # root: Certum CA
72 #
73 1.2.616.1.113527.2.5.1.1 "Unizeto-CertumCA.cer" "Poland-Certum-CTNCA.der" "Certum Trusted Network CA 2.cer"
74
75
76 # China Internet Network Information Center (CNNIC) (China)
77 # source: <rdar://problem/9279621>
78 #
79 # ( 1 3 6 1 4 1 29836 1 10 ) =
80 #
81 # root: China Internet Network Information Center EV Certificates Root
82 #
83 1.3.6.1.4.1.29836.1.10 "CNNICEVRoot.der"
84
85
86 # Comodo
87 # source: <http://www.mozilla.org/projects/security/certs/included/>
88 # confirmed by <http://www.comodo.com/repository/EV_CPS_120806.pdf>
89 #
90 # (1.3.6.1.4.1.6449.1.2.1.5.1) = 060C2B06010401B2310102010501
91 #
92 # root: COMODO Certification Authority
93 # subordinate CA of: Add Trust External CA Root
94 #
95 1.3.6.1.4.1.6449.1.2.1.5.1 "COMODOCertificationAuthority.crt" "AddTrust External CA Root.crt"
96
97
98 # Cybertrust (aka Verizon Business)
99 # source: <http://en.wikipedia.org/wiki/Extended_Validation_Certificate>
100 # confirmed by <http://cybertrust.omniroot.com/repository.cfm>
101 #
102 # (1.3.6.1.4.1.6334.1.100.1) = 060A2B06010401B13E016401
103 #
104 # root: GTE Cybertrust Global Root
105 # root: Baltimore Cybertrust Root
106 #
107 1.3.6.1.4.1.6334.1.100.1 "BTCTRT.cer" "GTEGB18.cer"
108
109
110 # DigiCert
111 # source: <http://www.mozilla.org/projects/security/certs/included/>
112 # confirmed by <https://www.digicert.com/>
113 # confirmed by <http://www.digicert.com/CPS_V3-0-3_3-15-2007.pdf>
114 #
115 # (2.16.840.1.114412.2.1) = 06096086480186FD6C0201 // EV CA-1
116 # (2.16.840.1.114412.1.3.0.2) = 060B6086480186FD6C01030002 // EV CA-2
117 #
118 # root: DigiCert High Assurance EV Root CA
119 # previously a subordinate CA of: Entrust.net Secure Server Certification Authority
120 #
121 2.16.840.1.114412.1.3.0.2 "DigiCertHighAssuranceEVRootCA.crt"
122
123 # A14B48D943EE0A0E40904F3CE0A4C09193515D3F
124 # F517A24F9A48C6C9F8A200269FDC0F482CAB3089
125 # DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
126 # 7E04DE896A3E666D00E687D33FFAD93BE83D349E
127 # DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
128 # TestURL: https://assured-id-root-g2.digicert.com
129 # TestURL: https://assured-id-root-g3.digicert.com
130 # TestURL: https://global-root-g2.digicert.com
131 # TestURL: https://global-root-g3.digicert.com
132 # TestURL: https://trusted-root-g4.digicert.com
133 # confirmed by <snrx://600058205>
134 2.16.840.1.114412.2.1 "DigiCertHighAssuranceEVRootCA.crt" "DigiCertAssuredIDRootG2.der" "DigiCertAssuredIDRootG3.der" "DigiCertGlobalRootG2.der" "DigiCertGlobalRootG3.der" "DigiCertTrustedRootG4.der"
135
136
137 # DigiNotar
138 # source: <http://www.mozilla.org/projects/security/certs/included/>
139 # confirmed by <https://www.diginotar.com/>
140 #
141 # (2.16.528.1.1001.1.1.1.12.6.1.1.1) = 060E6084100187690101010C06010101
142 #
143 # root: DigiNotar Root CA
144 #
145 # removed per <rdar://problem/10040471>
146 # 2.16.528.1.1001.1.1.1.12.6.1.1.1 "DigiNotarRootCA2007.crt"
147
148
149 # D-Trust
150 # <rdar://problem/13718023> open .D-Trust root certificates
151 #
152 # 1.3.6.1.4.1.4788.2.202.1
153 #
154 # root: D-TRUST_Root_Class_3_CA_2_EV_2009.cer
155 #
156 1.3.6.1.4.1.4788.2.202.1 "D-TRUST_Root_Class_3_CA_2_EV_2009.cer"
157
158
159 # E-Tugra
160 # source: <rdar://15745238>
161 # Test URL: https://sslev.e-tugra.com.tr
162 #
163 2.16.792.3.0.4.1.1.4 "E-Tugra.der"
164
165 # Entrust
166 # 503006091D97D4F5AE39F7CBE7927D7D652D3431
167 # B31EB1B740E36C8402DADC37D44DF5D4674952F9
168 # 8CF427FD790C3AD166068DE81E57EFBB932272D4
169 # 20d80640df9b25f512253a11eaf7598aeb14b547
170 # TestURL: https://2048test.entrust.net/
171 # TestURL: https://validev.entrust.net/
172 # TestURL: https://validg2.entrust.net/
173 # TestURL: https://validec.entrust.net/
174 # source: <http://www.mozilla.org/projects/security/certs/included/>
175 # confirmed by <http://www.entrust.net/CPS/pdf/webcps051404.pdf>
176 #
177 # (2.16.840.1.114028.10.1.2) = 060A6086480186FA6C0A0102
178 #
179 # root: Entrust.net Secure Server Certification Authority
180 # root: Entrust Root Certification Authority
181 #
182 # confirmed by <sonr://99624119>
183 2.16.840.1.114028.10.1.2 "EntrustEVRoot.crt" "EntrustRoot-G2.der" "EntrustRoot-EC1.der" "entrust2048.der"
184
185
186 # GeoTrust
187 # source: <http://www.mozilla.org/projects/security/certs/included/>
188 # confirmed by <http://www.geotrust.com/resources/cps/pdfs/GeoTrustCPS-Version1.pdf>
189 # G3 root added: <http://www.geotrust.com/resources/cps/pdfs/GeoTrustCPS-Version1.1.13.pdf>
190 #
191 # (1.3.6.1.4.1.14370.1.6) = 06092B06010401F0220106
192 #
193 # root: GeoTrust Primary Certification Authority
194 # subordinate CA of: Equifax Secure Certificate Authority
195 #
196 1.3.6.1.4.1.14370.1.6 "geotrust-primary-ca.crt" "Equifax_Secure_Certificate_Auth" "GeoTrust Primary Certification Authority - G3.cer"
197
198
199 # GlobalSign
200 # source: <http://www.mozilla.org/projects/security/certs/included/>
201 # confirmed by <https://www.globalsign.com/>
202 #
203 # (1.3.6.1.4.1.4146.1.1) = 06092B06010401A0320101
204 #
205 # root: GlobalSign Root CA - R3
206 # root: GlobalSign Root CA - R2
207 # root: GlobalSign Root CA
208 #
209 1.3.6.1.4.1.4146.1.1 "GlobalSignRootCA-R2.cer" "globalSignRoot.cer" "GlobalSign-Root-R3.der"
210
211
212 # Go Daddy (aka Starfield Technologies)
213 # source: <http://www.mozilla.org/projects/security/certs/included/>
214 # confirmed by <https://certs.starfieldtech.com/repository/StarfieldCP-CPS.pdf>
215 #
216 # (2.16.840.1.114413.1.7.23.3) = 060B6086480186FD6D01071703
217 # (2.16.840.1.114414.1.7.23.3) = 060B6086480186FD6E01071703
218 #
219 # root: Go Daddy Class 2 Certification Authority (for 114413)
220 # root: Starfield Class 2 Certificate Authority (for 114414)
221 # root: Starfield Root Certificate Authority - G2 (for 114414)
222 # root: Starfield Services Root Certificate Authority - G2 (for 114414)
223 # previously subordinate CA of: Valicert Class 2 Policy Validation Authority (both)
224 #
225 2.16.840.1.114413.1.7.23.3 "GD-Class2-root.crt" "GoDaddyRootCertificateAuthorityG2.der"
226 2.16.840.1.114414.1.7.23.3 "SF-Class2-root.crt" "StarfieldRootCertificateAuthorityG2.der"
227 2.16.840.1.114414.1.7.24.3 "StarfieldServicesRootCertificateAuthorityG2.der"
228
229
230 # Izenpe
231 # source: <sonr://Request/74637008>
232 # source: <sonr://Request/84249406>
233 # confirmed by <https://servicios.izenpe.com/jsp/descarga_ca/s27descarga_ca_c.jsp>
234 #
235 # (1.3.6.1.4.1.14777.6.1.1) =
236 # (1.3.6.1.4.1.14777.6.1.2) =
237 #
238 # root: Izenpe.com
239 # root: Izenpe.com/emailAddress=Info@izenpe.com
240 #
241 1.3.6.1.4.1.14777.6.1.1 "Izenpe-RAIZ2007.crt" "Izenpe-ca_raiz2003.crt"
242 1.3.6.1.4.1.14777.6.1.2 "Izenpe-RAIZ2007.crt" "Izenpe-ca_raiz2003.crt"
243
244
245 # KEYNECTIS (aka Certplus)
246 # source: <sonr://request/76327342>
247 # confirmed by <https://www.keynectis.com/fr/accueil.html>
248 #
249 # (1.3.6.1.4.1.22234.2.5.2.3.1) =
250 #
251 # root: Class 2 Primary CA
252 #
253 1.3.6.1.4.1.22234.2.5.2.3.1 "certplus_class2.der"
254
255
256 # Logius (aka Staat der Nederlanden)
257 # source: <rdar://problem/16256943> application for root trust store inclusion for Logius EV certificate
258 # confirmed by <https://www.logius.nl/producten/toegang/pkioverheid/documentatie/certificaten-pkioverheid/staat-der-nederlanden-ev/>,
259 # <https://bugzilla.mozilla.org/show_bug.cgi?id=1016568>
260 # <http://cert.pkioverheid.nl/EVRootCA.cer>
261 #
262 # (2.16.528.1.1003.1.2.7) = 060960841001876B010207
263 #
264 # root: Staat der Nederlanden EV Root CA
265 #
266 2.16.528.1.1003.1.2.7 "Staat der Nederlanden EV Root CA.cer"
267
268
269 # Network Solutions
270 # source: <http://www.mozilla.org/projects/security/certs/included/>
271 # confirmed by <https://www.networksolutions.com/legal/SSL-legal-repository-ev-cps.jsp>
272 #
273 # (1.3.6.1.4.1.782.1.2.1.8.1) = 060C2B06010401860E0102010801
274 #
275 # root: Network Solutions Certificate Authority
276 # subordinate CA of: AddTrust External CA Root
277 #
278 1.3.6.1.4.1.782.1.2.1.8.1 "NetworkSolutionsEVRoot.crt" "AddTrust External CA Root.crt"
279
280
281 # QuoVadis
282 # source: <http://www.mozilla.org/projects/security/certs/included/>
283 # confirmed by <http://www.quovadisglobal.bm/Repository.aspx>
284 #
285 # (1.3.6.1.4.1.8024.0.2.100.1.2) = 060C2B06010401BE580002640102
286 #
287 # root: QuoVadis Root Certification Authority
288 # root: QuoVadis Root CA 2
289 #
290 1.3.6.1.4.1.8024.0.2.100.1.2 "qvrca.crt" "qvrca2.crt"
291
292
293 # Secom (aka SECOM Trust Systems Co., Ltd.)
294 # TestURL: https://scrootca2test.secomtrust.net also consider: https://fmctest.secomtrust.net/
295 # FEB8C432DCF9769ACEAE3DD8908FFD288665647D
296 # source: <https://repository.secomtrust.net/SC-Root1/>
297 #
298 # (1.2.392.200091.100.721.1) = 060A2A83088C9B1B64855101
299 #
300 # root: Security Communication RootCA1
301 #
302 1.2.392.200091.100.721.1 "SCRoot1ca.cer" "SECOM-EVRoot1ca.cer" "SECOM-RootCA2.cer"
303
304
305 # StartCom
306 # source: <http://www.mozilla.org/projects/security/certs/included/#StartCom>
307 # confirmed by <https://www.startssl.com/certs/>, <https://www.startssl.com/policy.pdf>
308 #
309 # (1.3.6.1.4.1.23223.2) =
310 # (1.3.6.1.4.1.23223.1.1.1) =
311 #
312 # root: StartCom Certification Authority
313 #
314 1.3.6.1.4.1.23223.2 "startcom-sfsca.der" "startcomSHA2.der" "StartCom May 2013 G2.der"
315 1.3.6.1.4.1.23223.1.1.1 "startcom-sfsca.der" "startcomSHA2.der" "StartCom May 2013 G2.der"
316
317
318 # SwissCom
319 # source : <rdar://problem/13768455> SwissCom Root Certificates
320 # TestURL: https://test-quarz-ev-ca-2.pre.swissdigicert.ch/
321 # confirmed by <snrx://224162961>,
322 # <http://www.swissdigicert.ch/sdcs/portal/open_pdf?file=deutsch%2F102_CPS_SDCS_EV_2_16_756_1_83_2_2_V2_1_de.pdf>
323 #
324 # previously, we had noted these additional OIDs for SwissCom:
325 # (2.16.756.1.83.20.1.1) = 06086085740153140101
326 # (the 21.0 OID was listed on <https://en.wikipedia.org/wiki/Extended_Validation_Certificate>
327 # (2.16.756.1.83.21.0) = 060760857401531500
328 #
329 # (2.16.756.1.83.2.2) = 060760857401530202
330 #
331 # E7A19029D3D552DC0D0FC692D3EA880D152E1A6B
332 #
333 2.16.756.1.83.2.2 "Swisscom Root EV CA 2.cer"
334
335
336 # SwissSign
337 # source: <https://swisssign.com/english/download-document/20-swisssign-gold-ca-g2.html>
338 # repository: https://swisssign.com/english/gold/view-category.html
339 #
340 # (2.16.756.1.89.1.2.1.1) = ...
341 #
342 # root: SwissSign Gold CA - G2
343 #
344 2.16.756.1.89.1.2.1.1 "SwissSign-Gold_G2.der"
345
346
347 # TrustCenter (DE)
348 # source: <sonr://Request/87508085>
349 #
350 # (1.2.276.0.44.1.1.1.4) = ...
351 #
352 # root: TC TrustCenter Universal CA III
353 #
354 1.2.276.0.44.1.1.1.4 "trustCenter-root-5.der"
355
356
357 # Trustwave (aka SecureTrust, formerly XRamp)
358 # source: <http://www.mozilla.org/projects/security/certs/included/>
359 #
360 # (2.16.840.1.114404.1.1.2.4.1) = 060C6086480186FD640101020401
361 #
362 # root: SecureTrust CA
363 # root: Secure Global CA
364 # root: XRamp Global CA
365 # subordinate CA of: Entrust.net Secure Server Certification Authority
366 #
367 2.16.840.1.114404.1.1.2.4.1 "Trustwave-STCA.der" "Trustwave-SGCA.der" "XGCA.crt" "EntrustRootCA1024.crt"
368
369
370 # Thawte
371 # source: <http://www.mozilla.org/projects/security/certs/included/>
372 # G3 EV root added: <http://www.thawte.com/assets/documents/repository/cps/Thawte_CPS_3_7.9.pdf>
373 #
374 # (2.16.840.1.113733.1.7.48.1) = 060B6086480186F84501073001
375 #
376 # root: thawte Primary Root CA
377 # subordinate CA of: Thawte Premium Server CA
378 #
379 2.16.840.1.113733.1.7.48.1 "thawte-primary-root-ca.crt" "serverpremium.crt" "Thawte_Premium_Server_CA.cer" "thawte Primary Root CA - G3.cer"
380
381
382 # T-TeleSec
383 # source: <rdar://problem/14254092> T-Systems / Telesec.de root certificates
384 #
385 # (1.3.6.1.4.1.7879.13.24.1)
386 #
387 # root: T-TeleSec GlobalRoot Class 2 T-TeleSec GlobalRoot Class 3
388 #
389 1.3.6.1.4.1.7879.13.24.1 "T-TeleSec GlobalRoot Class 2.cer" "T-TeleSec GlobalRoot Class 3.cer"
390
391
392 # VeriSign
393 # source: <http://www.mozilla.org/projects/security/certs/included/>
394 #
395 # (2.16.840.1.113733.1.7.23.6) = 060B6086480186F84501071706
396 #
397 # root: VeriSign Class 3 Public Primary Certification Authority - G5
398 # subordinate CA of: Class 3 Public Primary Certification Authority
399 #
400 # Symantec
401 # source: <rdar://problem/13712338> Symantec ECC root certificates May 2013
402 #
403 # VeriSign
404 # source: <rdar://13712338> Symantec ECC root certificates May 2013
405 # EV OID correction: <rdar://17095623> EV-enablement for Verisign root certificate already in the keychain
406 #
407 2.16.840.1.113733.1.7.23.6 "VeriSignC3PublicPrimaryCA-G5.cer" "PCA3ss_v4.509" "Symantec Class 3 Public Primary Certification Authority - G4.cer" "VeriSign Class 3 Public Primary Certification Authority - G4.cer" "VeriSign Universal Root Certification Authority.cer"
408
409
410 # Wells Fargo
411 # source: <sonr://request/72493272>
412 # confirmed by <https://www.wellsfargo.com/com/cp>
413 #
414 # (2.16.840.1.114171.500.9) = 060A6086480186FB7B837409
415 #
416 # root: WellsSecure Public Root Certificate Authority
417 #
418 2.16.840.1.114171.500.9 "WellsSecurePRCA.der"
419
420
421 # Camerfirma
422 # TestURL: https://server2.camerfirma.com:8082
423 # TestURL: https://www.camerfirma.com/
424 # confirmed by <snrx://277093627>
425 #
426 # (1.3.6.1.4.1.17326.10.14.2.1.2) = 060D2B0601040181872E0A0E020102
427 # (1.3.6.1.4.1.17326.10.8.12.1.2) = 060D2B0601040181872E0A080C0102
428 #
429 # 786A74AC76AB147F9C6A3050BA9EA87EFE9ACE3C
430 # 6E3A55A4190C195C93843CC0DB722E313061F0B1
431 #
432 1.3.6.1.4.1.17326.10.14.2.1.2 "ROOT-CHAMBERSIGN.crt" "ROOT-CHAMBERS.crt" "root_chambers-2008.der"
433 1.3.6.1.4.1.17326.10.8.12.1.2 "root_chambersign-2008.der"
434
435
436 # Firmaprofesional
437 # AEC5FB3FC8E1BFC4E54F03075A9AE800B7F7B6FA
438 # Firmaprofesional-CIF-A62634068.der
439 # TestURL: https://publifirma.firmaprofesional.com/
440 # confirmed by <sonr://230298678>
441 #
442 # (1.3.6.1.4.1.13177.10.1.3.10) = 060B2B06010401E6790A01030A
443 #
444 1.3.6.1.4.1.13177.10.1.3.10 "Firmaprofesional-CIF-A62634068.der"
445
446
447 # TWCA
448 # TestURL (4096): https://evssldemo3.twca.com.tw/index.html
449 # TestURL (2048): https://evssldemo.twca.com.tw/index.html
450 # confirmed with Robin Lin of TWCA on August 13 2013
451 #
452 # (1.3.6.1.4.1.40869.1.1.22.3) = 060C2B0601040182BF2501011603
453 #
454 # 9CBB4853F6A4F6D352A4E83252556013F5ADAF65
455 # CF9E876DD3EBFC422697A3B5A37AA076A9062348
456 #
457 1.3.6.1.4.1.40869.1.1.22.3 "TWCARootCA-4096.der" "twca-root-1.der"
458
459
460
461 # ------------------------------------------------------------------------------
462
mirror of Security