From stolz@i2.informatik.rwth-aachen.de  Mon Feb 13 10:32:07 2006
Return-Path: <stolz@i2.informatik.rwth-aachen.de>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD1B416A420
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Feb 2006 10:32:07 +0000 (GMT)
	(envelope-from stolz@i2.informatik.rwth-aachen.de)
Received: from atlas.informatik.rwth-aachen.de (atlas.informatik.RWTH-Aachen.DE [137.226.194.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C64FA43D49
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Feb 2006 10:32:05 +0000 (GMT)
	(envelope-from stolz@i2.informatik.rwth-aachen.de)
Received: from i2.informatik.rwth-aachen.de (menelaos.informatik.RWTH-Aachen.DE [137.226.194.73])
	by atlas.informatik.rwth-aachen.de (8.12.10/8.12.10/SuSE Linux 0.7) with ESMTP id k1DAW4sY005194
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Feb 2006 11:32:04 +0100
Received: (from stolz@localhost)
	by i2.informatik.rwth-aachen.de (8.13.1/8.13.1/Submit) id k1DAW4n3032551;
	Mon, 13 Feb 2006 11:32:04 +0100 (CET)
	(envelope-from stolz)
Message-Id: <200602131032.k1DAW4n3032551@i2.informatik.rwth-aachen.de>
Date: Mon, 13 Feb 2006 11:32:04 +0100 (CET)
From: Volker Stolz <vs@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] security/ca-roots: Update expired certs
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         93276
>Category:       ports
>Synopsis:       [patch] security/ca-roots: Update expired certs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    secteam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 13 10:40:04 GMT 2006
>Closed-Date:    Mon Aug 13 19:07:19 GMT 2007
>Last-Modified:  Mon Aug 13 19:07:19 GMT 2007
>Originator:     Volker Stolz
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
Lehrstuhl fr Informatik II; RWTH Aachen (c) Universitt
>Environment:
System: FreeBSD menelaos.informatik.rwth-aachen.de 4.11-STABLE FreeBSD 4.11-STABLE #23: Fri Jan 14 09:26:11 CET 2005 root@menelaos.informatik.rwth-aachen.de:/usr/obj/usr/src/sys/MENELAOS i386


>Description:
The following patch removes expired certificates for TrustCenter, Germany, and
adds new ones which will be valid until 2011 (go figure...).
I didn't update the class 0 CA-cert, since this is for demonstration purposes only.
Disclaimer: I'm a private customer of TrustCenter.
>How-To-Repeat:
>Fix:
--- caroot.diff begins here ---
Index: Makefile
===================================================================
RCS file: /usr/freebsdcvs/cvs-ports/ports/security/ca-roots/Makefile,v
retrieving revision 1.6
diff -u -u -r1.6 Makefile
--- Makefile	26 Nov 2005 14:46:50 -0000	1.6
+++ Makefile	13 Feb 2006 10:24:37 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	ca-roots
-PORTVERSION=	1.1
+PORTVERSION=	1.2
 CATEGORIES=	security
 DISTFILES=	# none
 
Index: files/ca-root.crt
===================================================================
RCS file: /usr/freebsdcvs/cvs-ports/ports/security/ca-roots/files/ca-root.crt,v
retrieving revision 1.3
diff -u -u -r1.3 ca-root.crt
--- files/ca-root.crt	26 Nov 2005 14:46:50 -0000	1.3
+++ files/ca-root.crt	13 Feb 2006 10:23:38 -0000
@@ -2577,386 +2577,6 @@
         ec:b9:94:6a:aa:12:4f:1a:dd:f5:77:b5:25:8c:f2:8a:0a:f1:
         fc:52:5b:58
 
-TC TrustCenter, Germany, Class 0 CA
-===================================
-MD5 Fingerprint: 35:85:49:8E:6E:57:FE:BD:97:F1:C9:46:23:3A:B6:7D
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDAgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTQ0OFoX
-DTA1MTIzMTEzNTQ0OFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAwIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA333mvr/V
-8C9tTg7R4I0LfztU6IrisJ8oxYrGubMzJ/UnyhpMVBJrtLJGsx1Ls/QhC0sCLqHC
-NJyFoMR4EdvbaycrCSoYTkDMn3EZZ5l0onw/wdiLI8hjO4ohq1zeHvSN3LQYwwVz
-9Gq0ofoBCCsBD203W6o4hmc51+Vf+uR+zKMCAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAw
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQBNB39fCTAZ
-kqoFR3qUdVQqrs/82AxC4UU4KySVssqHynnEw5eQXmIYxsk4YUxoNdNMFBHrxM2h
-qdjFnmgnMgc1RQT4XyGgYB4cAEgEWNLFy65tMm49d5WMhcflrlCddUp7/wsneepN
-pFn/7FrqJqU5g6TReM6nqX683SvKEpMDSg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:54:48 1998 GMT
-            Not After : Dec 31 13:54:48 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:df:7d:e6:be:bf:d5:f0:2f:6d:4e:0e:d1:e0:8d:
-                    0b:7f:3b:54:e8:8a:e2:b0:9f:28:c5:8a:c6:b9:b3:
-                    33:27:f5:27:ca:1a:4c:54:12:6b:b4:b2:46:b3:1d:
-                    4b:b3:f4:21:0b:4b:02:2e:a1:c2:34:9c:85:a0:c4:
-                    78:11:db:db:6b:27:2b:09:2a:18:4e:40:cc:9f:71:
-                    19:67:99:74:a2:7c:3f:c1:d8:8b:23:c8:63:3b:8a:
-                    21:ab:5c:de:1e:f4:8d:dc:b4:18:c3:05:73:f4:6a:
-                    b4:a1:fa:01:08:2b:01:0f:6d:37:5b:aa:38:86:67:
-                    39:d7:e5:5f:fa:e4:7e:cc:a3
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 0 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        4d:07:7f:5f:09:30:19:92:aa:05:47:7a:94:75:54:2a:ae:cf:
-        fc:d8:0c:42:e1:45:38:2b:24:95:b2:ca:87:ca:79:c4:c3:97:
-        90:5e:62:18:c6:c9:38:61:4c:68:35:d3:4c:14:11:eb:c4:cd:
-        a1:a9:d8:c5:9e:68:27:32:07:35:45:04:f8:5f:21:a0:60:1e:
-        1c:00:48:04:58:d2:c5:cb:ae:6d:32:6e:3d:77:95:8c:85:c7:
-        e5:ae:50:9d:75:4a:7b:ff:0b:27:79:ea:4d:a4:59:ff:ec:5a:
-        ea:26:a5:39:83:a4:d1:78:ce:a7:a9:7e:bc:dd:2b:ca:12:93:
-        03:4a
-
-TC TrustCenter, Germany, Class 1 CA
-===================================
-MD5 Fingerprint: 64:3F:F8:3E:52:14:4A:59:BA:93:56:04:0B:23:02:D1
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTYzM1oX
-DTA1MTIzMTEzNTYzM1owgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCnrtHaz
-rte2W7Re573jsZxJBFdboavZfxMb/bphq9jncd8tAJRdUUh9I+91YoSQPAofWRF0
-L46Apf0wAj0pUs1yGkkhnLzLUo5IoWOWyBCFMGlXdEXAWobG1T3gaFd9MWokjUWX
-PjF+aGYybiRt7DI2yUHK8DFEyKNhyhugNh8CAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAx
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQAFQlImpAwn
-AUSsXCUowkRCVAi5HcU+bFlmxLNOUKf4+JZ1oZZ16BY4oM1dbvp5pxt7HR7DALlm
-vlrWYg/n8nu470zgwD9Zrjm3hAmeq/GpLmtp4q3M8up4CQUgOEJxGH7Hspfm1QIF
-BlajX/GqwsRP/vfvFg+d7KqFzz0pJPEEzQ==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:56:33 1998 GMT
-            Not After : Dec 31 13:56:33 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd:
-                    e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba:
-                    61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef:
-                    75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd:
-                    30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e:
-                    48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86:
-                    c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31:
-                    7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31:
-                    44:c8:a3:61:ca:1b:a0:36:1f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 1 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        05:42:52:26:a4:0c:27:01:44:ac:5c:25:28:c2:44:42:54:08:
-        b9:1d:c5:3e:6c:59:66:c4:b3:4e:50:a7:f8:f8:96:75:a1:96:
-        75:e8:16:38:a0:cd:5d:6e:fa:79:a7:1b:7b:1d:1e:c3:00:b9:
-        66:be:5a:d6:62:0f:e7:f2:7b:b8:ef:4c:e0:c0:3f:59:ae:39:
-        b7:84:09:9e:ab:f1:a9:2e:6b:69:e2:ad:cc:f2:ea:78:09:05:
-        20:38:42:71:18:7e:c7:b2:97:e6:d5:02:05:06:56:a3:5f:f1:
-        aa:c2:c4:4f:fe:f7:ef:16:0f:9d:ec:aa:85:cf:3d:29:24:f1:
-        04:cd
-
-TC TrustCenter, Germany, Class 2 CA
-===================================
-MD5 Fingerprint: E1:E9:96:53:77:E1:F0:38:A0:02:AB:94:C6:95:7B:FC
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTc0NFoX
-DTA1MTIzMTEzNTc0NFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2jjo7TIA
-KXGDAQ2/jAHc2satOaSpii/Vi1xoX1DGYvVmvcqRIuyqHVHXPbNRsoNOXctJsPBM
-VeVrLceFCzAckk6C1MoC7fdvvtzg4xS4BVPymvRWi1qehZPRtIJWrk27qEtXFrz+
-+Fie+CmNsHvNeMlPrItnDPGc+/xXm1dcTw0CAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAy
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCJG/Tv6Tji
-bAz2zW9JzinM+6YP+Y0+lUbW/EcyibLIBmF60ucNEwKUC9mLVkf0u+fFX3v0Y0yu
-fDTqDaKpsyyF8+P+J1QQkrCPksGYQhhwSNtOLOsNJGjk0fe+Cakph7vo2tw+o4hC
-MfXR43+u2I4AWnSYsE/G/yN7XHMAeMnbTg==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 3 (0x3)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:57:44 1998 GMT
-            Not After : Dec 31 13:57:44 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
-                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
-                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
-                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
-                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
-                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
-                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
-                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
-                    9c:fb:fc:57:9b:57:5c:4f:0d
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 2 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        89:1b:f4:ef:e9:38:e2:6c:0c:f6:cd:6f:49:ce:29:cc:fb:a6:
-        0f:f9:8d:3e:95:46:d6:fc:47:32:89:b2:c8:06:61:7a:d2:e7:
-        0d:13:02:94:0b:d9:8b:56:47:f4:bb:e7:c5:5f:7b:f4:63:4c:
-        ae:7c:34:ea:0d:a2:a9:b3:2c:85:f3:e3:fe:27:54:10:92:b0:
-        8f:92:c1:98:42:18:70:48:db:4e:2c:eb:0d:24:68:e4:d1:f7:
-        be:09:a9:29:87:bb:e8:da:dc:3e:a3:88:42:31:f5:d1:e3:7f:
-        ae:d8:8e:00:5a:74:98:b0:4f:c6:ff:23:7b:5c:73:00:78:c9:
-        db:4e
-
-TC TrustCenter, Germany, Class 3 CA
-===================================
-MD5 Fingerprint: 62:AB:B6:15:4A:B4:B0:16:77:FF:AE:CF:16:16:2B:8C
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTg0OVoX
-DTA1MTIzMTEzNTg0OVowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrTBNQUu
-DY3soEBqHA4nplCSa1AbB94u53bM4Nr8hKhejGNqK03ZTgJ2EcEL8o15ygC28bAO
-1/ukFz2vq2l6lie/rzOhmipZqsS1NwjyEqUxtkP1MpZxKCirjSiG37vu4wx9MNbD
-UquPXSeca8Cj5wVrV0lEs27qZM/SjnpQd3cCAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAz
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCEhlBieaAn
-4SW6CbE0DxMJ7S3Ko+aV+TCszRelzj2Xnex8jyZ/wGHKIveR3Tw2WZqbdfe85Mjt
-7AK2IqfzLPHIknhttu7FKOyAIE+5awjnL6eGHn2xCJ9UuQA3PKDYGsiWHPQyFJw5
-lbfu8ENJwl7oy3lvU7/7SYos2EvZVfIScA==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 4 (0x4)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 13:58:49 1998 GMT
-            Not After : Dec 31 13:58:49 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
-                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
-                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
-                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
-                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
-                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
-                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
-                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
-                    ea:64:cf:d2:8e:7a:50:77:77
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 3 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        84:86:50:62:79:a0:27:e1:25:ba:09:b1:34:0f:13:09:ed:2d:
-        ca:a3:e6:95:f9:30:ac:cd:17:a5:ce:3d:97:9d:ec:7c:8f:26:
-        7f:c0:61:ca:22:f7:91:dd:3c:36:59:9a:9b:75:f7:bc:e4:c8:
-        ed:ec:02:b6:22:a7:f3:2c:f1:c8:92:78:6d:b6:ee:c5:28:ec:
-        80:20:4f:b9:6b:08:e7:2f:a7:86:1e:7d:b1:08:9f:54:b9:00:
-        37:3c:a0:d8:1a:c8:96:1c:f4:32:14:9c:39:95:b7:ee:f0:43:
-        49:c2:5e:e8:cb:79:6f:53:bf:fb:49:8a:2c:d8:4b:d9:55:f2:
-        12:70
-
-TC TrustCenter, Germany, Class 4 CA
-===================================
-MD5 Fingerprint: BF:AF:EC:C4:DA:F9:30:F9:CA:35:CA:25:E4:3F:8D:89
-PEM Data:
------BEGIN CERTIFICATE-----
-MIIENTCCA56gAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
-EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
-IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
-IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDQgQ0ExKTAnBgkqhkiG9w0B
-CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTE0MDAyMFoX
-DTA1MTIzMTE0MDAyMFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
-MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
-U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
-dENlbnRlciBDbGFzcyA0IENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
-cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvy9j1jZ7
-sg3TVfVkbOYlXca0yBS6JTiD61ZipVWpZaP0I5nCS7nQzVRnpqOgo6kzK3bkva13
-su1cEnTDxbYPUppyk0OQYmYVD0Wl3eDduG9AblfBeXKjYKq6dh0SiVNa/AK+4QkT
-xUov3D2LGa3XiyRF+0z0zVw1HSlMUfPybFUCAwEAAaOCAUMwggE/MEAGCWCGSAGG
-+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
-LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
-ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
-czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
-AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
-bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyA0
-IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCUaBQbJZ4p
-mbGyI9JEs5Wf0Z5VBN3jL4IzVZZ3GZ0rnmUc+orjx48l/LEeVUYPj/9PNy+kdlmm
-ZOvVFnC93ZUzDKQNJOtkULRDEfJDvg1xmCLsAa/s98dcccN1kVgZ6N2g9LTxvBBK
-85O0Bkm7H2bSvXRH4Zr569erbR+64R0s2g==
------END CERTIFICATE-----
-Certificate Ingredients:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 5 (0x5)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de
-        Validity
-            Not Before: Mar  9 14:00:20 1998 GMT
-            Not After : Dec 31 14:00:20 2005 GMT
-        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:bf:2f:63:d6:36:7b:b2:0d:d3:55:f5:64:6c:e6:
-                    25:5d:c6:b4:c8:14:ba:25:38:83:eb:56:62:a5:55:
-                    a9:65:a3:f4:23:99:c2:4b:b9:d0:cd:54:67:a6:a3:
-                    a0:a3:a9:33:2b:76:e4:bd:ad:77:b2:ed:5c:12:74:
-                    c3:c5:b6:0f:52:9a:72:93:43:90:62:66:15:0f:45:
-                    a5:dd:e0:dd:b8:6f:40:6e:57:c1:79:72:a3:60:aa:
-                    ba:76:1d:12:89:53:5a:fc:02:be:e1:09:13:c5:4a:
-                    2f:dc:3d:8b:19:ad:d7:8b:24:45:fb:4c:f4:cd:5c:
-                    35:1d:29:4c:51:f3:f2:6c:55
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            Netscape Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape CA Revocation Url: 
-                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
-            Netscape Renewal Url: 
-                https://www.trustcenter.de/cgi-bin/Renew.cgi?
-            Netscape CA Policy Url: 
-                http://www.trustcenter.de/guidelines/index.html
-            Netscape Comment: 
-                TC TrustCenter Class 4 CA
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-    Signature Algorithm: md5WithRSAEncryption
-        94:68:14:1b:25:9e:29:99:b1:b2:23:d2:44:b3:95:9f:d1:9e:
-        55:04:dd:e3:2f:82:33:55:96:77:19:9d:2b:9e:65:1c:fa:8a:
-        e3:c7:8f:25:fc:b1:1e:55:46:0f:8f:ff:4f:37:2f:a4:76:59:
-        a6:64:eb:d5:16:70:bd:dd:95:33:0c:a4:0d:24:eb:64:50:b4:
-        43:11:f2:43:be:0d:71:98:22:ec:01:af:ec:f7:c7:5c:71:c3:
-        75:91:58:19:e8:dd:a0:f4:b4:f1:bc:10:4a:f3:93:b4:06:49:
-        bb:1f:66:d2:bd:74:47:e1:9a:f9:eb:d7:ab:6d:1f:ba:e1:1d:
-        2c:da
-
 Thawte Personal Basic CA
 ========================
 MD5 Fingerprint: E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
@@ -4735,3 +4355,271 @@
         4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
         16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
         f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+
+TC TrustCenter, Germany, Class 1 CA
+=============================
+MD5 Fingerprint=8D:26:FF:2F:31:6D:59:29:DD:E6:36:A7:E2:CE:64:25
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+kwDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMSBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALAp67R2
+s67Xtlu0Xue947GcSQRXW6Gr2X8TG/26YavY53HfLQCUXVFIfSPvdWKEkDwKH1kR
+dC+OgKX9MAI9KVLNchpJIZy8y1KOSKFjlsgQhTBpV3RFwFqGxtU94GhXfTFqJI1F
+lz4xfmhmMm4kbewyNslByvAxRMijYcoboDYfAgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBAE+ZWYXIZFaCxW892EYJLzxRwadwWIGSEur01BYAll5y
+KOfWNl8anK8fwoMatAVVmaZYXDco8lce612/sdNFD3IcA9IAxyxV2v5fiXaL4tR3
+9U0JF6/EuqswK0+4HerZ/1nwUHRGul7qNrDrknsPWNoy4VK9IzcP9fMASq6wXt5u
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1001 (0x3e9)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/emailAddress=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 11:59:59 1998 GMT
+            Not After : Jan  1 11:59:59 2011 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/emailAddress=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd:
+                    e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba:
+                    61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef:
+                    75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd:
+                    30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e:
+                    48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86:
+                    c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31:
+                    7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31:
+                    44:c8:a3:61:ca:1b:a0:36:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            Netscape CA Policy Url:
+                http://www.trustcenter.de/guidelines
+            Netscape Cert Type:
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        4f:99:59:85:c8:64:56:82:c5:6f:3d:d8:46:09:2f:3c:51:c1:
+        a7:70:58:81:92:12:ea:f4:d4:16:00:96:5e:72:28:e7:d6:36:
+        5f:1a:9c:af:1f:c2:83:1a:b4:05:55:99:a6:58:5c:37:28:f2:
+        57:1e:eb:5d:bf:b1:d3:45:0f:72:1c:03:d2:00:c7:2c:55:da:
+        fe:5f:89:76:8b:e2:d4:77:f5:4d:09:17:af:c4:ba:ab:30:2b:
+        4f:b8:1d:ea:d9:ff:59:f0:50:74:46:ba:5e:ea:36:b0:eb:92:
+        7b:0f:58:da:32:e1:52:bd:23:37:0f:f5:f3:00:4a:ae:b0:5e:
+        de:6e
+
+TC TrustCenter, Germany, Class 2 CA
+=============================
+MD5 Fingerprint=B8:16:33:4C:4C:4C:F2:D8:D3:4D:06:B4:A6:5B:40:03
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y
+AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw
+TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8
+/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/
+jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms
+Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1002 (0x3ea)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 11:59:59 1998 GMT
+            Not After : Jan  1 11:59:59 2011 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
+                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
+                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
+                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
+                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
+                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
+                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
+                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
+                    9c:fb:fc:57:9b:57:5c:4f:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            Netscape CA Policy Url:
+                http://www.trustcenter.de/guidelines
+            Netscape Cert Type:
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        84:52:fb:28:df:ff:1f:75:01:bc:01:be:04:56:97:6a:74:42:
+        24:31:83:f9:46:b1:06:8a:89:cf:96:2c:33:bf:8c:b5:5f:7a:
+        72:a1:85:06:ce:86:f8:05:8e:e8:f9:25:ca:da:83:8c:06:ac:
+        eb:36:6d:85:91:34:04:36:f4:42:f0:f8:79:2e:0a:48:5c:ab:
+        cc:51:4f:78:76:a0:d9:ac:19:bd:2a:d1:69:04:28:91:ca:36:
+        10:27:80:57:5b:d2:5c:f5:c2:5b:ab:64:81:63:74:51:f4:97:
+        bf:cd:12:28:f7:4d:66:7f:a7:f0:1c:01:26:78:b2:66:47:70:
+        51:64
+
+TC TrustCenter, Germany, Class 3 CA
+=============================
+MD5 Fingerprint=5F:94:4A:73:22:B8:F7:D1:31:EC:59:39:F7:8E:FE:6E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUF
+Lg2N7KBAahwOJ6ZQkmtQGwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGw
+Dtf7pBc9r6tpepYnv68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDW
+w1Krj10nnGvAo+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4iJIE
+Tb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yCGdHHsbHD
+2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQSCdS7kjXvD9s0
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1003 (0x3eb)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 11:59:59 1998 GMT
+            Not After : Jan  1 11:59:59 2011 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
+                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
+                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
+                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
+                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
+                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
+                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
+                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
+                    ea:64:cf:d2:8e:7a:50:77:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            Netscape CA Policy Url:
+                http://www.trustcenter.de/guidelines
+            Netscape Cert Type:
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        16:3d:c6:cd:c1:bb:85:71:85:46:9f:3e:20:8f:51:28:99:ec:
+        2d:45:21:63:23:5b:04:bb:4c:90:b8:88:92:04:4d:bd:7d:01:
+        a3:3f:f6:ec:ce:f1:de:fe:7d:e5:e1:3e:bb:c6:ab:5e:0b:dd:
+        3d:96:c4:cb:a9:d4:f9:26:e6:06:4e:9e:0c:a5:7a:ba:6e:c3:
+        7c:82:19:d1:c7:b1:b1:c3:db:0d:8e:9b:40:7c:37:0b:f1:5d:
+        e8:fd:1f:90:88:a5:0e:4e:37:64:21:a8:4e:8d:b4:9f:f1:de:
+        48:ad:d5:56:18:52:29:8b:47:34:12:09:d4:bb:92:35:ef:0f:
+        db:34
+
+TC TrustCenter, Germany, Class 4 CA
+=============================
+MD5 Fingerprint=0E:FA:4B:F7:D7:60:CD:65:F7:A7:06:88:57:98:62:39
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgICA+wwDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU
+QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI
+MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyA0IENBMSkwJwYJKoZIhvcN
+AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla
+Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy
+ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y
+IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1
+c3RDZW50ZXIgQ2xhc3MgNCBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA
+dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL8vY9Y2
+e7IN01X1ZGzmJV3GtMgUuiU4g+tWYqVVqWWj9COZwku50M1UZ6ajoKOpMyt25L2t
+d7LtXBJ0w8W2D1KacpNDkGJmFQ9Fpd3g3bhvQG5XwXlyo2CqunYdEolTWvwCvuEJ
+E8VKL9w9ixmt14skRftM9M1cNR0pTFHz8mxVAgMBAAGjazBpMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3
+LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G
+CSqGSIb3DQEBBAUAA4GBAHIR5ZVBRTK6HPiAFPtmt+uums51g1HAroq7F9Eo53Yf
+E8YrRnGmFXcEmedespEkbwMMc+cjnnbKvgzFy8SQGPxtOm7gVoAbw9+MNhNH+WXB
+g1LVXFy92UJm4TUhaBIQpGCQPj+B6MOMobAVBFrO6yxUVkv5BHktneqMWS+teb1I
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1004 (0x3ec)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/emailAddress=certificate@trustcenter.de
+        Validity
+            Not Before: Mar  9 11:59:59 1998 GMT
+            Not After : Jan  1 11:59:59 2011 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/emailAddress=certificate@trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:2f:63:d6:36:7b:b2:0d:d3:55:f5:64:6c:e6:
+                    25:5d:c6:b4:c8:14:ba:25:38:83:eb:56:62:a5:55:
+                    a9:65:a3:f4:23:99:c2:4b:b9:d0:cd:54:67:a6:a3:
+                    a0:a3:a9:33:2b:76:e4:bd:ad:77:b2:ed:5c:12:74:
+                    c3:c5:b6:0f:52:9a:72:93:43:90:62:66:15:0f:45:
+                    a5:dd:e0:dd:b8:6f:40:6e:57:c1:79:72:a3:60:aa:
+                    ba:76:1d:12:89:53:5a:fc:02:be:e1:09:13:c5:4a:
+                    2f:dc:3d:8b:19:ad:d7:8b:24:45:fb:4c:f4:cd:5c:
+                    35:1d:29:4c:51:f3:f2:6c:55
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+            Netscape CA Policy Url:
+                http://www.trustcenter.de/guidelines
+            Netscape Cert Type:
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        72:11:e5:95:41:45:32:ba:1c:f8:80:14:fb:66:b7:eb:ae:9a:
+        ce:75:83:51:c0:ae:8a:bb:17:d1:28:e7:76:1f:13:c6:2b:46:
+        71:a6:15:77:04:99:e7:5e:b2:91:24:6f:03:0c:73:e7:23:9e:
+        76:ca:be:0c:c5:cb:c4:90:18:fc:6d:3a:6e:e0:56:80:1b:c3:
+        df:8c:36:13:47:f9:65:c1:83:52:d5:5c:5c:bd:d9:42:66:e1:
+        35:21:68:12:10:a4:60:90:3e:3f:81:e8:c3:8c:a1:b0:15:04:
+        5a:ce:eb:2c:54:56:4b:f9:04:79:2d:9d:ea:8c:59:2f:ad:79:
+        bd:48
--- caroot.diff ends here ---
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->secteam 
Responsible-Changed-By: vs 
Responsible-Changed-When: Mon Feb 13 10:46:09 UTC 2006 
Responsible-Changed-Why:  
Over to secteam for reviewing as per comments in the port. 
If the secteam feels it's appropriate to prune ALL expired certs, 
I'll volunteer to do this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93276 
Responsible-Changed-From-To: secteam->vs 
Responsible-Changed-By: remko 
Responsible-Changed-When: Thu Feb 16 15:34:47 UTC 2006 
Responsible-Changed-Why:  
Bring the PR back to Volker. 

The secteam thinks we can remove the expired certificates without problems. 
The new certificates are more problematic since they require more attention 
and should be validated as best as possible by someone from the secteam. 

That should be done in a different PR and takes longer then to remove 
the certificates. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93276 
State-Changed-From-To: open->patched 
State-Changed-By: vs 
State-Changed-When: Sun Feb 19 15:11:31 UTC 2006 
State-Changed-Why:  
Back to secteam: Expired certs have been pruned, awaiting review 
of new certs. 


Responsible-Changed-From-To: vs->secteam 
Responsible-Changed-By: vs 
Responsible-Changed-When: Sun Feb 19 15:11:31 UTC 2006 
Responsible-Changed-Why:  
Back to secteam: Expired certs have been pruned, awaiting review 
of new certs. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93276 
State-Changed-From-To: patched->closed 
State-Changed-By: linimon 
State-Changed-When: Mon Aug 13 19:05:29 UTC 2007 
State-Changed-Why:  
The ca-roots port is now deprecated, but thanks for the patch. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=93276 
>Unformatted:
