evroot.config   [plain text]


# ------------------------------------------------------------------------------
# Extended Validation CA Policy OIDs
# Last updated: 20 Oct 2008
#
# Each uncommented non-empty line contains a mapping from a CA-defined EV OID
# to the certificate file(s) in ./roots which are authoritative for that OID.
# These lines are processed by the buildEVRoots script to generate the plist.
#

# AffirmTrust
# source: <rdar://problem/7824821>
# confirmed by http://www.affirmtrust.com/repo/AffirmTrust_CPS_v1-0_2-22-2010.pdf
#
# (1.3.6.1.4.1.34697.2.1) = 
#
# roots: AffirmTrust-root-1.der, AffirmTrust-root-3.der, AffirmTrust-root-3.der, AffirmTrust-root-4.der
#
1.3.6.1.4.1.34697.2.1 "AffirmTrust-root-1.der" "AffirmTrust-root-2.der" "AffirmTrust-root-3.der" "AffirmTrust-root-4.der"
1.3.6.1.4.1.34697.2.2 "AffirmTrust-root-1.der" "AffirmTrust-root-2.der" "AffirmTrust-root-3.der" "AffirmTrust-root-4.der"
1.3.6.1.4.1.34697.2.3 "AffirmTrust-root-1.der" "AffirmTrust-root-2.der" "AffirmTrust-root-3.der" "AffirmTrust-root-4.der"
1.3.6.1.4.1.34697.2.4 "AffirmTrust-root-1.der" "AffirmTrust-root-2.der" "AffirmTrust-root-3.der" "AffirmTrust-root-4.der"

# Buypass (Norway)
# source: <sonr://Request/66633590>
# confirmed by https://cert.webtrust.org/ViewSeal?id=848
# confirmed by http://www.buypass.no/Bedrift/Produkter+og+tjenester/SSL/SSL%20dokumentasjon
#
# (2.16.578.1.26.1.3.3) = 
#
# root: Buypass Class 3 CA 1
#
2.16.578.1.26.1.3.3 "BuypassClass3CA1.cer"

# Certum (Unizeto) (Poland)
# source: <sonr://request/95347392>
# source: <rdar://problem/7656178>
#
# ( 1 2 616 1 113527 2 5 1 1 ) =
#
# root: Certum Trusted Network CA
# root: Certum CA
#
1.2.616.1.113527.2.5.1.1 "Unizeto-CertumCA.cer" "Poland-Certum-CTNCA.der"

# Comodo
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <http://www.comodo.com/repository/EV_CPS_120806.pdf>
#
# (1.3.6.1.4.1.6449.1.2.1.5.1) = 060C2B06010401B2310102010501
#
# root: COMODO Certification Authority
# subordinate CA of: Add Trust External CA Root
#
1.3.6.1.4.1.6449.1.2.1.5.1 "COMODOCertificationAuthority.crt" "AddTrust External CA Root.crt"

# Cybertrust (aka Verizon Business)
# source: <http://en.wikipedia.org/wiki/Extended_Validation_Certificate>
# confirmed by <http://cybertrust.omniroot.com/repository.cfm>
#
# (1.3.6.1.4.1.6334.1.100.1) = 060A2B06010401B13E016401
#
# root: GTE Cybertrust Global Root
# root: Baltimore Cybertrust Root
#
1.3.6.1.4.1.6334.1.100.1 "BTCTRT.cer" "GTEGB18.cer"

# DigiCert
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <https://www.digicert.com/>
# confirmed by <http://www.digicert.com/CPS_V3-0-3_3-15-2007.pdf>
#
# (2.16.840.1.114412.2.1) = 06096086480186FD6C0201  // EV CA-1
# (2.16.840.1.114412.1.3.0.2) = 060B6086480186FD6C01030002  // EV CA-2
#
# root: DigiCert High Assurance EV Root CA
# subordinate CA of: Entrust.net Secure Server Certification Authority
#
2.16.840.1.114412.2.1 "DigiCertHighAssuranceEVRootCA.crt" "EntrustRootCA1024.crt"
2.16.840.1.114412.1.3.0.2 "DigiCertHighAssuranceEVRootCA.crt" "EntrustRootCA1024.crt"

# DigiNotar
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <https://www.diginotar.com/>
#
# (2.16.528.1.1001.1.1.1.12.6.1.1.1) = 060E6084100187690101010C06010101
#
# root: DigiNotar Root CA
#
2.16.528.1.1001.1.1.1.12.6.1.1.1 "DigiNotarRootCA2007.crt"

# Entrust
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <http://www.entrust.net/CPS/pdf/webcps051404.pdf>
#
# (2.16.840.1.114028.10.1.2) = 060A6086480186FA6C0A0102
#
# root: Entrust.net Secure Server Certification Authority
# root: Entrust Root Certification Authority
#
2.16.840.1.114028.10.1.2 "EntrustRootCA1024.crt" "EntrustEVRoot.crt"

# GeoTrust
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <http://www.geotrust.com/resources/cps/pdfs/GeoTrustCPS-Version1.pdf>
#
# (1.3.6.1.4.1.14370.1.6) = 06092B06010401F0220106
#
# root: GeoTrust Primary Certification Authority
# subordinate CA of: Equifax Secure Certificate Authority
#
1.3.6.1.4.1.14370.1.6 "geotrust-primary-ca.crt" "Equifax_Secure_Certificate_Auth"

# GlobalSign
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <https://www.globalsign.com/>
#
# (1.3.6.1.4.1.4146.1.1) = 06092B06010401A0320101
#
# root: GlobalSign Root CA - R3
# root: GlobalSign Root CA - R2
# root: GlobalSign Root CA
#
1.3.6.1.4.1.4146.1.1 "GlobalSignRootCA-R2.cer" "globalSignRoot.cer" "GlobalSign-Root-R3.der"

# Go Daddy (aka Starfield Technologies)
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <https://certs.starfieldtech.com/repository/StarfieldCP-CPS.pdf>
#
# (2.16.840.1.114413.1.7.23.3) = 060B6086480186FD6D01071703
# (2.16.840.1.114414.1.7.23.3) = 060B6086480186FD6E01071703
#
# root: Go Daddy Class 2 Certification Authority (for 114413)
# root: Starfield Class 2 Certificate Authority (for 114414)
# root: Starfield Root Certificate Authority - G2 (for 114414)
# root: Starfield Services Root Certificate Authority - G2 (for 114414)
# subordinate CA of: Valicert Class 2 Policy Validation Authority (both)
#
2.16.840.1.114413.1.7.23.3 "GD-Class2-root.crt" "ValiCertClass2PVA.cer" "GoDaddyRootCertificateAuthorityG2.der"
2.16.840.1.114414.1.7.23.3 "SF-Class2-root.crt" "ValiCertClass2PVA.cer" "StarfieldRootCertificateAuthorityG2.der"
2.16.840.1.114414.1.7.24.3 "StarfieldServicesRootCertificateAuthorityG2.der"

# Izenpe
# source: <sonr://Request/74637008>
# source: <sonr://Request/84249406>
# confirmed by <https://servicios.izenpe.com/jsp/descarga_ca/s27descarga_ca_c.jsp>
#
# (1.3.6.1.4.1.14777.6.1.1) =
# (1.3.6.1.4.1.14777.6.1.2) =
#
# root: Izenpe.com
# root: Izenpe.com/emailAddress=Info@izenpe.com
#
1.3.6.1.4.1.14777.6.1.1 "Izenpe-RAIZ2007.crt" "Izenpe-ca_raiz2003.crt"
1.3.6.1.4.1.14777.6.1.2 "Izenpe-RAIZ2007.crt" "Izenpe-ca_raiz2003.crt"

# KEYNECTIS (aka Certplus)
# source: <sonr://request/76327342>
# confirmed by <https://www.keynectis.com/fr/accueil.html>
#
# (1.3.6.1.4.1.22234.2.5.2.3.1) =
#
# root: Class 2 Primary CA
#
1.3.6.1.4.1.22234.2.5.2.3.1 "certplus_class2.der"

# Network Solutions
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <https://www.networksolutions.com/legal/SSL-legal-repository-ev-cps.jsp>
#
# (1.3.6.1.4.1.782.1.2.1.8.1) = 060C2B06010401860E0102010801
#
# root: Network Solutions Certificate Authority
# subordinate CA of: AddTrust External CA Root
#
1.3.6.1.4.1.782.1.2.1.8.1 "NetworkSolutionsEVRoot.crt" "AddTrust External CA Root.crt"

# QuoVadis
# source: <http://www.mozilla.org/projects/security/certs/included/>
# confirmed by <http://www.quovadisglobal.bm/Repository.aspx>
#
# (1.3.6.1.4.1.8024.0.2.100.1.2) = 060C2B06010401BE580002640102
#
# root: QuoVadis Root Certification Authority
# root: QuoVadis Root CA 2
#
1.3.6.1.4.1.8024.0.2.100.1.2 "qvrca.crt" "qvrca2.crt"

# Secom (aka SECOM Trust Systems Co., Ltd.)
# source: <https://repository.secomtrust.net/SC-Root1/>
#
# (1.2.392.200091.100.721.1) = ...
#
# root: Security Communication RootCA1
#
1.2.392.200091.100.721.1 "SCRoot1ca.cer" "SECOM-EVRoot1ca.cer" "SECOM-RootCA2.cer"

# StartCom
# source: <http://www.mozilla.org/projects/security/certs/included/#StartCom>
# confirmed by <https://www.startssl.com/certs/>, <https://www.startssl.com/policy.pdf>
#
# (1.3.6.1.4.1.23223.2) =
# (1.3.6.1.4.1.23223.1.1.1) =
#
# root: StartCom Certification Authority
#
1.3.6.1.4.1.23223.2 "startcom-sfsca.der"
1.3.6.1.4.1.23223.1.1.1 "startcom-sfsca.der"

# SwissSign
# source: <https://swisssign.com/english/download-document/20-swisssign-gold-ca-g2.html>
# repository: https://swisssign.com/english/gold/view-category.html
#
# (2.16.756.1.89.1.2.1.1) = ...
#
# root: SwissSign Gold CA - G2
#
2.16.756.1.89.1.2.1.1 "SwissSign-Gold_G2.der"

# TrustCenter (DE)
# source: <sonr://Request/87508085>
#
# (1.2.276.0.44.1.1.1.4) = ...
#
# root: TC TrustCenter Universal CA III
#
1.2.276.0.44.1.1.1.4 "trustCenter-root-5.der"

# Trustwave (aka SecureTrust, formerly XRamp)
# source: <http://www.mozilla.org/projects/security/certs/included/>
#
# (2.16.840.1.114404.1.1.2.4.1) = 060C6086480186FD640101020401
#
# root: SecureTrust CA
# root: Secure Global CA
# root: XRamp Global CA
# subordinate CA of: Entrust.net Secure Server Certification Authority
#
2.16.840.1.114404.1.1.2.4.1 "Trustwave-STCA.der" "Trustwave-SGCA.der" "XGCA.crt" "EntrustRootCA1024.crt"

# Thawte
# source: <http://www.mozilla.org/projects/security/certs/included/>
#
# (2.16.840.1.113733.1.7.48.1) = 060B6086480186F84501073001
#
# root: thawte Primary Root CA
# subordinate CA of: Thawte Premium Server CA
#
2.16.840.1.113733.1.7.48.1 "thawte-primary-root-ca.crt" "serverpremium.crt"

# VeriSign
# source: <http://www.mozilla.org/projects/security/certs/included/>
#
# (2.16.840.1.113733.1.7.23.6) = 060B6086480186F84501071706
#
# root: VeriSign Class 3 Public Primary Certification Authority - G5
# subordinate CA of: Class 3 Public Primary Certification Authority
#
2.16.840.1.113733.1.7.23.6 "VeriSignC3PublicPrimaryCA-G5.cer" "PCA3ss_v4.509"

# Wells Fargo
# source: <sonr://request/72493272>
# confirmed by <https://www.wellsfargo.com/com/cp>
#
# (2.16.840.1.114171.500.9) =
#
# root: WellsSecure Public Root Certificate Authority
#
2.16.840.1.114171.500.9 "WellsSecurePRCA.der"

# ------------------------------------------------------------------------------