Created
June 10, 2025 20:13
-
-
Save dextercd/ecda146ce36d12fc4abe5e8a55ac3547 to your computer and use it in GitHub Desktop.
Root program report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Apple has 153 certificates. | |
| Mozilla has 143 certificates. | |
| Microsoft has 273 certificates. | |
| Chrome has 118 certificates. | |
| Certificates in Apple that are not in Chrome: | |
| - D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4 AAA Certificate Services | |
| - C2B9B042DD57830E7D117DAC55AC8AE19407D38E41D88F3215BC3A890444A050 Apple Root CA - G2 | |
| - 63343ABFB89A6A03EBB57E9B3F5FA7BE7C4F5C756F3017B3A8C488C3653E9179 Apple Root CA - G3 | |
| - B0B1730ECBC7FF4505142C49F1295E6EDA6BCAED7E2C68C5BE91B5A11001F024 Apple Root CA | |
| - 0D83B611B648A1A75EB8558400795375CAD92E264ED8E9D7A757C1F5EE2BB22D Apple Root Certificate Authority | |
| - E38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB Atos TrustedRoot Root CA ECC G2 2020 | |
| - 78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E Atos TrustedRoot Root CA RSA G2 2020 | |
| - 04048028BF1F2864D48F9AD4D83294366A828856553F3B14303F90147F5D40EF Autoridad de Certificacion Firmaprofesional CIF A62634068 | |
| - 16AF57A9F676B0AB126095AA5EBADEF22AB31119D644AC95CD4B93DBF3F26AEB Baltimore CyberTrust Root | |
| - D8E0FEBC1DB2E38D00940F37D27D41344D993E734B99D5656D9778D4D8143624 Certum CA | |
| - 063E4AFAC491DFD332F3089B8542E94617D893D7FE944E10A7937EE29D9693C0 Chambers of Commerce Root - 2008 | |
| - 8327BC8C9D69947B3DE3C27511537267F59C21B9FA7B613FAFBCCD53B7024000 Cisco Root CA 2048 | |
| - 0C2CD63DF7806FA399EDE809116B575BF87989F06518F9808C860503178BAF66 COMODO Certification Authority | |
| - 2605875AFCC176B2D66DD66A995D7F8D5EBB86CE120D0E7E9E7C6EF294A27D4C ComSign Global Root CA | |
| - A1A86D04121EB87F027C66F53303C28E5739F943FC84B38AD6AF009035DD9457 D-TRUST Root CA 3 2013 | |
| - E8E8176536A60CC2C4E10187C3BEFCA20EF263497018F566D5BEA0F94D0C111B DigiCert SMIME ECC P384 Root G5 | |
| - 90370D3EFA88BF58C30105BA25104A358460A7FA52DFC2011DF233A0F417912A DigiCert SMIME RSA4096 Root G5 | |
| - 6DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177 Entrust.net Certification Authority (2048) | |
| - 5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766 GeoTrust Primary Certification Authority - G2 | |
| - 136335439334A7698016A0D324DE72284E079D7B5220BB8FBD747816EEBEBACA Global Chambersign Root - 2008 | |
| - EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99 GlobalSign Root CA | |
| - 5CBF6FB81FD417EA4128CD6F8172A3C9402094F74AB2ED3A06B4405D04F30B19 GlobalSign Secure Mail Root E45 | |
| - 319AF0A7729E6F89269C131EA6A3A16FCD86389FDCAB3C47A4A675C161A3F974 GlobalSign Secure Mail Root R45 | |
| - C3846BF24B9E93CA64274C0EC67C1ECC5E024FFCACD2D74019350E81FE546AE4 Go Daddy Class 2 Certification Authority | |
| - 8DD4B5373CB0DE36769C12339280D82746B3AA6CD426E797A31BABE4279CF00B HARICA Client ECC Root CA 2021 | |
| - 1BE7ABE30686B16348AFD1C61B6866A0EA7F4821E67D5E8AF937CF8011BC750D HARICA Client RSA Root CA 2021 | |
| - 44B545AA8A25E65A73CA15DC27FC36D24C1CB9953A066539B11582DC487B4833 Hellenic Academic and Research Institutions ECC RootCA 2015 | |
| - A040929A02CE53B4ACF4F2FFC6981CE4496F755E6D45FE0B2A692BCD52523F36 Hellenic Academic and Research Institutions RootCA 2015 | |
| - 30D0895A9A448A262091635522D1F52010B5867ACAE12C78EF958FD4F4389F2F IdenTrust Public Sector Root CA 1 | |
| - 15F0BA00A3AC7AF3AC884C072B1011A077BD77C097F40164B2F8598ABD83860C Network Solutions Certificate Authority | |
| - 41C923866AB4CAD6B7AD578081582E020797A6CBDF4FFF78CE8396B38937D7F5 OISTE WISeKey Global Root GA CA | |
| - 8A866FD1B276B57E578E921C65828A2BED58E9F2F288054134B7F1F4BFC9CC74 QuoVadis Root CA 1 G3 | |
| - 18F1FC7F205DF8ADDDEB7FE007DD57E3AF375A9C4D8D73546BF4F1FED1E18D35 QuoVadis Root CA 3 | |
| - 22D9599234D60F1D4BC7C7E96F43FA555B07301FD475175089DAFB8C25E477B3 Sectigo Public Email Protection Root E46 | |
| - D5917A7791EB7CF20A2E57EB98284A67B28A57E89182DA53D546678C9FDE2B4F Sectigo Public Email Protection Root R46 | |
| - E44DDB7952261F15005CD60C1D0C38C18CBFD17C273A31F8ED4C8F53E2685F32 Sectigo Public Time Stamping Root E46 | |
| - 4941B001B8A97E961B7817C9D9E960EC4B056BFC915A8C1AABF6EF6B3AC046A5 Sectigo Public Time Stamping Root R46 | |
| - 4200F5043AC8590EBB527D209ED1503029FBCBD41CA1B506EC27F15ADE7DAC69 Secure Global CA | |
| - AD7DD58D03AEDB22A30B5084394920CE12230C2D8017AD9B81AB04079BDD026B SSL.com Client ECC Root CA 2022 | |
| - 1D4CA4A2AB21D0093659804FC0EB2175A617279B56A2475245C9517AFEB59153 SSL.com Client RSA Root CA 2022 | |
| - 1465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658 Starfield Class 2 Certification Authority | |
| - 568D6905A2C88708A4B3025190EDCFEDB1974A606A13C6E5290FCB2AE63EDAB5 Starfield Services Root Certificate Authority - G2 | |
| - BE6C4DA2BBB9BA59B6F3939768374246C3C005993FA98F020D1DEDBED48A81D5 SwissSign Silver CA - G2 | |
| - 5A885DB19C01D912C5759388938CAFBBDF031AB2D48E91EE15589B42971D039C TrustCor ECA-1 | |
| - D40E9C86CD8FE468C1776959F49EA774FA548684B6C406F3909261F4DCE2575C TrustCor RootCert CA-1 | |
| - 0753E940378C1BD5E3836E395DAEA5CB839E5046F1BD0EAE1951CF10FEC7C965 TrustCor RootCert CA-2 | |
| - BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44 TWCA Root Certification Authority | |
| - 9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF VeriSign Class 3 Public Primary Certification Authority - G5 | |
| - C57A3ACBE8C06BA1988A83485BF326F2448775379849DE01CA43571AF357E74B Visa Information Delivery Root CA | |
| - CECDDC905099D8DADFC5B1D209B737CBE2C18CFB2C10C0FF0BCF0D3286FC1AA2 XRamp Global Certification Authority | |
| Certificates in Mozilla that are not in Chrome: | |
| - 125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F emSign Root CA - C1 | |
| - BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3 emSign ECC Root CA - C3 | |
| - 3F034BB5704D44B2D08545A02057DE93EBF3905FCE721ACBC730C06DDAEE904E SecureSign Root CA12 | |
| - 4B009C1034494F9AB56BBA3BA1D62731FC4D20D8955ADCEC10A925607261E338 SecureSign Root CA14 | |
| - E778F0F095FE843729CD1A0082179E5314A9C291442805E1FB1D8FB6B8886C3A SecureSign Root CA15 | |
| - F3896F88FE7C0A882766A7FA6AD2749FB57A7F3E98FB769C1FA7B09C2C44D5AE BJCA Global Root CA1 | |
| - 574DF6931E278039667B720AFDC1600FC27EB66DD3092979FB73856487212882 BJCA Global Root CA2 | |
| - E0D3226AEB1163C2E48FF9BE3B50B4C6431BE7BB1EACC5C36B5D5EC509039A08 TrustAsia Global Root CA G3 | |
| - BE4B56CB5056C0136A526DF444508DAA36A0B54F42E4AC38F72AF470E479654C TrustAsia Global Root CA G4 | |
| - 11437CDA7BB45E41365F45B39A38986B0DE00DEF348E0C7BB0873633800BC38B CommScope Public Trust ECC Root-01 | |
| - 2FFB7F813BBBB3C89AB4E8162D0F16D71509A830CC9D73C262E5140875D1AD4A CommScope Public Trust ECC Root-02 | |
| - 02BDF96E2A45DD9BF18FC7E1DBDF21A0379BA3C9C2610344CFD8D606FEC1ED81 CommScope Public Trust RSA Root-01 | |
| - FFE943D793424B4F7C440C1C3D648D5363F34B82DC87AA7A9F118FC5DEE101F1 CommScope Public Trust RSA Root-02 | |
| - BEF256DAF26E9C69BDEC1602359798F3CAF71821A03E018257C53C65617F3D4A FIRMAPROFESIONAL CA ROOT-A WEB | |
| - 578AF4DED0853F4E5998DB4AEAF9CBEA8D945F60B620A38D1A3C13B2BC7BA8E1 Telekom Security TLS ECC Root 2020 | |
| - 8E8221B2E7D4007836A1672F0DCC299C33BC07D316F132FA1A206D587150F1CE D-TRUST EV Root CA 2 2023 | |
| - 0552E6F83FDF65E8FA9670E666DF28A4E21340B510CBE52566F97C4FB94B2BD1 D-TRUST BR Root CA 2 2023 | |
| - EFC65CADBB59ADB6EFE84DA22311B35624B71B3B1EA0DA8B6655174EC8978646 Telekom Security TLS RSA Root 2023 | |
| - 0C2CD63DF7806FA399EDE809116B575BF87989F06518F9808C860503178BAF66 COMODO Certification Authority | |
| - 8A866FD1B276B57E578E921C65828A2BED58E9F2F288054134B7F1F4BFC9CC74 QuoVadis Root CA 1 G3 | |
| - 18F1FC7F205DF8ADDDEB7FE007DD57E3AF375A9C4D8D73546BF4F1FED1E18D35 QuoVadis Root CA 3 | |
| - 4200F5043AC8590EBB527D209ED1503029FBCBD41CA1B506EC27F15ADE7DAC69 Secure Global CA | |
| - 568D6905A2C88708A4B3025190EDCFEDB1974A606A13C6E5290FCB2AE63EDAB5 Starfield Services Root Certificate Authority - G2 | |
| - BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44 TWCA Root Certification Authority | |
| - 30D0895A9A448A262091635522D1F52010B5867ACAE12C78EF958FD4F4389F2F IdenTrust Public Sector Root CA 1 | |
| - A040929A02CE53B4ACF4F2FFC6981CE4496F755E6D45FE0B2A692BCD52523F36 Hellenic Academic and Research Institutions RootCA 2015 | |
| - 44B545AA8A25E65A73CA15DC27FC36D24C1CB9953A066539B11582DC487B4833 Hellenic Academic and Research Institutions ECC RootCA 2015 | |
| Certificates in Microsoft that are not in Chrome: | |
| - 8AC552AD577E37AD2C6808D72AA331D6A96B4B3FEBFF34CE9BC0578E08055EC3 A-Trust-Root-07 | |
| - 7A38F708A35A31E42E1CF3220F9A2D273E7666354618B2464657D43D8E77ADC2 A-Trust-Root-09 | |
| - 063E4AFAC491DFD332F3089B8542E94617D893D7FE944E10A7937EE29D9693C0 Chambers of Commerce Root - 2008 | |
| - 04F1BEC36951BC1454A904CE32890C5DA3CDE1356B7900F6E62DFA2041EBAD51 CHAMBERS OF COMMERCE ROOT - 2016 | |
| - 136335439334A7698016A0D324DE72284E079D7B5220BB8FBD747816EEBEBACA Global Chambersign Root - 2008 | |
| - C1D80CE474A51128B77E794A98AA2D62A0225DA3F419E5C7ED73DFBF660E7109 GLOBAL CHAMBERSIGN ROOT - 2016 | |
| - F4336BC2AC75950BECCF1C1F2F9DA6DDDAFD1F41161CA71F59C76889BD474033 ANCERT Certificados CGN V2 | |
| - 4BE8B5A1C76C6AEAD0611918FCCF9DBD398B67FB12294758BDF994D0F9682F60 ANCERT Certificados Notariales V2 | |
| - 568D6905A2C88708A4B3025190EDCFEDB1974A606A13C6E5290FCB2AE63EDAB5 Starfield Services Root Certificate Authority - G2 | |
| - D8E0FEBC1DB2E38D00940F37D27D41344D993E734B99D5656D9778D4D8143624 Certum CA | |
| - 04048028BF1F2864D48F9AD4D83294366A828856553F3B14303F90147F5D40EF Autoridad de Certificacion Firmaprofesional CIF A62634068 | |
| - 39AE2E6F304A6236BDF9066718DDC69E51AF5ED05A63F2EE8D80CA1D1CC8FE4F BYTE Root Certification Authority 001 | |
| - EE0EC4A0B5E6ECB865F49689B50E3DE38D4FD924A4041C0C2A62636DB0B6B31D Carillon PKI Services G2 Root CA 1 | |
| - D2A90E5D35CAC4D41F7D44CE66AFF885E1815FB339185853A87E66C05C9BEF1E AC Raíz Certicámara S.A. | |
| - 1E51942B84FD467BF77D1C89DA241C04254DC8F3EF4C22451FE7A89978BDCD4F ePKI Root Certification Authority - G2 | |
| - 2605875AFCC176B2D66DD66A995D7F8D5EBB86CE120D0E7E9E7C6EF294A27D4C ComSign Global Root CA | |
| - 97F654859CBDE586FD90311E82EC7902C238CBA0D6E529564C9C88F44895EC50 ACA ROOT | |
| - 88497F01602F3154246AE28C4D5AEF10F1D87EBB76626F4AE0B7F95BA7968799 EC-ACC | |
| - BF0FEEFB9E3A581AD5F9E9DB7589985743D261085C4D314F6F5D7259AA421612 SecureSign RootCA11 | |
| - 3F034BB5704D44B2D08545A02057DE93EBF3905FCE721ACBC730C06DDAEE904E SecureSign Root CA12 | |
| - 4B009C1034494F9AB56BBA3BA1D62731FC4D20D8955ADCEC10A925607261E338 SecureSign Root CA14 | |
| - E778F0F095FE843729CD1A0082179E5314A9C291442805E1FB1D8FB6B8886C3A SecureSign Root CA15 | |
| - 0552E6F83FDF65E8FA9670E666DF28A4E21340B510CBE52566F97C4FB94B2BD1 D-TRUST BR Root CA 2 2023 | |
| - 8E8221B2E7D4007836A1672F0DCC299C33BC07D316F132FA1A206D587150F1CE D-TRUST EV Root CA 2 2023 | |
| - A1A86D04121EB87F027C66F53303C28E5739F943FC84B38AD6AF009035DD9457 D-TRUST Root CA 3 2013 | |
| - 209E956AF04DF3996507C887D356230D6EB49FDBDD2D8A058FF50B8F80F690AA Australian Defence Public Root CA | |
| - 3AE6DF7E0D637A65A8C81612EC6F9A142F85A16834C10280D88E707028518755 Telekom Security SMIME ECC Root 2021 | |
| - 78A656344F947E9CC0F734D9053D32F6742086B6B9CD2CAE4FAE1A2E4EFDE048 Telekom Security SMIME RSA Root 2023 | |
| - 578AF4DED0853F4E5998DB4AEAF9CBEA8D945F60B620A38D1A3C13B2BC7BA8E1 Telekom Security TLS ECC Root 2020 | |
| - EFC65CADBB59ADB6EFE84DA22311B35624B71B3B1EA0DA8B6655174EC8978646 Telekom Security TLS RSA Root 2023 | |
| - 16AF57A9F676B0AB126095AA5EBADEF22AB31119D644AC95CD4B93DBF3F26AEB Baltimore CyberTrust Root | |
| - CD851C5C25467C0095A43927D0B2292D932975E84DCE4C5E794542C6574C3AA4 DigiCert Client ECC P384 Root G5 | |
| - 3AF21466920FA91FA31F4331E445C16BE2330024BFD2C239C0D85AB530714766 DigiCert Client RSA4096 Root G5 | |
| - C1468CF2254E6004B24696ABA209D1A30BA6E2DFF68A9A4E32C6AB414F90C8D9 DigiCert ECC P384 Root G5 | |
| - 68AD50909B04363C605EF13581A939FF2C96372E3F12325B0A6861E1D59F6603 Verizon Global Root CA | |
| - E46A392204A8DCA342A71C1CA9A60C9185B9A930370120C3B9C7E3856F0D8F3B DigiCert RSA4096 Root G5 | |
| - E8E8176536A60CC2C4E10187C3BEFCA20EF263497018F566D5BEA0F94D0C111B DigiCert SMIME ECC P384 Root G5 | |
| - 90370D3EFA88BF58C30105BA25104A358460A7FA52DFC2011DF233A0F417912A DigiCert SMIME RSA4096 Root G5 | |
| - A3CC68595DFE7E86D8AD1772A8B5284ADD54ACE3B8A798DF47BCCAFB1FDB84DF Hotspot 2.0 Trust Root CA - 03 | |
| - 9D190B2E314566685BE8A889E27AA8C7D7AE1D8AADDBA3C1ECF9D24863CD34B9 Symantec Class 1 Public Primary Certification Authority - G6 | |
| - CB627D18B58AD56DDE331A30456BC65C601A4E9B18DEDCEA08E7DAAA07815FF0 Symantec Class 2 Public Primary Certification Authority - G6 | |
| - 92A9D9833FE1944DB366E8BFAE7A95B6480C2D6C6C2A1BE65D4236B608FCA1BB VeriSign Class 2 Public Primary Certification Authority - G3 | |
| - CBB5AF185E942A2402F9EACBC0ED5BB876EEA3C1223623D00447E4F3BA554B65 VeriSign Class 1 Public Primary Certification Authority - G3 | |
| - 2399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C VeriSign Universal Root Certification Authority | |
| - 2A99F5BC1174B73CBB1D620884E01C34E51CCB3978DA125F0E33268883BF4158 Certinomis - Root CA | |
| - 5E3571F33F45A7DF1537A68B5FFB9E036AF9D2F5BC4C9717130DC43D7175AAC7 GLOBALTRUST | |
| - 416B1F9E84E74C1D19B23D8D7191C6AD81246E641601F599132729F507BEB3CC GLOBALTRUST 2015 | |
| - 873F4685FA7F563625252E6D36BCD7F16FC24951F264E47E1B954F4908CDCA13 E-Tugra Global Root CA ECC v3 | |
| - EF66B0B10A3CDB9F2E3648C76BD2AF18EAD2BFE6F117655E28C4060DA1A3F4C2 E-Tugra Global Root CA RSA v3 | |
| - 6639D13CAB85DF1AD9A23C443B3A60901E2B138D456FA71183578108884EC6BF Echoworx Root CA2 | |
| - 1501F89C5C4DCF36CF588A17C9FD7CFCEB9EE01E8729BE355E25DE80EB6284B4 CAEDICOM Root | |
| - BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3 emSign ECC Root CA - C3 | |
| - 125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F emSign Root CA - C1 | |
| - A7DEDF5A842167DD12FDAA0F2080E73295B8B8BEA71B2094EA0950945A482FC1 AffirmTrust 4K TLS Root CA - 2022 | |
| - 6DC47172E01CBCB0BF62580D895FE2B8AC9AD4F873801E0C10B9C837D21EB177 Entrust.net Certification Authority (2048) | |
| - 647987D98D52645DA4D3DE3B80771A0CE02B9B9285E6E86999882170744EC9AA Entrust 4K EV TLS Root CA - 2022 | |
| - DD6C44B39401B053DBE61120748BBB0F6056007665C168E5C286750EDC8DF129 Entrust 4K TLS Root CA - 2022 | |
| - 937EF8F12276B3C7A3F58E345D09A6EFF01F862F8D2794441CD84D511825FA0C Entrust P384 EV TLS Root CA - 2022 | |
| - 420332EF876EBE78F2AF5D28AAACDE24AAD0C10F8FFAAC469EFD7BD941929568 Entrust P384 TLS Root CA - 2022 | |
| - B7A41ED8096D62716BADC7F530942197A9E7E3175CE05D11D01E7AD6C12DCBA7 Entrust SMIME Root CA - 2022 | |
| - E38655F4B0190C84D3B3893D840A687E190A256D98052F159E6D4A39F589A6EB Atos TrustedRoot Root CA ECC G2 2020 | |
| - 78833A783BB2986C254B9370D3C20E5EBA8FA7840CBF63FE17297A0B0119685E Atos TrustedRoot Root CA RSA G2 2020 | |
| - 5AB4FCDB180B5B6AF0D262A2375A2C77D25602015D96648756611E2E78C53AD3 Fina Root CA | |
| - 8B0F0FAA2C00FE0532A8A54E7BC5FD139C1922C4F10F0B16E10FB8BE1A634964 GlobalSign Client Authentication Root E45 | |
| - 165C7E810BD37C1D57CE9849ACCD500E5CB01EEA37DC550DB07E598AAD2474A8 GlobalSign Client Authentication Root R45 | |
| - EBD41040E4BB3EC742C9E381D31EF2A41A48B6685C96E7CEF3C1DF6CD4331C99 GlobalSign Root CA | |
| - 5CBF6FB81FD417EA4128CD6F8172A3C9402094F74AB2ED3A06B4405D04F30B19 GlobalSign Secure Mail Root E45 | |
| - 319AF0A7729E6F89269C131EA6A3A16FCD86389FDCAB3C47A4A675C161A3F974 GlobalSign Secure Mail Root R45 | |
| - C3846BF24B9E93CA64274C0EC67C1ECC5E024FFCACD2D74019350E81FE546AE4 Go Daddy Class 2 Certification Authority | |
| - 1465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658 Starfield Class 2 Certification Authority | |
| - BEC94911C2955676DB6C0A550986D76E3BA005667C442C9762B4FBB773DE228C GlobalSign | |
| - 2A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A5472 GTS Root R1 | |
| - C45D7BB08E6D67E62E4235110B564E5F78FD92EF058C840AEA4E6455D7585C60 GTS Root R2 | |
| - 15D5B8774619EA7D54CE1CA6D0B0C403E037A917F131E8A04E1E6B7A71BABCE5 GTS Root R3 | |
| - 71CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD GTS Root R4 | |
| - CBD8ED38D4A2D677D453D70DD8890AF4F6374CBA6299943F1AB3A6936C6FD795 Autoridade Certificadora Raiz Brasileira v1 | |
| - 6E0BFF069A26994C15DE2C4888CC54AF84882E5495B7FBF66BE9CCFFEC7489F6 Autoridade Certificadora Raiz Brasileira v10 | |
| - CAA53FC6091C6951887C976E378F6EF89AA6377C55D97B6475422B71ED7E9B17 Autoridade Certificadora Raiz Brasileira v5 | |
| - FB47D92A9909FD4FA9BEC02737543E1F3514CED747407A8D9CFA397B0915067C Autoridade Certificadora Raiz Brasileira v2 | |
| - 5546A52504FBA74F61FFD4890067529ADE3B9C9D07E502592831CCDA9B369FD3 DVV Gov. Root CA - G3 ECC | |
| - D3ED3FC40AD26B52E001E1E18F4B9449529DEB75A81D5EB680D7B62DB23BA96D DVV Gov. Root CA - G3 RSA | |
| - F008733EC500DC498763CC9264C6FCEA40EC22000E927D053CE9C90BFA046CB2 VRK Gov. Root CA | |
| - 34FF2A4409DC1383E9F8966E8ADFE5719EBA373FD0AD5E2F49F90EE07CF5D4C1 VRK Gov. Root CA - G2 | |
| - 3945E08A8D4A0554B7605A7B355B10188E3EF842C76A805C54E3657C4D041AAA Hongkong Post Root CA 2 | |
| - 60109BC6C38328598A112C7A25E38B0F23E5A7511CB815FB64E0C4FF05DB7DF7 CCA India 2014 | |
| - C34C5DF53080078FFE45B21A7F600469917204F4F0293F1D7209393E5265C04F CCA India 2015 SPL | |
| - 9A3FD3176798E842DDCB12C262F11CFACCA70A8B84C6EA6FDA30842A95A94CD8 CCA India 2022 | |
| - B724689B79B2EF9421EF8F5CC733EB093851B170EE715177005A09F226D8C91A CCA India 2022 SPL | |
| - 407C276BEAD2E4AF0661EF6697341DEC0A1F9434E4EAFB2D3D32A90549D9DE4A GPKIRootCA1 | |
| - 1CF341AE35341AC3AE1DC68D5B10DC0C9DC1307656F75FD92CA2C68489D52E9A MOIS SSL Root CA | |
| - 34BB34E14FAED0D3392F2FC441C0ECD5FD88AD88118DF2D1BA76CDEC1EEA10B8 Saudi National Root CA | |
| - 62B9267266212832A8E22DAB933D91C7011274ACF71703F9CC97833751A6E94F FNMT Clase 2 CA | |
| - 8F9ADB6D895DAB5ADF5C3D3FAB83927BE0FB64EF82485C62280D584E8BD55D22 Swedish Government Root Authority v3 | |
| - 3C4FB0B95AB8B30032F432B86F535FE172C185D0FD39865837CF36187FA6F428 Staat der Nederlanden Root CA - G3 | |
| - 4D2491414CFE956746EC4CEFA6CF6F72E28A1329432F9D8A907AC4CB5DADC15A Staat der Nederlanden EV Root CA | |
| - D7BA3F4FF8AD05633451470DDA3378A3491B90005E5C687D2B68D53647CFDD66 Halcom Root Certificate Authority | |
| - 8DD4B5373CB0DE36769C12339280D82746B3AA6CD426E797A31BABE4279CF00B HARICA Client ECC Root CA 2021 | |
| - 1BE7ABE30686B16348AFD1C61B6866A0EA7F4821E67D5E8AF937CF8011BC750D HARICA Client RSA Root CA 2021 | |
| - 44B545AA8A25E65A73CA15DC27FC36D24C1CB9953A066539B11582DC487B4833 Hellenic Academic and Research Institutions ECC RootCA 2015 | |
| - BC104F15A48BE709DCA542A7E1D4B9DF6F054527E802EAA92D595444258AFE71 Hellenic Academic and Research Institutions RootCA 2011 | |
| - A040929A02CE53B4ACF4F2FFC6981CE4496F755E6D45FE0B2A692BCD52523F36 Hellenic Academic and Research Institutions RootCA 2015 | |
| - 30D0895A9A448A262091635522D1F52010B5867ACAE12C78EF958FD4F4389F2F IdenTrust Public Sector Root CA 1 | |
| - 48E1CF9E43B688A51044160F46D773B8277FE45BEAAD0E4DF90D1974382FEA99 LAWtrust Root CA2 (4096) | |
| - 9B14E8F5F6EA167666E76DCD6BECC190861D5E8970B99A9470F0231236049704 LAWtrust Root Certification Authority 2048 | |
| - 0E30D04A94DCC423E26FDC4C24AFCF4923BD80D83B661B06A2F5856361560407 eSignTrust Root Certification Authority (G03) | |
| - B49141502D00663D740F2E7EC340C52800962666121A36D09CF7DD2B90384FB4 e-Szigno TLS Root CA 2023 | |
| - 604D32D036895AED3BFEFAEB727C009EC0F2B3CDFA42A1C71730E6A72C3BE9D4 MULTICERT Root Certification Authority 01 | |
| - A7C8681042F3675AA8505D3BA313D80F8AC3250FDF874AD29B834689C087FB11 NAVER Cloud Trust Services ECC Root G1 | |
| - 49A2762987788D4834B32305D767760F244D507742E8C2539FD4CA3AD52C16EE NAVER Cloud Trust Services RSA Root G1 | |
| - EB7E05AA58E7BD328A282BF8867033F3C035342B516EE85C01673DFFFFBBFE58 NetLock Platina (Class Platinum) Főtanúsítvány | |
| - 65353833CF234C79562164F90849C0D104DBABF8EE41064D83E8CBE03BA1C5A5 Netrust Root CA 2 | |
| - C2157309D9AEE17BF34F4DF5E88DBAEBA57E0361EB814CBC239F4D54D329A38D Főtanúsítványkiadó - Kormányzati Hitelesítés Szolgáltató | |
| - AAA15BDDB1C924AD7A7F22F89E5CD3E2C61407A064E011B7CF4CB618716449A4 Notarius Root Certificate Authority | |
| - C7B8948FECCAACE5B509A343F38D0301D07901885604B3F267270E1EBBEF0FE7 Notarius Root Certificate Authority | |
| - 41C923866AB4CAD6B7AD578081582E020797A6CBDF4FFF78CE8396B38937D7F5 OISTE WISeKey Global Root GA CA | |
| - 7A77C6C61EEEB9AA65C4EA410D65D895B26A81123283009DB104B48DE80B2479 OATI WebCARES Root CA | |
| - AD016F958050E0E7E46FAE7DCC50197ED8E3FF0A4B262E5DDCDB3EDDDC7D6578 PostSignum Root QCA 2 | |
| - AC7F7862E685C7A7D9826A58EA32D183D4893FCC8F8FD6D900C9769A987E77F0 PostSignum Root QCA 4 | |
| - 3808CE3E961CA532682FFB8708B544E8F175AA065601A45902DF92128FC38532 I.CA Root CA/ECC 05/2022 | |
| - B8692148FF49C3799FA2347AE28BCC5289623512B67DC19170452ADE24BA51D5 I.CA Root CA/ECC 12/2016 | |
| - D3D607A9FF24A19523B6DA9D2C649446F8788CB96D9FD130972E120C13677730 I.CA Root CA/RSA | |
| - D279C01A12E8DD9A6230E459FAA447CEB336998477338C2EE4135C96737418EB I.CA Root CA/RSA 05/2022 | |
| - F9A17A00E5C294BA9614A715819AF57F3FD48CC413453FBB8A5FC7E97964E2BC I.CA TLS Root CA/RSA 05/2022 | |
| - D3C07AC44BD8FF1975BC62F1C7E9840EA8E188A4BA51133B8C4EFF05E34A2729 QuoVadis Client ECC P384 Root G4 | |
| - 80AC91FA891C79723A61ABC77F86E19905A92DA27E51695CA0C0B66C1C039BF2 QuoVadis Client RSA 4096 Root G4 | |
| - 8A866FD1B276B57E578E921C65828A2BED58E9F2F288054134B7F1F4BFC9CC74 QuoVadis Root CA 1 G3 | |
| - 18F1FC7F205DF8ADDDEB7FE007DD57E3AF375A9C4D8D73546BF4F1FED1E18D35 QuoVadis Root CA 3 | |
| - 771535D43D4633BD307EB7B8A3966B5DF00707C088089920080C1AE6D3CB0F68 QuoVadis Signing ECC P384 Root G4 | |
| - 9F8E6DB31E740285E0C2C2DEB09E442BDD4E74BDEEAE2962BC82D1ECB9F39855 QuoVadis Signing RSA 4096 Root G4 | |
| - 83FDDB2FD9DAE3B21EEBD33CF46251D746F0D6102B683150DD7B98AD8E4BB9F8 QuoVadis SMIME ECC P384 Root G4 | |
| - 5232A304AA4A10CFE6C47842EA3381CB31D619E24F58126D534CD50C5CE7845D QuoVadis SMIME RSA 4096 Root G4 | |
| - 6E1FD3AE0D2D477C8F5EE5F335CC5B6356872654E5356A73D8C0A30A17C252A2 QuoVadis TLS ECC P384 Root G4 | |
| - C8A2D38A24F5AC302D8A08EBD38923D9A750B49220F092E82D1C53249E1533D0 QuoVadis TLS RSA 4096 Root G4 | |
| - 6AB2AB75F51CB4F4F0156203FBF6F646232F514BE059F62833308B82B4D72DB1 SECOM TLS ECC Root CA 2024 | |
| - 1435F225C5D252D7A21948CC3CE62AECFA88001E3DD72D1CC3555100EB372F93 SECOM TLS RSA Root CA 2024 | |
| - E75E72ED9F560EEC6EB4800073A43FC3AD19195A392282017895974A99026B6C Security Communication RootCA1 | |
| - 24A55C2AB051442D0617766541239A4AD032D7C55175AA34FFDE2FBC4F5C5294 Security Communication RootCA3 | |
| - D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4 AAA Certificate Services | |
| - 22D9599234D60F1D4BC7C7E96F43FA555B07301FD475175089DAFB8C25E477B3 Sectigo Public Email Protection Root E46 | |
| - D5917A7791EB7CF20A2E57EB98284A67B28A57E89182DA53D546678C9FDE2B4F Sectigo Public Email Protection Root R46 | |
| - FAD540811AFAE0DC767CDF6572A088FA3CE8493DD82B3B869A67D10AAB4E8124 SI-TRUST Root | |
| - AD7DD58D03AEDB22A30B5084394920CE12230C2D8017AD9B81AB04079BDD026B SSL.com Client ECC Root CA 2022 | |
| - 1D4CA4A2AB21D0093659804FC0EB2175A617279B56A2475245C9517AFEB59153 SSL.com Client RSA Root CA 2022 | |
| - E17DB396AFC136FF1D6DCDA4BB443DA2D817131855BE1C4B6FECEA221036722A SSL.com Code Signing ECC Root CA 2022 | |
| - 253E3CA36E37E867EE68867B997B9EC724DCC3161063AB0393B54F2BB7B6C315 SSL.com Code Signing RSA Root CA 2022 | |
| - 5ECE6AB27131FB58A887E94177D55BD9E51AAA2DED6C081B54A39BE3CB84E1F1 SSL.com Document Signing ECC Root CA 2022 | |
| - E807D49A859ABBC861C72CA907D443AD0FE87EAB9D99B913F2CB5B4AADABE641 SSL.com Document Signing RSA Root CA 2022 | |
| - 6EC6614E9A8EFD47D6318FFDFD0BF65B493A141F77C38D0B319BE1BBBC053DD2 Swiss Government Root CA I | |
| - 193144F431E0FDDB740717D4DE926A571133884B4360D30E272913CBE660CE41 SwissSign RSA TLS Root CA 2022 - 1 | |
| - BE6C4DA2BBB9BA59B6F3939768374246C3C005993FA98F020D1DEDBED48A81D5 SwissSign Silver CA - G2 | |
| - 3A0072D49FFC04E996C59AEB75991D3C340F3615D6FD4DCE90AC0B3D88EAD4F4 TWCA Global Root CA G2 | |
| - BFD88FE1101C41AE3E801BF8BE56350EE9BAD1A6B9BD515EDC5C6D5B8711AC44 TWCA Root Certification Authority | |
| - 2A8DA2F8D23E0CD3B5871ECFB0F42276CA73230667F474EEDE71C5EE32CC3EC6 Thailand National Root Certification Authority - G1 | |
| - 92C4DB06C42A130D663574D7741B7F93C806FD6714DCE890E84B568FAE86E64C TrustFactory Client Root Certificate Authority | |
| - 4200F5043AC8590EBB527D209ED1503029FBCBD41CA1B506EC27F15ADE7DAC69 Secure Global CA | |
| - CECDDC905099D8DADFC5B1D209B737CBE2C18CFB2C10C0FF0BCF0D3286FC1AA2 XRamp Global Certification Authority | |
| - C57A3ACBE8C06BA1988A83485BF326F2448775379849DE01CA43571AF357E74B Visa Information Delivery Root CA | |
| - E6BE68CE06FE0DA0C140F1AEB00B67B636C5EEA9422088929362375CE086DB39 Visa Public ECC Root CA | |
| - 07CD9AA9064A9B94C6AEF8FB784C1BBC1BEDA08ACBE86878D781A39167626CF8 Visa Public RSA Root CA | |
| - 016E1DCD5F78841BBEBBAE9DDEA08C8D7EC54E698E95BB778ECDD1E10D8BF4F9 ZETES TSP ROOT CA 001 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import csv | |
| import io | |
| from bs4 import BeautifulSoup | |
| import cryptography.x509 | |
| from cryptography.x509.oid import NameOID | |
| from cryptography.hazmat.primitives import hashes | |
| import httpx | |
| import hishel | |
| cache_storage = hishel.FileStorage() | |
| cache_transport = hishel.CacheTransport(transport=httpx.HTTPTransport(), storage=cache_storage) | |
| client = httpx.Client(transport=cache_transport) | |
| client.headers["user-agent"] = "dextercd-root-program-report/0.1.0 " + client.headers["user-agent"] | |
| client.follow_redirects = True | |
| # Linked from https://support.apple.com/en-us/103272 | |
| apple_url = "https://support.apple.com/en-us/121672" | |
| mozilla_url = "https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites" | |
| microsoft_url = "https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFTCSV" | |
| chrome_url = "https://chromium.googlesource.com/chromium/src/+/main/net/data/ssl/chrome_root_store/root_store.md" | |
| def apple_report(): | |
| response = client.get(apple_url) | |
| content = BeautifulSoup(response.text) | |
| assert len(content.find_all("table")) == 1 | |
| table = content.find("table") | |
| keys = [th.text for th in table.find_all("th")] | |
| key_replacements = { | |
| "Certificate name": "name", | |
| "Fingerprint (SHA-256)": "sha256", | |
| } | |
| keys = [key_replacements.get(k, k) for k in keys] | |
| items = [] | |
| for row in table.find_all("tr"): | |
| if not row.find("td"): | |
| continue | |
| items.append({key: td.text for key, td in zip(keys, row.find_all("td"))}) | |
| for item in items: | |
| item["sha256"] = item["sha256"].replace(" ", "") | |
| return items | |
| def mozilla_report(): | |
| response = client.get(mozilla_url) | |
| certificates = cryptography.x509.load_pem_x509_certificates(response.read()) | |
| items = [] | |
| for c in certificates: | |
| common_names = c.subject.get_attributes_for_oid(NameOID.COMMON_NAME) | |
| if common_names: | |
| name = common_names[0].value | |
| else: | |
| name = c.subject.rfc4514_string() | |
| items.append({ | |
| "name": name, | |
| "sha256": c.fingerprint(hashes.SHA256()).hex().upper(), | |
| }) | |
| return items | |
| def microsoft_report(): | |
| response = client.get(microsoft_url) | |
| raw_items = list(csv.DictReader(io.StringIO(response.text))) | |
| key_replacements = { | |
| "CA Common Name or Certificate Name": "name", | |
| "SHA-256 Fingerprint": "sha256", | |
| } | |
| items = [] | |
| for ri in raw_items: | |
| if ri["Microsoft Status"] != "Included": | |
| continue | |
| ekus = ri["Microsoft EKUs"] | |
| if "Server Authentication" not in ekus and "Client Authentication" not in ekus: | |
| continue | |
| item = { | |
| repl: ri.get(orig) | |
| for orig, repl in key_replacements.items() | |
| } | |
| item.update(ri) | |
| items.append(item) | |
| return items | |
| def chrome_report(): | |
| response = client.get(chrome_url) | |
| content = BeautifulSoup(response.text) | |
| assert len(content.find_all("table")) == 2 | |
| keys = [th.text for th in content.find("table").find_all("th")] | |
| key_replacements = { | |
| "Subject": "name", | |
| "SHA 256 Hash": "sha256", | |
| } | |
| keys = [key_replacements.get(k, k) for k in keys] | |
| items = [] | |
| for table in content.find_all("table"): | |
| for row in table.find_all("tr"): | |
| if not row.find("td"): | |
| continue | |
| items.append({key: td.text for key, td in zip(keys, row.find_all("td"))}) | |
| for item in items: | |
| item["sha256"] = item["sha256"].upper() | |
| return items | |
| stores = { | |
| "Apple": apple_report(), | |
| "Mozilla": mozilla_report(), | |
| "Microsoft": microsoft_report(), | |
| "Chrome": chrome_report() | |
| } | |
| for store, items in stores.items(): | |
| print(f"{store} has {len(items)} certificates.") | |
| print() | |
| def report_difference(different_from): | |
| from_shas = set(item["sha256"] for item in stores[different_from]) | |
| for store, items in stores.items(): | |
| if store == different_from: | |
| continue | |
| print(f"Certificates in {store} that are not in Chrome:") | |
| for item in items: | |
| if item["sha256"] not in from_shas: | |
| print(f" - {item['sha256']} {item['name']}") | |
| print() | |
| print() | |
| report_difference("Chrome") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment