Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 1 Dec 2022, at 09:46, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> On November 30, 2022, Mozilla decided to take the following
> actions as a response to the concerns raised about the merits
> of this root CA operator (excerpt taken from
> https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ):
> 
>> 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME
>>   After Date" to November 30, 2022, for the 3 TrustCor root
>>   certificates (TrustCor RootCert CA-1, TrustCor ECA-1,
>>   TrustCor RootCert CA-2) that are currently included in
>>   Mozilla's root store.
>> 
>> 2. Remove those root certificates from Mozilla's root store
>>   after the existing end-entity TLS certificates have expired.
> 
> As far as the latter is concerned, the offending certificates
> have these expiry dates set:
> - TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT
> - TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT
> - TrustCor ECA-1:         Mon, 31 Dec 2029 17:28:07 GMT
> 
> The way IPFire 2 currently processes Mozilla's trust store
> does not feature a way of incorporate a "Distrust for XYZ After
> Date" attribute. This means that despite TrustCor Systems root
> CAs are no longer trusted by browsers using Mozilla's trust
> store, IPFire would still accept certificates directly or
> indirectly issued by this CA until December 2029 or December 2034.
> 
> To protect IPFire users, this patch therefore suggests to
> patch our copy of Mozilla's trust store in order to remove
> TrustCor Systems' root CAs: The vast majority of HTTPS connections
> established from an IPFire machine take place in a non-interactive
> context, so there is no security benefit from a "Distrust After
> Date" information. Instead, if we do not want IPFire installations
> to trust this CA, we have no other option other than remove it
> unilaterally from our copy of Mozilla's trust store.
> 
> See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> lfs/ca-certificates                           |   6 +-
> ...tes-Remove-TrustCor-Systems-root-CAs.patch | 520 ++++++++++++++++++
> 2 files changed, 525 insertions(+), 1 deletion(-)
> create mode 100644 src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> 
> diff --git a/lfs/ca-certificates b/lfs/ca-certificates
> index b79f59cd1..70f9e0ea6 100644
> --- a/lfs/ca-certificates
> +++ b/lfs/ca-certificates
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 20220917
> +VER        = 20221201
> 
> # From https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
> 
> @@ -52,6 +52,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cp -av $(DIR_CONF)/$(THISAPP) $(DIR_APP)
> 
> + # Remove TrustCor Systems root CAs (see mailing list thread:
> + # https://lists.ipfire.org/pipermail/development/2022-November/014681.html)
> + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> +
> cd $(DIR_APP) && sh ./build.sh
> 
> -mkdir -pv /etc/ssl/certs
> diff --git a/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch b/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> new file mode 100644
> index 000000000..99498a41a
> --- /dev/null
> +++ b/src/patches/ca-certificates-Remove-TrustCor-Systems-root-CAs.patch
> @@ -0,0 +1,520 @@
> +--- certdata.txt 2022-12-01 10:23:58.186454756 +0100
> ++++ certdata.txt 2022-12-01 10:25:19.587297113 +0100
> +@@ -15292,517 +15292,6 @@
> + CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> + 
> + #
> +-# Certificate "TrustCor RootCert CA-1"
> +-#
> +-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
> +-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:16 2016
> +-# Not Valid After : Mon Dec 31 17:23:16 2029
> +-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
> +-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
> +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
> +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> +-CKA_SUBJECT MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\061
> +-END
> +-CKA_ID UTF8 "0"
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\332\233\354\161\363\003\260\031
> +-END
> +-CKA_VALUE MULTILINE_OCTAL
> +-\060\202\004\060\060\202\003\030\240\003\002\001\002\002\011\000
> +-\332\233\354\161\363\003\260\031\060\015\006\011\052\206\110\206
> +-\367\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003
> +-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
> +-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
> +-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
> +-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
> +-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
> +-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
> +-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
> +-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060
> +-\035\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162
> +-\040\122\157\157\164\103\145\162\164\040\103\101\055\061\060\036
> +-\027\015\061\066\060\062\060\064\061\062\063\062\061\066\132\027
> +-\015\062\071\061\062\063\061\061\067\062\063\061\066\132\060\201
> +-\244\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017
> +-\060\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061
> +-\024\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141
> +-\040\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033
> +-\124\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163
> +-\040\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006
> +-\003\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103
> +-\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
> +-\162\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124
> +-\162\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164
> +-\040\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
> +-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
> +-\012\002\202\001\001\000\277\216\267\225\342\302\046\022\153\063
> +-\031\307\100\130\012\253\131\252\215\000\243\374\200\307\120\173
> +-\216\324\040\046\272\062\022\330\043\124\111\045\020\042\230\235
> +-\106\322\301\311\236\116\033\056\054\016\070\363\032\045\150\034
> +-\246\132\005\346\036\213\110\277\230\226\164\076\151\312\351\265
> +-\170\245\006\274\325\000\136\011\012\362\047\172\122\374\055\325
> +-\261\352\264\211\141\044\363\032\023\333\251\317\122\355\014\044
> +-\272\271\236\354\176\000\164\372\223\255\154\051\222\256\121\264
> +-\273\323\127\277\263\363\250\215\234\364\044\113\052\326\231\236
> +-\364\236\376\300\176\102\072\347\013\225\123\332\267\150\016\220
> +-\114\373\160\077\217\112\054\224\363\046\335\143\151\251\224\330
> +-\020\116\305\107\010\220\231\033\027\115\271\154\156\357\140\225
> +-\021\216\041\200\265\275\240\163\330\320\262\167\304\105\352\132
> +-\046\373\146\166\166\370\006\037\141\155\017\125\305\203\267\020
> +-\126\162\006\007\245\363\261\032\003\005\144\016\235\132\212\326
> +-\206\160\033\044\336\376\050\212\053\320\152\260\374\172\242\334
> +-\262\171\016\213\145\017\002\003\001\000\001\243\143\060\141\060
> +-\035\006\003\125\035\016\004\026\004\024\356\153\111\074\172\077
> +-\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060\037
> +-\006\003\125\035\043\004\030\060\026\200\024\356\153\111\074\172
> +-\077\015\343\261\011\267\212\310\253\031\237\163\063\120\347\060
> +-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
> +-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
> +-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
> +-\202\001\001\000\045\030\324\221\217\023\356\217\036\035\021\123
> +-\332\055\104\051\031\240\036\153\061\236\115\016\236\255\075\134
> +-\101\157\225\053\044\241\171\230\072\070\066\373\273\146\236\110
> +-\377\220\220\357\075\324\270\233\264\207\165\077\040\233\316\162
> +-\317\241\125\301\115\144\242\031\006\241\007\063\014\013\051\345
> +-\361\352\253\243\354\265\012\164\220\307\175\162\362\327\134\237
> +-\221\357\221\213\267\334\355\146\242\317\216\146\073\274\237\072
> +-\002\340\047\335\026\230\300\225\324\012\244\344\201\232\165\224
> +-\065\234\220\137\210\067\006\255\131\225\012\260\321\147\323\031
> +-\312\211\347\062\132\066\034\076\202\250\132\223\276\306\320\144
> +-\221\266\317\331\266\030\317\333\176\322\145\243\246\304\216\027
> +-\061\301\373\176\166\333\323\205\343\130\262\167\172\166\073\154
> +-\057\120\034\347\333\366\147\171\037\365\202\225\232\007\247\024
> +-\257\217\334\050\041\147\011\322\326\115\132\034\031\034\216\167
> +-\134\303\224\044\075\062\153\113\176\324\170\224\203\276\067\115
> +-\316\137\307\036\116\074\340\211\063\225\013\017\245\062\326\074
> +-\132\171\054\031
> +-END
> +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-
> +-# Trust for "TrustCor RootCert CA-1"
> +-# Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:da:9b:ec:71:f3:03:b0:19
> +-# Subject: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:16 2016
> +-# Not Valid After : Mon Dec 31 17:23:16 2029
> +-# Fingerprint (SHA-256): D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
> +-# Fingerprint (SHA1): FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A
> +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-1"
> +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> +-\377\275\315\347\202\310\103\136\074\157\046\206\134\312\250\072
> +-\105\133\303\012
> +-END
> +-CKA_CERT_MD5_HASH MULTILINE_OCTAL
> +-\156\205\361\334\032\000\323\042\325\262\262\254\153\067\005\105
> +-END
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\332\233\354\161\363\003\260\031
> +-END
> +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +-
> +-#
> +-# Certificate "TrustCor RootCert CA-2"
> +-#
> +-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:25:a1:df:ca:33:cb:59:02
> +-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:23 2016
> +-# Not Valid After : Sun Dec 31 17:26:39 2034
> +-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
> +-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
> +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
> +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> +-CKA_SUBJECT MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\062
> +-END
> +-CKA_ID UTF8 "0"
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\062
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\010\045\241\337\312\063\313\131\002
> +-END
> +-CKA_VALUE MULTILINE_OCTAL
> +-\060\202\006\057\060\202\004\027\240\003\002\001\002\002\010\045
> +-\241\337\312\063\313\131\002\060\015\006\011\052\206\110\206\367
> +-\015\001\001\013\005\000\060\201\244\061\013\060\011\006\003\125
> +-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
> +-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
> +-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
> +-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
> +-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
> +-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
> +-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
> +-\164\145\040\101\165\164\150\157\162\151\164\171\061\037\060\035
> +-\006\003\125\004\003\014\026\124\162\165\163\164\103\157\162\040
> +-\122\157\157\164\103\145\162\164\040\103\101\055\062\060\036\027
> +-\015\061\066\060\062\060\064\061\062\063\062\062\063\132\027\015
> +-\063\064\061\062\063\061\061\067\062\066\063\071\132\060\201\244
> +-\061\013\060\011\006\003\125\004\006\023\002\120\101\061\017\060
> +-\015\006\003\125\004\010\014\006\120\141\156\141\155\141\061\024
> +-\060\022\006\003\125\004\007\014\013\120\141\156\141\155\141\040
> +-\103\151\164\171\061\044\060\042\006\003\125\004\012\014\033\124
> +-\162\165\163\164\103\157\162\040\123\171\163\164\145\155\163\040
> +-\123\056\040\144\145\040\122\056\114\056\061\047\060\045\006\003
> +-\125\004\013\014\036\124\162\165\163\164\103\157\162\040\103\145
> +-\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162
> +-\151\164\171\061\037\060\035\006\003\125\004\003\014\026\124\162
> +-\165\163\164\103\157\162\040\122\157\157\164\103\145\162\164\040
> +-\103\101\055\062\060\202\002\042\060\015\006\011\052\206\110\206
> +-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
> +-\002\202\002\001\000\247\040\156\302\052\242\142\044\225\220\166
> +-\310\070\176\200\322\253\301\233\145\005\224\364\301\012\020\325
> +-\002\254\355\237\223\307\207\310\260\047\053\102\014\075\012\076
> +-\101\132\236\165\335\215\312\340\233\354\150\062\244\151\222\150
> +-\214\013\201\016\126\240\076\032\335\054\045\024\202\057\227\323
> +-\144\106\364\124\251\334\072\124\055\061\053\231\202\362\331\052
> +-\327\357\161\000\270\061\244\276\172\044\007\303\102\040\362\212
> +-\324\222\004\033\145\126\114\154\324\373\266\141\132\107\043\264
> +-\330\151\264\267\072\320\164\074\014\165\241\214\116\166\241\351
> +-\333\052\245\073\372\316\260\377\176\152\050\375\047\034\310\261
> +-\351\051\361\127\156\144\264\320\301\025\155\016\276\056\016\106
> +-\310\136\364\121\376\357\016\143\072\073\161\272\317\157\131\312
> +-\014\343\233\135\111\270\114\342\127\261\230\212\102\127\234\166
> +-\357\357\275\321\150\250\322\364\011\273\167\065\276\045\202\010
> +-\304\026\054\104\040\126\251\104\021\167\357\135\264\035\252\136
> +-\153\076\213\062\366\007\057\127\004\222\312\365\376\235\302\351
> +-\350\263\216\114\113\002\061\331\344\074\110\202\047\367\030\202
> +-\166\110\072\161\261\023\241\071\325\056\305\064\302\035\142\205
> +-\337\003\376\115\364\257\075\337\134\133\215\372\160\341\245\176
> +-\047\307\206\056\152\217\022\306\204\136\103\121\120\234\031\233
> +-\170\346\374\366\355\107\176\173\075\146\357\023\023\210\137\074
> +-\241\143\373\371\254\207\065\237\363\202\236\244\077\012\234\061
> +-\151\213\231\244\210\112\216\156\146\115\357\026\304\017\171\050
> +-\041\140\015\205\026\175\327\124\070\361\222\126\375\265\063\114
> +-\203\334\327\020\237\113\375\306\370\102\275\272\174\163\002\340
> +-\377\175\315\133\341\324\254\141\173\127\325\112\173\133\324\205
> +-\130\047\135\277\370\053\140\254\240\046\256\024\041\047\306\167
> +-\232\063\200\074\136\106\077\367\303\261\243\206\063\306\350\136
> +-\015\271\065\054\252\106\301\205\002\165\200\240\353\044\373\025
> +-\252\344\147\177\156\167\077\364\004\212\057\174\173\343\027\141
> +-\360\335\011\251\040\310\276\011\244\320\176\104\303\262\060\112
> +-\070\252\251\354\030\232\007\202\053\333\270\234\030\255\332\340
> +-\106\027\254\317\135\002\003\001\000\001\243\143\060\141\060\035
> +-\006\003\125\035\016\004\026\004\024\331\376\041\100\156\224\236
> +-\274\233\075\234\175\230\040\031\345\214\060\142\262\060\037\006
> +-\003\125\035\043\004\030\060\026\200\024\331\376\041\100\156\224
> +-\236\274\233\075\234\175\230\040\031\345\214\060\142\262\060\017
> +-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
> +-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
> +-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
> +-\002\001\000\236\105\236\014\073\266\357\341\072\310\174\321\000
> +-\075\317\342\352\006\265\262\072\273\006\113\150\172\320\043\227
> +-\164\247\054\360\010\330\171\132\327\132\204\212\330\022\232\033
> +-\331\175\134\115\160\305\245\371\253\345\243\211\211\335\001\372
> +-\354\335\371\351\222\227\333\260\106\102\363\323\142\252\225\376
> +-\061\147\024\151\130\220\012\252\013\356\067\043\307\120\121\264
> +-\365\176\236\343\173\367\344\314\102\062\055\111\014\313\377\111
> +-\014\233\036\064\375\156\156\226\212\171\003\266\157\333\011\313
> +-\375\137\145\024\067\341\070\365\363\141\026\130\344\265\155\015
> +-\013\004\033\077\120\055\177\263\307\172\032\026\200\140\370\212
> +-\037\351\033\052\306\371\272\001\032\151\277\322\130\307\124\127
> +-\010\217\341\071\140\167\113\254\131\204\032\210\361\335\313\117
> +-\170\327\347\341\063\055\374\356\101\372\040\260\276\313\367\070
> +-\224\300\341\320\205\017\273\355\054\163\253\355\376\222\166\032
> +-\144\177\133\015\063\011\007\063\173\006\077\021\244\134\160\074
> +-\205\300\317\343\220\250\203\167\372\333\346\305\214\150\147\020
> +-\147\245\122\055\360\304\231\217\177\277\321\153\342\265\107\326
> +-\331\320\205\231\115\224\233\017\113\215\356\000\132\107\035\021
> +-\003\254\101\030\257\207\267\157\014\072\217\312\317\334\003\301
> +-\242\011\310\345\375\200\136\310\140\102\001\033\032\123\132\273
> +-\067\246\267\274\272\204\351\036\154\032\324\144\332\324\103\376
> +-\223\213\113\362\054\171\026\020\324\223\013\210\217\241\330\206
> +-\024\106\221\107\233\050\044\357\127\122\116\134\102\234\252\367
> +-\111\354\047\350\100\036\263\246\211\042\162\234\365\015\063\264
> +-\130\243\060\073\335\324\152\124\223\276\032\115\363\223\224\367
> +-\374\204\013\077\204\040\134\064\003\104\305\332\255\274\012\301
> +-\002\317\036\345\224\331\363\216\133\330\114\360\235\354\141\027
> +-\273\024\062\124\014\002\051\223\036\222\206\366\177\357\347\222
> +-\005\016\131\335\231\010\056\056\372\234\000\122\323\305\146\051
> +-\344\247\227\104\244\016\050\201\023\065\305\366\157\144\346\101
> +-\304\325\057\314\064\105\045\317\101\000\226\075\112\056\302\226
> +-\230\117\116\112\234\227\267\333\037\222\062\310\377\017\121\156
> +-\326\354\011
> +-END
> +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-
> +-# Trust for "TrustCor RootCert CA-2"
> +-# Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:25:a1:df:ca:33:cb:59:02
> +-# Subject: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:23 2016
> +-# Not Valid After : Sun Dec 31 17:26:39 2034
> +-# Fingerprint (SHA-256): 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
> +-# Fingerprint (SHA1): B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0
> +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor RootCert CA-2"
> +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> +-\270\276\155\313\126\361\125\271\143\324\022\312\116\006\064\307
> +-\224\262\034\300
> +-END
> +-CKA_CERT_MD5_HASH MULTILINE_OCTAL
> +-\242\341\370\030\013\272\105\325\307\101\052\273\067\122\105\144
> +-END
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\244\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\037\060\035\006\003\125\004\003\014
> +-\026\124\162\165\163\164\103\157\162\040\122\157\157\164\103\145
> +-\162\164\040\103\101\055\062
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\010\045\241\337\312\063\313\131\002
> +-END
> +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +-
> +-#
> +-# Certificate "TrustCor ECA-1"
> +-#
> +-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
> +-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:33 2016
> +-# Not Valid After : Mon Dec 31 17:28:07 2029
> +-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
> +-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
> +-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor ECA-1"
> +-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> +-CKA_SUBJECT MULTILINE_OCTAL
> +-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
> +-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
> +-END
> +-CKA_ID UTF8 "0"
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
> +-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\204\202\054\137\034\142\320\100
> +-END
> +-CKA_VALUE MULTILINE_OCTAL
> +-\060\202\004\040\060\202\003\010\240\003\002\001\002\002\011\000
> +-\204\202\054\137\034\142\320\100\060\015\006\011\052\206\110\206
> +-\367\015\001\001\013\005\000\060\201\234\061\013\060\011\006\003
> +-\125\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010
> +-\014\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004
> +-\007\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044
> +-\060\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157
> +-\162\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040
> +-\122\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124
> +-\162\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143
> +-\141\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060
> +-\025\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162
> +-\040\105\103\101\055\061\060\036\027\015\061\066\060\062\060\064
> +-\061\062\063\062\063\063\132\027\015\062\071\061\062\063\061\061
> +-\067\062\070\060\067\132\060\201\234\061\013\060\011\006\003\125
> +-\004\006\023\002\120\101\061\017\060\015\006\003\125\004\010\014
> +-\006\120\141\156\141\155\141\061\024\060\022\006\003\125\004\007
> +-\014\013\120\141\156\141\155\141\040\103\151\164\171\061\044\060
> +-\042\006\003\125\004\012\014\033\124\162\165\163\164\103\157\162
> +-\040\123\171\163\164\145\155\163\040\123\056\040\144\145\040\122
> +-\056\114\056\061\047\060\045\006\003\125\004\013\014\036\124\162
> +-\165\163\164\103\157\162\040\103\145\162\164\151\146\151\143\141
> +-\164\145\040\101\165\164\150\157\162\151\164\171\061\027\060\025
> +-\006\003\125\004\003\014\016\124\162\165\163\164\103\157\162\040
> +-\105\103\101\055\061\060\202\001\042\060\015\006\011\052\206\110
> +-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
> +-\012\002\202\001\001\000\317\217\340\021\265\237\250\166\166\333
> +-\337\017\124\357\163\143\051\202\255\107\306\243\153\355\376\137
> +-\063\370\103\121\351\032\063\221\061\027\240\164\304\324\247\001
> +-\346\262\222\076\152\235\355\016\371\164\230\100\323\077\003\200
> +-\006\202\100\350\261\342\247\121\247\035\203\046\153\253\336\372
> +-\027\221\053\330\306\254\036\261\236\031\001\325\227\246\352\015
> +-\267\304\125\037\047\174\322\010\325\166\037\051\025\207\100\071
> +-\335\070\105\021\165\320\232\247\064\340\277\315\310\122\035\271
> +-\107\176\015\270\273\306\014\366\163\127\026\132\176\103\221\037
> +-\125\072\306\155\104\004\252\234\251\234\247\114\211\027\203\256
> +-\243\004\136\122\200\213\036\022\045\021\031\327\014\175\175\061
> +-\104\101\352\333\257\260\034\357\201\320\054\305\232\041\233\075
> +-\355\102\073\120\046\362\354\316\161\141\006\142\041\124\116\177
> +-\301\235\076\177\040\214\200\313\052\330\227\142\310\203\063\221
> +-\175\260\242\132\017\127\350\073\314\362\045\262\324\174\057\354
> +-\115\306\241\072\025\172\347\266\135\065\365\366\110\112\066\105
> +-\146\324\272\230\130\301\002\003\001\000\001\243\143\060\141\060
> +-\035\006\003\125\035\016\004\026\004\024\104\236\110\365\314\155
> +-\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060\037
> +-\006\003\125\035\043\004\030\060\026\200\024\104\236\110\365\314
> +-\155\110\324\240\113\177\376\131\044\057\203\227\231\232\206\060
> +-\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
> +-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
> +-\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
> +-\202\001\001\000\005\076\065\134\025\160\233\311\307\163\141\157
> +-\162\053\324\302\217\362\103\135\002\316\304\224\271\224\021\203
> +-\147\135\342\147\154\165\166\277\273\014\252\066\306\255\107\223
> +-\143\334\036\176\326\336\056\376\351\031\062\070\003\177\024\366
> +-\000\163\054\131\261\041\006\341\373\254\030\225\014\243\377\231
> +-\226\367\053\047\233\325\044\314\035\335\301\072\340\230\104\260
> +-\304\344\076\167\261\163\251\144\054\366\034\001\174\077\135\105
> +-\205\300\205\347\045\217\225\334\027\363\074\237\032\156\260\312
> +-\343\035\052\351\114\143\372\044\141\142\326\332\176\266\034\154
> +-\365\002\035\324\052\335\125\220\353\052\021\107\074\056\136\164
> +-\262\202\042\245\175\123\037\105\354\047\221\175\347\042\026\350
> +-\300\150\066\330\306\361\117\200\104\062\371\341\321\321\035\252
> +-\336\250\253\234\004\257\255\040\016\144\230\115\245\153\300\110
> +-\130\226\151\115\334\007\214\121\223\242\337\237\017\075\213\140
> +-\264\202\215\252\010\116\142\105\340\371\013\322\340\340\074\133
> +-\336\134\161\047\045\302\346\003\201\213\020\123\343\307\125\242
> +-\264\237\327\346
> +-END
> +-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +-
> +-# Trust for "TrustCor ECA-1"
> +-# Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Serial Number:00:84:82:2c:5f:1c:62:d0:40
> +-# Subject: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> +-# Not Valid Before: Thu Feb 04 12:32:33 2016
> +-# Not Valid After : Mon Dec 31 17:28:07 2029
> +-# Fingerprint (SHA-256): 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
> +-# Fingerprint (SHA1): 58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD
> +-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> +-CKA_TOKEN CK_BBOOL CK_TRUE
> +-CKA_PRIVATE CK_BBOOL CK_FALSE
> +-CKA_MODIFIABLE CK_BBOOL CK_FALSE
> +-CKA_LABEL UTF8 "TrustCor ECA-1"
> +-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> +-\130\321\337\225\225\147\153\143\300\360\133\034\027\115\213\204
> +-\013\310\170\275
> +-END
> +-CKA_CERT_MD5_HASH MULTILINE_OCTAL
> +-\047\222\043\035\012\365\100\174\351\346\153\235\330\365\347\154
> +-END
> +-CKA_ISSUER MULTILINE_OCTAL
> +-\060\201\234\061\013\060\011\006\003\125\004\006\023\002\120\101
> +-\061\017\060\015\006\003\125\004\010\014\006\120\141\156\141\155
> +-\141\061\024\060\022\006\003\125\004\007\014\013\120\141\156\141
> +-\155\141\040\103\151\164\171\061\044\060\042\006\003\125\004\012
> +-\014\033\124\162\165\163\164\103\157\162\040\123\171\163\164\145
> +-\155\163\040\123\056\040\144\145\040\122\056\114\056\061\047\060
> +-\045\006\003\125\004\013\014\036\124\162\165\163\164\103\157\162
> +-\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
> +-\150\157\162\151\164\171\061\027\060\025\006\003\125\004\003\014
> +-\016\124\162\165\163\164\103\157\162\040\105\103\101\055\061
> +-END
> +-CKA_SERIAL_NUMBER MULTILINE_OCTAL
> +-\002\011\000\204\202\054\137\034\142\320\100
> +-END
> +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> +-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> +-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> +-
> +-#
> + # Certificate "SSL.com Root Certification Authority RSA"
> + #
> + # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
> -- 
> 2.34.1