src - FreeBSD source tree

diff options


context:
space:
mode:

author	Kyle Evans <kevans@FreeBSD.org>	2024-02-11 06:33:12 +0000
committer	Kyle Evans <kevans@FreeBSD.org>	2024-02-13 20:34:00 +0000
commit	16eebc4e19de99bdc0457f483c97d749a27e7603 (patch)
tree	2bd58ed0ac974800961aaba76f4443356f004b2a
parent	f2c72486da30eda54f0db1a9b7ca822afc835ecf (diff)
download	src-16eebc4e19de99bdc0457f483c97d749a27e7603.tar.gz src-16eebc4e19de99bdc0457f483c97d749a27e7603.zip

caroot: routine update

Changes: - One (1) modified - Eight (8) added - One (1) expired, now untrusted Approved by: re (cperciva) MFC after: 3 days (cherry picked from commit 0d3b2bdbf719ac6b5719a47387558ca9c34a4b2c) (cherry picked from commit 9b7611d9c7b48e68f017c43ec67d4182a4bc11c4)

Diffstat

-rw-r--r--

ObsoleteFiles.inc

-rw-r--r--

secure/caroot/blacklisted/Security_Communication_Root_CA.pem (renamed from secure/caroot/trusted/Security_Communication_Root_CA.pem)

-rw-r--r--

secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem

118

-rw-r--r--

secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem

-rw-r--r--

secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem

-rw-r--r--

secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem

134

-rw-r--r--

secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem

134

-rw-r--r--

secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem

-rw-r--r--

secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem

138

-rw-r--r--

secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem

138

-rw-r--r--

secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem

11 files changed, 878 insertions, 59 deletions

diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index 73435961164c..9e1006e21e51 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc

@@ -51,6 +51,9 @@

# xargs -n1 | sort | uniq -d;

# done

+# 20240213: caroot bundle updated

+OLD_FILES+=usr/share/certs/trusted/Security_Communication_Root_CA.pem

# 20240112: replaced NetBSD tests for uniq with our own

OLD_FILES+=usr/tests/usr.bin/uniq/d_basic.in

OLD_FILES+=usr/tests/usr.bin/uniq/d_basic.out

diff --git a/secure/caroot/trusted/Security_Communication_Root_CA.pem b/secure/caroot/blacklisted/Security_Communication_Root_CA.pem
index b4a1a4657fe8..b4a1a4657fe8 100644
--- a/secure/caroot/trusted/Security_Communication_Root_CA.pem
+++ b/secure/caroot/blacklisted/Security_Communication_Root_CA.pem

diff --git a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
index 7eeb715ac674..ceae80a3e6d8 100644
--- a/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
+++ b/secure/caroot/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem

@@ -14,12 +14,12 @@

Certificate:

Data:

Version: 3 (0x2)

- Serial Number: 6047274297262753887 (0x53ec3beefbb2485f)

- Signature Algorithm: sha1WithRSAEncryption

+ Serial Number: 1977337328857672817 (0x1b70e9d2ffae6c71)

+ Signature Algorithm: sha256WithRSAEncryption

Issuer: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068

Validity

- Not Before: May 20 08:38:15 2009 GMT

- Not After : Dec 31 08:38:15 2030 GMT

+ Not Before: Sep 23 15:22:07 2014 GMT

+ Not After : May 5 15:22:07 2036 GMT

Subject: C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

@@ -62,54 +62,54 @@ Certificate:

92:30:bb

Exponent: 65537 (0x10001)

X509v3 extensions:

- X509v3 Basic Constraints: critical

- CA:TRUE, pathlen:1

- X509v3 Key Usage: critical

- Certificate Sign, CRL Sign

X509v3 Subject Key Identifier:

65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F

+ X509v3 Basic Constraints: critical

+ CA:TRUE, pathlen:1

X509v3 Certificate Policies:

Policy: X509v3 Any Policy

CPS: http://www.firmaprofesional.com/cps

User Notice:

Explicit Text:

- Signature Algorithm: sha1WithRSAEncryption

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ Signature Algorithm: sha256WithRSAEncryption

Signature Value:

- 17:7d:a0:f9:b4:dd:c5:c5:eb:ad:4b:24:b5:a1:02:ab:dd:a5:

- 88:4a:b2:0f:55:4b:2b:57:8c:3b:e5:31:dd:fe:c4:32:f1:e7:

- 5b:64:96:36:32:18:ec:a5:32:77:d7:e3:44:b6:c0:11:2a:80:

- b9:3d:6a:6e:7c:9b:d3:ad:fc:c3:d6:a3:e6:64:29:7c:d1:e1:

- 38:1e:82:2b:ff:27:65:af:fb:16:15:c4:2e:71:84:e5:b5:ff:

- fa:a4:47:bd:64:32:bb:f6:25:84:a2:27:42:f5:20:b0:c2:13:

- 10:11:cd:10:15:ba:42:90:2a:d2:44:e1:96:26:eb:31:48:12:

- fd:2a:da:c9:06:cf:74:1e:a9:4b:d5:87:28:f9:79:34:92:3e:

- 2e:44:e8:f6:8f:4f:8f:35:3f:25:b3:39:dc:63:2a:90:6b:20:

- 5f:c4:52:12:4e:97:2c:2a:ac:9d:97:de:48:f2:a3:66:db:c2:

- d2:83:95:a6:66:a7:9e:25:0f:e9:0b:33:91:65:0a:5a:c3:d9:

- 54:12:dd:af:c3:4e:0e:1f:26:5e:0d:dc:b3:8d:ec:d5:81:70:

- de:d2:4f:24:05:f3:6c:4e:f5:4c:49:66:8d:d1:ff:d2:0b:25:

- 41:48:fe:51:84:c6:42:af:80:04:cf:d0:7e:64:49:e4:f2:df:

- a2:ec:b1:4c:c0:2a:1d:e7:b4:b1:65:a2:c4:bc:f1:98:f4:aa:

- 70:07:63:b4:b8:da:3b:4c:fa:40:22:30:5b:11:a6:f0:05:0e:

- c6:02:03:48:ab:86:9b:85:dd:db:dd:ea:a2:76:80:73:7d:f5:

- 9c:04:c4:45:8d:e7:b9:1c:8b:9e:ea:d7:75:d1:72:b1:de:75:

- 44:e7:42:7d:e2:57:6b:7d:dc:99:bc:3d:83:28:ea:80:93:8d:

- c5:4c:65:c1:70:81:b8:38:fc:43:31:b2:f6:03:34:47:b2:ac:

- fb:22:06:cb:1e:dd:17:47:1c:5f:66:b9:d3:1a:a2:da:11:b1:

- a4:bc:23:c9:e4:be:87:ff:b9:94:b6:f8:5d:20:4a:d4:5f:e7:

- bd:68:7b:65:f2:15:1e:d2:3a:a9:2d:e9:d8:6b:24:ac:97:58:

- 44:47:ad:59:18:f1:21:65:70:de:ce:34:60:a8:40:f1:f3:3c:

- a4:c3:28:23:8c:fe:27:33:43:40:a0:17:3c:eb:ea:3b:b0:72:

- a6:a3:b9:4a:4b:5e:16:48:f4:b2:bc:c8:8c:92:c5:9d:9f:ac:

- 72:36:bc:34:80:34:6b:a9:8b:92:c0:b8:17:ed:ec:76:53:f5:

- 24:01:8c:b3:22:e8:4b:7c:55:c6:9d:fa:a3:14:bb:65:85:6e:

- 6e:4f:12:7e:0a:3c:9d:95

-SHA1 Fingerprint=AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA

+ 74:87:28:02:2b:77:1f:66:89:64:ed:8f:74:2e:46:1c:bb:a8:

+ f8:f8:0b:1d:83:b6:3a:a7:e8:45:8a:07:b7:e0:3e:20:cb:e1:

+ 08:db:13:08:f8:28:a1:35:b2:80:b3:0b:51:c0:d3:56:9a:8d:

+ 33:45:49:af:49:f0:e0:3d:07:7a:45:13:5a:ff:c8:97:d8:d3:

+ 18:2c:7d:96:f8:dd:a2:65:43:70:93:90:15:ba:90:df:e8:19:

+ b0:db:2c:8a:60:0f:b7:6f:94:07:1e:1d:a6:c9:85:f6:bd:34:

+ f8:40:78:62:10:70:3a:be:7d:4b:39:81:a9:10:d4:96:41:bb:

+ f8:5f:1c:0b:1d:08:f2:b1:b0:89:7a:f2:f7:a0:e0:c4:8f:8b:

+ 78:b5:3b:58:a5:23:8e:4f:55:fe:36:3b:e0:0c:b7:ca:2a:30:

+ 41:20:b4:80:cd:ae:fc:76:66:73:a8:ae:6e:e1:7c:da:03:e8:

+ 94:20:e6:22:a3:d0:1f:90:5d:20:53:14:26:57:da:54:97:df:

+ 16:44:10:01:1e:88:66:8f:72:38:93:dd:20:b7:34:be:d7:f1:

+ ee:63:8e:47:79:28:06:fc:f3:59:45:25:60:22:33:1b:a3:5f:

+ a8:ba:2a:da:1a:3d:cd:40:ea:8c:ee:05:15:95:d5:a5:2c:20:

+ 2f:a7:98:28:ee:45:fc:f1:b8:88:00:2c:8f:42:da:51:d5:9c:

+ e5:13:68:71:45:43:8b:9e:0b:21:3c:4b:5c:05:dc:1a:9f:98:

+ 8e:da:bd:22:9e:72:cd:ad:0a:cb:cc:a3:67:9b:28:74:c4:9b:

+ d7:1a:3c:04:58:a6:82:9d:ad:c7:7b:6f:ff:80:96:e9:f8:8d:

+ 6a:bd:18:90:1d:ff:49:1a:90:52:37:93:2f:3c:02:5d:82:76:

+ 0b:51:e7:16:c7:57:f8:38:f9:a7:cd:9b:22:54:ef:63:b0:15:

+ 6d:53:65:03:4a:5e:4a:a0:b2:a7:8e:49:00:59:38:d5:c7:f4:

+ 80:64:f5:6e:95:50:b8:11:7e:15:70:38:4a:b0:7f:d0:c4:32:

+ 70:c0:19:ff:c9:38:2d:14:2c:66:f4:42:44:e6:55:76:1b:80:

+ 15:57:ff:c0:a7:a7:aa:39:aa:d8:d3:70:d0:2e:ba:eb:94:6a:

+ fa:5f:34:86:e7:62:b5:fd:8a:f0:30:85:94:c9:af:24:02:2f:

+ 6f:d6:dd:67:fe:e3:b0:55:4f:04:98:4f:a4:41:56:e2:93:d0:

+ 6a:e8:d6:f3:fb:65:e0:ce:75:c4:31:59:0c:ee:82:c8:0c:60:

+ 33:4a:19:ba:84:67:27:0f:bc:42:5d:bd:24:54:0d:ec:1d:70:

+ 06:5f:a4:bc:fa:20:7c:55

+SHA1 Fingerprint=0B:BE:C2:27:22:49:CB:39:AA:DB:35:5C:53:E3:8C:AE:78:FF:B6:FE

-----BEGIN CERTIFICATE-----

-MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE

+MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE

BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h

-cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy

-MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg

+cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1

+MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg

Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi

MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9

thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM

@@ -122,21 +122,21 @@ Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja

EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T

KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF

6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh

-OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD

-VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD

-VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp

-cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv

-ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl

-AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF

-661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9

-am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1

-ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481

-PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS

-3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k

-SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF

-3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM

-ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g

-StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz

-Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB

-jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V

+OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1UdDgQWBBRlzeurNR4APn7VdMAc

+tHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4wgZswgZgGBFUd

+IAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j

+b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABC

+AG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAw

+ADEANzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9m

+iWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL4QjbEwj4KKE1soCzC1HA01aajTNF

+Sa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDbLIpgD7dvlAceHabJ

+hfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1ilI45P

+Vf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZE

+EAEeiGaPcjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV

+1aUsIC+nmCjuRfzxuIgALI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2t

+CsvMo2ebKHTEm9caPARYpoKdrcd7b/+Alun4jWq9GJAd/0kakFI3ky88Al2CdgtR

+5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH9IBk9W6VULgRfhVwOEqw

+f9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpfNIbnYrX9

+ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK

+GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV

-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem
new file mode 100644
index 000000000000..41e8a409ac3c
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-01.pem

@@ -0,0 +1,67 @@

+##

+## CommScope Public Trust ECC Root-01

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 43:70:82:77:cf:4d:5d:34:f1:ca:ae:32:2f:37:f7:f4:7f:75:a0:9e

+ Signature Algorithm: ecdsa-with-SHA384

+ Issuer: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-01

+ Validity

+ Not Before: Apr 28 17:35:43 2021 GMT

+ Not After : Apr 28 17:35:42 2046 GMT

+ Subject: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-01

+ Subject Public Key Info:

+ Public Key Algorithm: id-ecPublicKey

+ Public-Key: (384 bit)

+ pub:

+ 04:4b:36:e9:ae:57:5e:a8:70:d7:d0:8f:74:62:77:

+ c3:5e:7a:aa:e5:b6:a2:f1:78:fd:02:7e:57:dd:91:

+ 79:9c:6c:b9:52:88:54:bc:2f:04:be:b8:cd:f6:10:

+ d1:29:ec:b5:d0:a0:c3:f0:89:70:19:bb:51:65:c5:

+ 43:9c:c3:9b:63:9d:20:83:3e:06:0b:a6:42:44:85:

+ 11:a7:4a:3a:2d:e9:d6:68:2f:48:4e:53:2b:07:3f:

+ 4d:bd:b9:ac:77:39:57

+ ASN1 OID: secp384r1

+ NIST CURVE: P-384

+ X509v3 extensions:

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ X509v3 Subject Key Identifier:

+ 8E:07:62:C0:50:DD:C6:19:06:00:46:74:04:F7:F3:AE:7D:75:4D:30

+ Signature Algorithm: ecdsa-with-SHA384

+ Signature Value:

+ 30:65:02:31:00:9c:33:df:41:e3:23:a8:42:36:26:97:35:5c:

+ 7b:eb:db:4b:f8:aa:8b:73:55:15:5c:ac:78:29:0f:ba:21:d8:

+ c4:a0:d8:d1:03:dd:6d:d1:39:3d:c4:93:60:d2:e3:72:b2:02:

+ 30:7c:c5:7e:88:d3:50:f5:1e:25:e8:fa:4e:75:e6:58:96:a4:

+ 35:5f:1b:65:ea:61:9a:70:23:b5:0d:a3:9b:92:52:6f:69:a0:

+ 8c:8d:4a:d0:ee:8b:0e:cb:47:8e:d0:8d:11

+SHA1 Fingerprint=07:86:C0:D8:DD:8E:C0:80:98:06:98:D0:58:7A:EF:DE:A6:CC:A2:5D

+-----BEGIN CERTIFICATE-----

+MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMw

+TjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t

+bVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNa

+Fw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv

+cGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDEw

+djAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLxeP0C

+flfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJE

+hRGnSjot6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD

+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggq

+hkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg

+2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liWpDVfG2XqYZpwI7UNo5uS

+Um9poIyNStDuiw7LR47QjRE=

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem
new file mode 100644
index 000000000000..f547954704be
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_ECC_Root-02.pem

@@ -0,0 +1,67 @@

+##

+## CommScope Public Trust ECC Root-02

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 28:fd:99:60:41:47:a6:01:3a:ca:14:7b:1f:ef:f9:68:08:83:5d:7d

+ Signature Algorithm: ecdsa-with-SHA384

+ Issuer: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-02

+ Validity

+ Not Before: Apr 28 17:44:54 2021 GMT

+ Not After : Apr 28 17:44:53 2046 GMT

+ Subject: C = US, O = CommScope, CN = CommScope Public Trust ECC Root-02

+ Subject Public Key Info:

+ Public Key Algorithm: id-ecPublicKey

+ Public-Key: (384 bit)

+ pub:

+ 04:78:30:81:e8:63:1e:e5:eb:71:51:0f:f7:07:07:

+ ca:39:99:7c:4e:d5:0f:cc:30:30:0b:8f:66:93:3e:

+ cf:bd:c5:86:bd:f9:b1:b7:b4:3e:b4:07:c8:f3:96:

+ 31:f3:ed:a4:4f:f8:a3:4e:8d:29:15:58:b8:d5:6f:

+ 7f:ee:6c:22:b5:b0:af:48:45:0a:bd:a8:49:94:bf:

+ 84:43:b0:db:84:4a:03:23:19:67:6a:6f:c1:6e:bc:

+ 06:39:37:d1:88:22:f7

+ ASN1 OID: secp384r1

+ NIST CURVE: P-384

+ X509v3 extensions:

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ X509v3 Subject Key Identifier:

+ E6:18:75:FF:EF:60:DE:84:A4:F5:46:C7:DE:4A:55:E3:32:36:79:F5

+ Signature Algorithm: ecdsa-with-SHA384

+ Signature Value:

+ 30:64:02:30:26:73:49:7a:b6:ab:e6:49:f4:7d:52:3f:d4:41:

+ 04:ae:80:43:83:65:75:b9:85:80:38:3b:d6:6f:e4:93:86:ab:

+ 8f:e7:89:c8:7f:9b:7e:6b:0a:12:55:61:aa:11:e0:79:02:30:

+ 77:e8:31:71:ac:3c:71:03:d6:84:26:1e:14:b8:f3:3b:3b:de:

+ ed:59:fc:6b:4c:30:7f:59:ce:45:e9:73:60:15:9a:4c:f0:e6:

+ 5e:25:22:15:6d:c2:87:59:d0:b2:8e:6a

+SHA1 Fingerprint=3C:3F:EF:57:0F:FE:65:93:86:9E:A0:FE:B0:F6:ED:8E:D1:13:C7:E5

+-----BEGIN CERTIFICATE-----

+MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMw

+TjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t

+bVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRa

+Fw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv

+cGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDIw

+djAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/MMDAL

+j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU

+v4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD

+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggq

+hkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/n

+ich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs73u1Z/GtMMH9ZzkXpc2AV

+mkzw5l4lIhVtwodZ0LKOag==

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem
new file mode 100644
index 000000000000..2f144760f93c
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-01.pem

@@ -0,0 +1,134 @@

+##

+## CommScope Public Trust RSA Root-01

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 3e:03:49:81:75:16:74:31:8e:4c:ab:d5:c5:90:29:96:c5:39:10:dd

+ Signature Algorithm: sha256WithRSAEncryption

+ Issuer: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-01

+ Validity

+ Not Before: Apr 28 16:45:54 2021 GMT

+ Not After : Apr 28 16:45:53 2046 GMT

+ Subject: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-01

+ Subject Public Key Info:

+ Public Key Algorithm: rsaEncryption

+ Public-Key: (4096 bit)

+ Modulus:

+ 00:b0:48:65:a3:0d:1d:42:e3:91:6d:9d:84:a4:61:

+ 96:12:c2:ed:c3:da:23:34:19:76:f6:ea:fd:55:5a:

+ f6:55:01:53:0f:f2:cc:8c:97:4f:b9:50:cb:b3:01:

+ 44:56:96:fd:9b:28:ec:7b:74:0b:e7:42:6b:55:ce:

+ c9:61:b2:e8:ad:40:3c:ba:b9:41:0a:05:4f:1b:26:

+ 85:8f:43:b5:40:b5:85:d1:d4:71:dc:83:41:f3:f6:

+ 45:c7:80:a2:84:50:97:46:ce:a0:0c:c4:60:56:04:

+ 1d:07:5b:46:a5:0e:b2:4b:a4:0e:a5:7c:ee:f8:d4:

+ 62:03:b9:93:6a:8a:14:b8:70:f8:2e:82:46:38:23:

+ 0e:74:c7:6b:41:b7:d0:29:a3:9d:80:b0:7e:77:93:

+ 63:42:fb:34:83:3b:73:a3:5a:21:36:eb:47:fa:18:

+ 17:d9:ba:66:c2:93:a4:8f:fc:5d:a4:ad:fc:50:6a:

+ 95:ac:bc:24:33:d1:bd:88:7f:86:f5:f5:b2:73:2a:

+ 8f:7c:af:08:f2:1a:98:3f:a9:81:65:3f:c1:8c:89:

+ c5:96:30:9a:0a:cf:f4:d4:c8:34:ed:9d:2f:bc:8d:

+ 38:86:53:ee:97:9f:a9:b2:63:94:17:8d:0f:dc:66:

+ 2a:7c:52:51:75:cb:99:8e:e8:3d:5c:bf:9e:3b:28:

+ 8d:83:02:0f:a9:9f:72:e2:2c:2b:b3:dc:66:97:00:

+ 40:d0:a4:54:8e:9b:5d:7b:45:36:26:d6:72:43:eb:

+ cf:c0:ea:0d:dc:ce:12:e6:7d:38:9f:05:27:a8:97:

+ 3e:e9:51:c6:6c:05:28:c1:02:0f:e9:18:6d:ec:bd:

+ 9c:06:d4:a7:49:f4:54:05:6b:6c:30:f1:eb:03:d5:

+ ea:3d:6a:76:c2:cb:1a:28:49:4d:7f:64:e0:fa:2b:

+ da:73:83:81:ff:91:03:bd:94:bb:e4:b8:8e:9c:32:

+ 63:cd:9f:bb:68:81:b1:84:5b:af:36:bf:77:ee:1d:

+ 7f:f7:49:9b:52:ec:d2:77:5a:7d:91:9d:4d:c2:39:

+ 2d:e4:ba:82:f8:6f:f2:4e:1e:0f:4e:e6:3f:59:a5:

+ 23:dc:3d:87:a8:28:58:28:d1:f1:1b:36:db:4f:c4:

+ ff:e1:8c:5b:72:8c:c7:26:03:27:a3:39:0a:01:aa:

+ c0:b2:31:60:83:22:a1:4f:12:09:01:11:af:34:d4:

+ cf:d7:ae:62:d3:05:07:b4:31:75:e0:0d:6d:57:4f:

+ 69:87:f9:57:a9:ba:15:f6:c8:52:6d:a1:cb:9c:1f:

+ e5:fc:78:a8:35:9a:9f:41:14:ce:a5:b4:ce:94:08:

+ 1c:09:ad:56:e5:da:b6:49:9a:4a:ea:63:18:53:9c:

+ 2c:2e:c3

+ Exponent: 65537 (0x10001)

+ X509v3 extensions:

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ X509v3 Subject Key Identifier:

+ 37:5D:A6:9A:74:32:C2:C2:F9:C7:A6:15:10:59:B8:E4:FD:E5:B8:6D

+ Signature Algorithm: sha256WithRSAEncryption

+ Signature Value:

+ af:a7:cf:de:ff:e0:bd:42:8d:4d:e5:22:96:df:68:ea:7d:4d:

+ 2a:7d:d0:ad:3d:16:5c:43:e7:7d:c0:86:e8:7a:35:63:f1:cc:

+ 81:c8:c6:0b:e8:2e:52:35:a4:a6:49:90:63:51:ac:34:ac:05:

+ 3b:57:00:e9:d3:62:d3:d9:29:d5:54:be:1c:10:91:9c:b2:6d:

+ fe:59:fd:79:f7:ea:56:d0:9e:68:54:42:8f:26:52:e2:4c:df:

+ 2f:97:a6:2f:d2:07:98:a8:f3:60:5d:4b:9a:58:57:88:ef:82:

+ e5:fa:af:6c:81:4b:92:8f:40:9a:93:46:59:cb:5f:78:16:b1:

+ 67:3e:42:0b:df:28:d9:b0:ad:98:20:be:43:7c:d1:5e:1a:09:

+ 17:24:8d:7b:5d:95:e9:ab:c1:60:ab:5b:18:64:80:fb:ad:e0:

+ 06:7d:1d:ca:59:b8:f3:78:29:67:c6:56:1d:af:b6:b5:74:2a:

+ 76:a1:3f:fb:75:30:9f:94:5e:3b:a5:60:f3:cb:5c:0c:e2:0e:

+ c9:60:f8:c9:1f:16:8a:26:dd:e7:27:7f:eb:25:a6:8a:bd:b8:

+ 2d:36:10:9a:b1:58:4d:9a:68:4f:60:54:e5:f6:46:13:8e:88:

+ ac:bc:21:42:12:ad:c6:4a:89:7d:9b:c1:d8:2d:e9:96:03:f4:

+ a2:74:0c:bc:00:1d:bf:d6:37:25:67:b4:72:8b:af:85:bd:ea:

+ 2a:03:8f:cc:fb:3c:44:24:82:e2:01:a5:0b:59:b6:34:8d:32:

+ 0b:12:0d:eb:27:c2:fd:41:d7:40:3c:72:46:29:c0:8c:ea:ba:

+ 0f:f1:06:93:2e:f7:9c:a8:f4:60:3e:a3:f1:38:5e:8e:13:c1:

+ b3:3a:97:87:3f:92:ca:78:a9:1c:af:d0:b0:1b:26:1e:be:70:

+ ec:7a:f5:33:98:ea:5c:ff:2b:0b:04:4e:43:dd:63:7e:0e:a7:

+ 4e:78:03:95:3e:d4:2d:30:95:11:10:28:2e:bf:a0:02:3e:ff:

+ 5e:59:d3:05:0e:95:5f:53:45:ef:6b:87:d5:48:cd:16:a6:96:

+ 83:e1:df:b3:06:f3:c1:14:db:a7:ec:1c:8b:5d:90:90:0d:72:

+ 51:e7:61:f9:14:ca:af:83:8f:bf:af:b1:0a:59:5d:dc:5c:d7:

+ e4:96:ad:5b:60:1d:da:ae:97:b2:39:d9:06:f5:76:00:13:f8:

+ 68:4c:21:b0:35:c4:dc:55:b2:c9:c1:41:5a:1c:89:c0:8c:6f:

+ 74:a0:6b:33:4d:b5:01:28:fd:ad:ad:89:17:3b:a6:9a:84:bc:

+ eb:8c:ea:c4:71:24:a8:ba:29:f9:08:b2:27:56:35:32:5f:ea:

+ 39:fb:31:9a:d5:19:cc:f0

+SHA1 Fingerprint=6D:0A:5F:F7:B4:23:06:B4:85:B3:B7:97:64:FC:AC:75:F5:33:F2:93

+-----BEGIN CERTIFICATE-----

+MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQEL

+BQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi

+Q29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1

+NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t

+U2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt

+MDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45FtnYSk

+YZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslh

+suitQDy6uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0al

+DrJLpA6lfO741GIDuZNqihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3Oj

+WiE260f6GBfZumbCk6SP/F2krfxQapWsvCQz0b2If4b19bJzKo98rwjyGpg/qYFl

+P8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/cZip8UlF1y5mO6D1cv547

+KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTifBSeolz7p

+UcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/

+kQO9lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JO

+Hg9O5j9ZpSPcPYeoKFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkB

+Ea801M/XrmLTBQe0MXXgDW1XT2mH+VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6U

+CBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G

+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm45P3luG0wDQYJ

+KoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6

+NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQ

+nmhUQo8mUuJM3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+

+QgvfKNmwrZggvkN80V4aCRckjXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2v

+trV0KnahP/t1MJ+UXjulYPPLXAziDslg+MkfFoom3ecnf+slpoq9uC02EJqxWE2a

+aE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/WNyVntHKLr4W96ioD

+j8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+o/E4

+Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0w

+lREQKC6/oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHn

+YfkUyq+Dj7+vsQpZXdxc1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVoc

+icCMb3SgazNNtQEo/a2tiRc7ppqEvOuM6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem
new file mode 100644
index 000000000000..b343c7765878
--- /dev/null
+++ b/secure/caroot/trusted/CommScope_Public_Trust_RSA_Root-02.pem

@@ -0,0 +1,134 @@

+##

+## CommScope Public Trust RSA Root-02

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 54:16:bf:3b:7e:39:95:71:8d:d1:aa:00:a5:86:0d:2b:8f:7a:05:4e

+ Signature Algorithm: sha256WithRSAEncryption

+ Issuer: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-02

+ Validity

+ Not Before: Apr 28 17:16:43 2021 GMT

+ Not After : Apr 28 17:16:42 2046 GMT

+ Subject: C = US, O = CommScope, CN = CommScope Public Trust RSA Root-02

+ Subject Public Key Info:

+ Public Key Algorithm: rsaEncryption

+ Public-Key: (4096 bit)

+ Modulus:

+ 00:e1:fa:0e:fb:68:00:12:c8:4d:d5:ac:22:c4:35:

+ 01:3b:c5:54:e5:59:76:63:a5:7f:eb:c1:c4:6a:98:

+ bd:32:8d:17:80:eb:5d:ba:d1:62:3d:25:23:19:35:

+ 14:e9:7f:89:a7:1b:62:3c:d6:50:e7:34:95:03:32:

+ b1:b4:93:22:3d:a7:e2:b1:ed:e6:7b:4e:2e:87:9b:

+ 0d:33:75:0a:de:aa:35:e7:7e:e5:36:98:a2:ae:25:

+ 9e:95:b3:32:96:a4:2b:58:1e:ef:3f:fe:62:34:48:

+ 51:d1:b4:8d:42:ad:60:da:49:6a:95:70:dd:d2:00:

+ e2:cc:57:63:02:7b:96:dd:49:97:5b:92:4e:95:d3:

+ f9:cb:29:1f:18:4a:f8:01:2a:d2:63:09:6e:24:e9:

+ 89:d2:e5:c7:22:4c:dc:73:86:47:00:aa:0d:88:8e:

+ ae:85:7d:4a:e9:bb:33:4f:0e:52:70:9d:95:e3:7c:

+ 6d:96:5b:2d:3d:5f:a1:83:46:5d:b6:e3:25:b8:7c:

+ a7:19:80:1c:ea:65:43:dc:91:79:36:2c:74:7c:f2:

+ 67:06:c9:89:c9:db:bf:da:68:bf:23:ed:dc:6b:ad:

+ 28:83:79:2f:ec:38:a5:0d:37:01:67:27:9a:e9:33:

+ d9:33:5f:37:a1:c5:f0:ab:3d:fa:78:b0:e7:2c:9f:

+ f6:3e:9f:60:e0:ef:48:e9:90:45:1e:05:51:78:1a:

+ 2c:12:2c:5c:28:ac:0d:a2:23:9e:34:8f:05:e6:a2:

+ 33:ce:11:77:13:d4:0e:a4:1e:42:1f:86:cd:70:fe:

+ d9:2e:15:3d:1d:bb:b8:f2:53:57:db:cc:c6:74:29:

+ 9c:18:b3:36:75:38:2e:0f:54:a1:f8:92:1f:89:96:

+ 4f:bb:d4:ee:9d:e9:3b:36:42:b5:0a:3b:2a:d4:64:

+ 79:36:10:e1:f9:91:03:2b:7b:20:54:cd:0d:19:1a:

+ c8:41:32:34:d1:b0:99:e1:90:1e:01:40:36:b5:b7:

+ fa:a9:e5:77:75:a4:22:81:5d:b0:8b:e4:27:12:0f:

+ 54:88:c6:db:85:74:e6:b7:c0:d7:a6:29:fa:db:de:

+ f3:93:97:27:04:55:2f:0a:6f:37:c5:3d:13:af:0a:

+ 00:a9:2c:8b:1c:81:28:d7:ef:86:31:a9:ae:f2:6e:

+ b8:ca:6a:2c:54:47:d8:2a:88:2e:af:c1:07:10:78:

+ ac:11:a2:2f:42:f0:37:c5:f2:b8:56:dd:0e:62:2d:

+ ce:2d:56:7e:55:f2:a7:44:f6:2b:32:f4:23:a8:47:

+ e8:d4:2a:01:78:cf:6a:c3:37:a8:9e:65:d2:2c:e5:

+ fa:ba:33:c1:06:44:f6:e6:cf:a5:0d:a7:66:08:34:

+ 8a:2c:f3

+ Exponent: 65537 (0x10001)

+ X509v3 extensions:

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ X509v3 Subject Key Identifier:

+ 47:D0:E7:B1:22:FF:9D:2C:F5:D9:57:60:B3:B1:B1:70:95:EF:61:7A

+ Signature Algorithm: sha256WithRSAEncryption

+ Signature Value:

+ 86:69:b1:4d:2f:e9:9f:4f:22:93:68:8e:e4:21:99:a3:ce:45:

+ 53:1b:73:44:53:00:81:61:cd:31:e3:08:ba:81:28:28:7a:92:

+ b9:b6:a8:c8:43:9e:c7:13:26:4d:c2:d8:e5:55:9c:92:5d:50:

+ d8:c2:2b:db:fe:e6:a8:97:cf:52:3a:24:c3:65:64:5c:47:31:

+ a3:65:35:13:c3:93:b9:f7:f9:51:97:bb:a4:f0:62:87:c5:d6:

+ 06:d3:97:83:20:a9:7e:bb:b6:21:c2:a5:0d:84:00:e1:f2:27:

+ 10:83:ba:dd:03:81:d5:dd:68:c3:66:10:c8:d1:76:b4:b3:6f:

+ 29:9e:00:f9:c2:29:f5:b1:93:19:52:69:1a:2c:4c:a0:8b:e0:

+ 15:9a:31:2f:d3:88:95:59:6e:e5:c4:b3:50:c8:14:08:4a:9b:

+ 8b:13:83:b1:a4:72:b2:3b:76:33:41:dc:dc:aa:a6:07:6f:1d:

+ 24:12:9f:c8:76:bd:2f:d9:8e:f4:2c:ee:b7:d2:38:10:24:36:

+ 51:2f:e3:5c:5d:81:21:a7:da:bb:4e:ff:e6:07:a8:fe:b9:0d:

+ 27:6c:bb:70:5a:55:7a:13:e9:f1:2a:49:69:c7:5f:87:57:4c:

+ 43:79:6d:3a:65:e9:30:5c:41:ee:eb:77:a5:73:12:88:e8:bf:

+ 7d:ae:e5:c4:a8:1f:0d:8e:1c:6d:50:02:4f:26:18:43:de:8f:

+ 55:85:b1:0b:37:05:60:c9:55:39:12:04:a1:2a:cf:71:16:9f:

+ 36:51:49:bf:70:3b:9e:67:9c:fb:7b:79:c9:39:1c:78:ac:77:

+ 91:54:9a:b8:75:0a:81:52:97:e3:66:61:6b:ed:3e:38:1e:96:

+ 61:55:e1:91:54:8c:ed:8c:24:1f:81:c9:10:9a:73:99:2b:16:

+ 4e:72:00:3f:54:1b:f8:8d:ba:8b:e7:14:d6:b6:45:4f:60:ec:

+ 96:ae:c3:2f:02:4e:5d:9d:96:49:72:00:b2:ab:75:5c:0f:68:

+ 5b:1d:65:c2:5f:33:0f:1e:0f:f0:3b:86:f5:b0:4e:bb:9c:f7:

+ ea:25:05:dc:ad:a2:9b:4b:17:01:be:42:df:35:21:1d:ad:ab:

+ ae:f4:bf:ae:1f:1b:d3:e2:3b:fc:b3:72:73:1c:9b:28:90:89:

+ 13:3d:1d:c1:00:47:09:96:9a:38:1b:dd:b1:cf:0d:c2:b4:44:

+ f3:96:95:ce:32:3a:8f:34:9c:e0:17:c7:5e:ce:ae:0d:db:87:

+ 38:e5:3f:5b:fd:9b:19:e1:31:41:7a:70:aa:23:6b:01:e1:45:

+ 4c:cd:94:ce:3b:9e:2d:e7:88:02:22:f4:6e:e8:c8:ec:d6:3c:

+ f3:b9:b2:d7:77:7a:ac:7b

+SHA1 Fingerprint=EA:B0:E2:52:1B:89:93:4C:11:68:F2:D8:9A:AC:22:4C:A3:8A:57:AE

+-----BEGIN CERTIFICATE-----

+MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQEL

+BQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi

+Q29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2

+NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t

+U2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt

+MDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3VrCLE

+NQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0

+kyI9p+Kx7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1C

+rWDaSWqVcN3SAOLMV2MCe5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxz

+hkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2WWy09X6GDRl224yW4fKcZgBzqZUPckXk2

+LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rpM9kzXzehxfCrPfp4sOcs

+n/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIfhs1w/tku

+FT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5

+kQMreyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3

+wNemKfrb3vOTlycEVS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6v

+wQcQeKwRoi9C8DfF8rhW3Q5iLc4tVn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs

+5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G

+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7GxcJXvYXowDQYJ

+KoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB

+KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3

++VGXu6TwYofF1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbyme

+APnCKfWxkxlSaRosTKCL4BWaMS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3Nyq

+pgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xdgSGn2rtO/+YHqP65DSdsu3BaVXoT

+6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2OHG1QAk8mGEPej1WF

+sQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+NmYWvt

+PjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2d

+lklyALKrdVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670

+v64fG9PiO/yzcnMcmyiQiRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17O

+rg3bhzjlP1v9mxnhMUF6cKojawHhRUzNlM47ni3niAIi9G7oyOzWPPO5std3eqx7

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem b/secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem
new file mode 100644
index 000000000000..da5285d26633
--- /dev/null
+++ b/secure/caroot/trusted/Telekom_Security_TLS_ECC_Root_2020.pem

@@ -0,0 +1,68 @@

+##

+## Telekom Security TLS ECC Root 2020

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 36:3a:96:8c:c9:5c:b2:58:cd:d0:01:5d:c5:e5:57:00

+ Signature Algorithm: ecdsa-with-SHA384

+ Issuer: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS ECC Root 2020

+ Validity

+ Not Before: Aug 25 07:48:20 2020 GMT

+ Not After : Aug 25 23:59:59 2045 GMT

+ Subject: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS ECC Root 2020

+ Subject Public Key Info:

+ Public Key Algorithm: id-ecPublicKey

+ Public-Key: (384 bit)

+ pub:

+ 04:ce:bf:fe:57:a8:bf:d5:aa:f7:10:9a:cd:bc:d1:

+ 11:a2:bd:67:42:cc:90:eb:15:18:90:d9:a2:cd:0c:

+ 2a:25:eb:3e:4f:ce:b5:d2:8f:0f:f3:35:da:43:8b:

+ 02:80:be:6f:51:24:1d:0f:6b:2b:ca:9f:c2:6f:50:

+ 32:e5:37:20:b6:20:ff:88:0d:0f:6d:49:bb:db:06:

+ a4:87:90:92:94:f4:09:d0:cf:7f:c8:80:0b:c1:97:

+ b3:bb:35:27:c9:c2:1b

+ ASN1 OID: secp384r1

+ NIST CURVE: P-384

+ X509v3 extensions:

+ X509v3 Subject Key Identifier:

+ E3:72:CC:6E:95:99:47:B1:E6:B3:61:4C:D1:CB:AB:E3:BA:CD:DE:9F

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ Signature Algorithm: ecdsa-with-SHA384

+ Signature Value:

+ 30:64:02:30:75:52:8b:b7:a4:10:4f:ae:4a:10:8b:b2:84:5b:

+ 42:e1:e6:2a:36:02:da:a0:6e:19:3f:25:bf:da:59:32:8e:e4:

+ fb:90:dc:93:64:ce:ad:b4:41:47:60:e2:cf:a7:cb:1e:02:30:

+ 37:41:8c:66:df:41:6b:d6:83:00:41:fd:2f:5a:f7:50:b4:67:

+ d1:2c:a8:71:d7:43:ca:9c:27:24:91:83:48:0d:cf:cd:f7:54:

+ 81:af:ec:7f:e4:67:db:b8:90:ee:dd:25

+SHA1 Fingerprint=C0:F8:96:C5:A9:3B:01:06:21:07:DA:18:42:48:BC:E9:9D:88:D5:EC

+-----BEGIN CERTIFICATE-----

+MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw

+CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH

+bWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw

+MB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIzNTk1OVowYzELMAkGA1UEBhMCREUx

+JzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkGA1UE

+AwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqGSM49

+AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/O

+tdKPD/M12kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDP

+f8iAC8GXs7s1J8nCG6NCMEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6f

+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA

+MGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZMo7k+5Dck2TOrbRBR2Di

+z6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn

+27iQ7t0l

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem b/secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem
new file mode 100644
index 000000000000..69bbcdd0e322
--- /dev/null
+++ b/secure/caroot/trusted/Telekom_Security_TLS_RSA_Root_2023.pem

@@ -0,0 +1,138 @@

+##

+## Telekom Security TLS RSA Root 2023

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 21:9c:54:2d:e8:f6:ec:71:77:fa:4e:e8:c3:70:57:97

+ Signature Algorithm: sha384WithRSAEncryption

+ Issuer: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS RSA Root 2023

+ Validity

+ Not Before: Mar 28 12:16:45 2023 GMT

+ Not After : Mar 27 23:59:59 2048 GMT

+ Subject: C = DE, O = Deutsche Telekom Security GmbH, CN = Telekom Security TLS RSA Root 2023

+ Subject Public Key Info:

+ Public Key Algorithm: rsaEncryption

+ Public-Key: (4096 bit)

+ Modulus:

+ 00:ed:35:a1:81:80:f3:cb:4a:69:5b:c2:fb:51:83:

+ ae:26:fd:e1:6e:f3:81:12:7d:71:40:ff:87:75:42:

+ 29:21:ed:81:52:2c:df:12:c1:19:84:89:c1:bd:c5:

+ 28:d5:d5:4b:6c:44:d6:4c:db:07:96:4a:55:7a:ca:

+ 36:82:04:36:a8:a5:fc:27:f6:49:f1:d5:72:9e:91:

+ f9:23:d6:70:7b:bb:f5:9b:c1:ec:93:cf:19:ea:65:

+ 7e:88:70:a0:73:fc:f6:ff:b5:56:62:e1:73:6a:34:

+ 98:3e:82:b8:ac:95:53:f4:01:a0:27:07:72:a3:00:

+ 53:a0:e4:b2:ab:83:38:57:33:25:94:9f:be:48:1d:

+ 98:e1:a3:ba:9e:5c:cd:04:71:51:7d:75:78:ab:f3:

+ 59:aa:c4:e0:60:be:8f:83:52:b8:75:1a:41:35:ed:

+ bc:f3:3a:63:e9:a9:14:45:d7:e6:52:d1:6e:d2:de:

+ bc:e3:f5:0b:3b:e6:e0:c4:bd:43:64:13:a6:ce:f4:

+ 98:37:6c:8a:95:a8:97:c8:47:0f:f0:5e:10:8b:e7:

+ 1d:1c:fe:b1:3b:a0:05:33:68:05:41:82:c1:03:2b:

+ 01:c8:e7:8f:4d:ab:e8:b5:f6:cd:6b:44:b5:e7:dd:

+ 8b:ec:ea:25:b4:00:22:57:4d:b0:b1:b2:31:c1:16:

+ ce:ff:fd:14:84:b7:47:fa:b2:f1:70:de:db:8b:6c:

+ 36:58:a4:7c:b3:11:d1:c3:77:7f:5f:b6:25:e0:0d:

+ c5:d2:b3:f9:b8:b8:77:db:37:71:71:47:e3:60:18:

+ 4f:24:b6:75:37:78:b9:a3:62:af:bd:c9:72:8e:2f:

+ cc:bb:ae:db:e4:15:52:19:07:33:fb:6a:b7:2d:4b:

+ 90:28:82:73:fe:18:8b:35:8d:db:a7:04:6a:be:ea:

+ c1:4d:36:3b:16:36:91:32:ef:b6:40:89:91:43:e0:

+ f2:a2:ab:04:2e:e6:f2:4c:0e:16:34:20:ac:87:c1:

+ 2d:7e:c9:66:47:17:14:11:a4:f3:f7:a1:24:89:ab:

+ d8:1a:c8:a1:5c:b1:a3:f7:8c:6d:c8:01:c9:4f:c9:

+ ec:c4:fc:ac:51:33:d1:c8:83:d1:c9:9f:1d:d4:47:

+ 34:29:3e:cb:b0:0e:fa:83:0b:28:58:e5:29:dc:3f:

+ 7c:a8:9f:c9:b6:0a:bb:a6:e8:46:16:0f:96:e5:7b:

+ e4:6a:7a:48:6d:76:98:05:a5:dc:6d:1e:42:1e:42:

+ da:1a:e0:52:f7:b5:83:c0:1a:7b:78:35:2c:38:f5:

+ 1f:fd:49:a3:2e:d2:59:63:bf:80:b0:8c:93:73:cb:

+ 35:a6:99:95:22:61:65:03:60:fb:2f:93:4b:fa:9a:

+ 9c:80:3b

+ Exponent: 65537 (0x10001)

+ X509v3 extensions:

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ X509v3 Subject Key Identifier:

+ B6:A7:97:82:3D:74:85:9B:F7:3C:9F:93:9A:95:79:75:52:8C:6D:47

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Authority Key Identifier:

+ B6:A7:97:82:3D:74:85:9B:F7:3C:9F:93:9A:95:79:75:52:8C:6D:47

+ Signature Algorithm: sha384WithRSAEncryption

+ Signature Value:

+ a8:cc:61:a6:be:75:9e:15:50:a4:6b:fb:a8:70:45:7c:ba:7e:

+ b1:5a:fc:5b:23:fa:0a:77:f8:98:71:82:0c:6d:e0:5e:46:aa:

+ 93:f4:1e:a0:c3:e1:93:db:4b:ad:b2:a6:5d:ab:b0:d4:62:cb:

+ 5e:bb:66:f5:2d:ee:97:40:3c:62:eb:5e:d6:14:d6:8c:e2:96:

+ 8b:41:69:93:35:e6:b9:99:6b:62:b4:a1:17:66:34:a6:6b:63:

+ c6:b9:4e:f2:22:e9:58:0d:56:41:d1:fa:0c:4a:f0:33:cd:3b:

+ bb:6d:21:3a:ae:8e:72:b5:c3:4a:fb:e9:7d:e5:b1:9b:86:ee:

+ e2:e0:7d:b4:f7:32:fd:22:84:f1:85:c9:37:79:e9:b5:3f:bf:

+ 5c:e4:74:b2:8f:11:62:00:dd:18:66:a1:d9:7b:23:5f:f1:8e:

+ d5:67:e8:54:da:5b:3a:6b:36:6f:f9:81:b1:33:47:33:77:40:

+ f9:52:aa:dd:d4:83:cf:85:78:99:9a:93:b9:73:67:42:46:11:

+ 21:ea:fe:0a:a9:1b:1a:65:69:b3:8f:ae:16:b6:f6:4b:56:b2:

+ 2d:f9:a5:c8:ec:3b:62:a3:ed:6b:d0:4e:d5:40:09:a4:1f:98:

+ d7:3a:a5:92:59:20:e4:b0:7d:cd:5b:73:68:bd:6d:c4:a2:13:

+ 0e:67:19:b8:8d:42:7e:6c:0c:9a:6e:a0:24:2d:d5:45:1b:dc:

+ c4:02:14:fe:85:5b:65:97:ca:4e:90:50:08:7a:42:35:f9:ea:

+ c2:66:d4:f8:01:ae:1e:b4:be:c3:a8:ef:fe:76:9a:a2:a6:1f:

+ 46:f6:84:ed:fc:db:ce:c4:02:ce:77:48:2c:8c:b2:ec:c3:00:

+ a3:ec:2c:55:18:c1:7e:19:ee:e1:2f:f2:ad:83:9b:9e:ab:19:

+ df:c6:8a:2f:8c:77:e5:b7:05:ec:3b:c1:ec:be:86:b3:86:bc:

+ c0:f7:dc:e7:ea:5b:ae:b2:cc:b5:35:86:4b:d0:e2:3f:b6:d8:

+ f8:0e:00:ee:5d:e3:f7:8d:58:ff:cf:8b:37:e9:63:5f:6e:f7:

+ 09:71:36:c2:12:5d:57:f2:c8:b4:cd:f3:ee:02:df:11:dc:6a:

+ b9:57:84:1d:59:4d:8c:ce:c8:0e:23:c2:b7:26:9a:10:14:71:

+ fe:93:b2:8a:b8:80:f0:0e:10:9e:d3:a8:50:0c:37:82:2f:ea:

+ e0:8a:9d:e1:2c:39:ff:b5:b4:73:00:e4:f7:48:a6:73:ac:bf:

+ b2:de:77:04:87:b4:a3:cd:9b:35:24:37:fa:90:93:13:81:42:

+ c6:98:26:75:37:66:41:10:ac:bb:f5:94:e3:c2:31:2b:ad:e7:

+ 23:56:cc:35:25:92:b3:50

+SHA1 Fingerprint=54:D3:AC:B3:BD:57:56:F6:85:9D:CE:E5:C3:21:E2:D4:AD:83:D0:93

+-----BEGIN CERTIFICATE-----

+MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj

+MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0

+eSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy

+MDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMyNzIzNTk1OVowYzELMAkGA1UEBhMC

+REUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkG

+A1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIwDQYJ

+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9

+cUD/h3VCKSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHV

+cp6R+SPWcHu79ZvB7JPPGeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMA

+U6DksquDOFczJZSfvkgdmOGjup5czQRxUX11eKvzWarE4GC+j4NSuHUaQTXtvPM6

+Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWol8hHD/BeEIvnHRz+sTug

+BTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9FIS3R/qy

+8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73J

+co4vzLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg

+8qKrBC7m8kwOFjQgrIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8

+rFEz0ciD0cmfHdRHNCk+y7AO+oMLKFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12

+mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7SWWO/gLCMk3PLNaaZlSJhZQNg

++y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtqeX

+gj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2

+p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQ

+pGv7qHBFfLp+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm

+9S3ul0A8Yute1hTWjOKWi0FpkzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErw

+M807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy/SKE8YXJN3nptT+/XOR0so8RYgDd

+GGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4mZqTuXNnQkYRIer+

+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtzaL1t

+xKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+

+w6jv/naaoqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aK

+L4x35bcF7DvB7L6Gs4a8wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+lj

+X273CXE2whJdV/LItM3z7gLfEdxquVeEHVlNjM7IDiPCtyaaEBRx/pOyiriA8A4Q

+ntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0o82bNSQ3+pCTE4FCxpgm

+dTdmQRCsu/WU48IxK63nI1bMNSWSs1A=

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem b/secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem
new file mode 100644
index 000000000000..72e8d614f96a
--- /dev/null
+++ b/secure/caroot/trusted/TrustAsia_Global_Root_CA_G3.pem

@@ -0,0 +1,138 @@

+##

+## TrustAsia Global Root CA G3

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 64:f6:0e:65:77:61:6a:ab:3b:b4:ea:85:84:bb:b1:89:b8:71:93:0f

+ Signature Algorithm: sha384WithRSAEncryption

+ Issuer: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G3

+ Validity

+ Not Before: May 20 02:10:19 2021 GMT

+ Not After : May 19 02:10:19 2046 GMT

+ Subject: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G3

+ Subject Public Key Info:

+ Public Key Algorithm: rsaEncryption

+ Public-Key: (4096 bit)

+ Modulus:

+ 00:c0:31:82:61:92:e4:94:1b:0a:2a:65:d0:be:06:

+ a9:87:3b:51:12:ea:70:41:ae:e2:fb:74:ea:0a:8d:

+ b9:b3:4c:dc:8f:b7:13:52:4f:54:18:e1:2c:73:95:

+ 91:c5:66:3b:6a:cf:ac:63:6d:87:53:f0:f7:f1:39:

+ b7:a0:43:63:b0:c4:03:5d:57:a9:e7:44:ce:c4:a1:

+ 83:65:f6:50:3e:b1:7e:16:b8:3a:8a:02:d0:96:1f:

+ 00:cd:05:21:ef:06:6d:dd:21:9c:19:43:45:a1:c5:

+ e8:80:ca:c2:ad:40:62:17:06:c6:aa:bc:f3:d6:e6:

+ fc:50:7e:66:42:1f:3c:8b:a6:79:79:86:40:35:9f:

+ 20:ef:3f:eb:8b:47:1f:8f:8e:c5:d4:8e:b6:2c:c9:

+ 44:04:e3:d4:43:75:3f:d5:3f:af:1c:cc:7e:46:5f:

+ ac:df:64:10:8a:ef:46:f0:90:f0:0f:2d:f4:88:0b:

+ b1:29:aa:af:85:aa:49:58:a8:bf:63:a0:38:91:e6:

+ b3:e6:77:68:c4:f9:2a:19:84:bb:0e:e1:f5:af:89:

+ ec:a5:2f:50:20:74:1e:12:41:73:1e:24:d9:ca:ce:

+ 2c:a1:59:35:c0:c8:1d:46:27:61:5a:8f:f9:4d:d3:

+ 72:79:66:1e:9f:15:90:21:2d:fd:ed:8b:56:70:03:

+ 4a:49:3e:7f:69:31:12:69:c7:1e:5c:ca:7a:13:8b:

+ e8:e6:f5:60:0f:cc:93:2c:84:7f:f1:fc:6a:fc:9b:

+ 47:9d:db:ad:88:3d:f3:76:75:33:d7:4b:a4:c8:8b:

+ f9:f5:43:58:4f:cb:c8:03:54:8f:a5:85:78:04:1a:

+ f3:73:f2:d7:87:1d:41:9f:e7:d8:17:ce:1a:9c:0f:

+ 4a:fc:dc:44:68:54:68:e2:41:3c:fe:2c:84:86:37:

+ 3c:cd:3f:2f:a2:db:e7:f7:54:03:5f:59:d3:f7:91:

+ 78:c7:8b:77:6a:16:e5:49:85:90:45:72:70:2f:91:

+ 5d:f8:3e:65:40:0b:19:99:c9:26:20:5a:68:c1:35:

+ bf:4f:a7:51:f1:d8:11:2b:5b:e0:9a:9e:28:3b:0a:

+ 3a:0a:1f:c1:81:e5:2e:f0:a6:b9:69:a5:88:94:e6:

+ 6b:13:7f:d1:64:3f:3d:9c:70:46:e5:a2:85:7b:58:

+ 84:27:dc:c4:80:3e:67:9a:9a:c7:9a:31:0e:30:ec:

+ e6:17:40:95:d9:45:ed:01:96:aa:bf:0c:f3:4b:d1:

+ 63:f7:13:58:c0:b8:f3:fa:67:dd:9b:7d:6d:4a:ff:

+ 32:4c:b5:25:3b:ff:1c:67:0f:85:22:59:05:91:91:

+ 41:77:81:d0:85:4c:87:10:71:ff:9e:43:1b:ae:95:

+ 75:2d:81

+ Exponent: 65537 (0x10001)

+ X509v3 extensions:

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Authority Key Identifier:

+ 40:E4:E4:F2:23:EF:38:CA:B0:AE:57:7F:F2:21:30:16:34:DB:BC:92

+ X509v3 Subject Key Identifier:

+ 40:E4:E4:F2:23:EF:38:CA:B0:AE:57:7F:F2:21:30:16:34:DB:BC:92

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ Signature Algorithm: sha384WithRSAEncryption

+ Signature Value:

+ 26:3b:51:e1:4d:38:f3:32:18:b4:b4:5e:e1:65:5e:c4:94:4f:

+ d4:a7:61:a3:f8:c0:cf:33:01:02:e9:c3:aa:35:0f:f1:94:13:

+ 77:77:35:9e:2d:56:51:44:6e:e1:c6:2e:28:1e:ff:da:ec:47:

+ cd:97:44:17:f7:e0:4c:c2:e1:7c:7c:32:7a:66:c8:5a:b6:5c:

+ 53:45:57:5a:45:d4:05:99:2f:2e:23:55:ee:63:68:df:d3:1b:

+ 78:a7:12:94:06:00:75:0d:72:84:e9:2e:bc:5a:6a:d5:de:2f:

+ 59:c7:a3:ec:d2:87:66:db:b7:54:b5:24:ab:f4:43:78:db:4b:

+ 04:c4:6f:dd:e6:3e:66:3e:29:f2:4b:68:71:22:87:a0:f8:b1:

+ 33:63:76:e3:0d:85:72:44:22:55:3f:1c:7c:e9:fc:b8:15:e8:

+ 52:fa:aa:3e:a3:21:39:35:74:89:a6:6a:c2:39:fa:78:cf:b6:

+ ac:e7:e7:d6:56:ff:23:92:2e:50:0b:a9:b5:07:33:f4:38:5f:

+ a4:49:a6:cb:65:70:76:e8:0a:85:80:4b:36:3d:33:f7:95:54:

+ 75:25:da:ac:c4:73:82:65:e9:52:f5:5c:fd:38:95:02:6a:69:

+ 30:c5:1c:0a:57:07:ae:22:a4:2c:f9:c5:41:b7:b8:ec:9f:4f:

+ 48:00:f9:01:04:55:cc:ac:f9:32:31:c4:75:95:06:a0:7f:d1:

+ 8d:27:dd:b3:a9:a4:72:87:fe:59:8b:9a:7a:74:16:dd:16:a5:

+ 62:29:eb:3a:96:dc:8b:a7:68:59:d3:eb:77:91:39:f8:d7:cb:

+ d9:8f:5f:5a:27:01:7d:5d:68:19:62:d8:c8:cd:f4:b7:72:47:

+ be:5b:97:ce:f2:ad:a2:99:93:ad:94:cb:93:f6:12:09:95:b6:

+ ab:d7:3b:d0:3f:11:cb:30:16:2e:79:80:e4:67:81:2d:5d:ed:

+ 70:78:b6:60:59:ac:e1:5d:45:63:8f:c8:df:72:68:5b:ea:1d:

+ b8:01:f1:7e:fb:e7:8a:b3:e3:54:a0:38:09:e0:3c:de:42:f2:

+ c2:ed:2e:9b:f3:1f:35:b6:36:d8:e3:80:a1:8b:cd:99:64:0f:

+ c2:aa:ab:b1:ca:f5:6f:9e:43:8d:84:54:99:b3:6e:c0:12:66:

+ d8:70:10:f1:06:35:33:43:a8:9c:2e:ba:14:31:ce:10:7f:1c:

+ 86:e3:8f:d2:d5:f8:77:ec:9b:ab:f1:2f:63:d9:42:5f:e0:67:

+ 81:64:91:f1:97:2f:fc:6e:26:f6:33:f8:d3:b5:f8:c4:62:ab:

+ 31:51:25:02:7a:f8:dd:6b:65:d5:6d:4d:30:c8:65:ba:68:14:

+ 65:ac:27:0b:74:8a:f2:87

+SHA1 Fingerprint=63:CF:B6:C1:27:2B:56:E4:88:8E:1C:23:9A:B6:2E:81:47:24:C3:C7

+-----BEGIN CERTIFICATE-----

+MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEM

+BQAwWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dp

+ZXMsIEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAe

+Fw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEwMTlaMFoxCzAJBgNVBAYTAkNOMSUw

+IwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtU

+cnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4IC

+DwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNS

+T1QY4SxzlZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqK

+AtCWHwDNBSHvBm3dIZwZQ0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1

+nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/VP68czH5GX6zfZBCK70bwkPAPLfSIC7Ep

+qq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1AgdB4SQXMeJNnKziyhWTXA

+yB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm9WAPzJMs

+hH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gX

+zhqcD0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAv

+kV34PmVACxmZySYgWmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msT

+f9FkPz2ccEblooV7WIQn3MSAPmeamseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jA

+uPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCFTIcQcf+eQxuulXUtgQIDAQAB

+o2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj7zjKsK5Xf/Ih

+MBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E

+BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4

+wM8zAQLpw6o1D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2

+XFNFV1pF1AWZLy4jVe5jaN/TG3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1

+JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNjduMNhXJEIlU/HHzp/LgV6FL6qj6j

+ITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstlcHboCoWASzY9M/eV

+VHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys+TIx

+xHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1on

+AX1daBli2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d

+7XB4tmBZrOFdRWOPyN9yaFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2Ntjj

+gKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsASZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV

++Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFRJQJ6+N1rZdVtTTDIZbpo

+FGWsJwt0ivKH

+-----END CERTIFICATE-----

diff --git a/secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem b/secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem
new file mode 100644
index 000000000000..f25718653eaf
--- /dev/null
+++ b/secure/caroot/trusted/TrustAsia_Global_Root_CA_G4.pem

@@ -0,0 +1,70 @@

+##

+## TrustAsia Global Root CA G4

+##

+## This is a single X.509 certificate for a public Certificate

+## Authority (CA). It was automatically extracted from Mozilla's

+## root CA list (the file `certdata.txt' in security/nss).

+##

+## It contains a certificate trusted for server authentication.

+##

+## Extracted from nss

+##

+## @generated

+##

+Certificate:

+ Data:

+ Version: 3 (0x2)

+ Serial Number:

+ 4f:23:64:b8:8e:97:63:9e:c6:53:81:c1:76:4e:cb:2a:74:15:d6:d7

+ Signature Algorithm: ecdsa-with-SHA384

+ Issuer: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G4

+ Validity

+ Not Before: May 20 02:10:22 2021 GMT

+ Not After : May 19 02:10:22 2046 GMT

+ Subject: C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia Global Root CA G4

+ Subject Public Key Info:

+ Public Key Algorithm: id-ecPublicKey

+ Public-Key: (384 bit)

+ pub:

+ 04:f1:b3:cd:38:e4:25:43:e5:de:19:09:bb:81:79:

+ a2:15:5f:15:63:01:de:c2:ab:dd:b3:a6:1b:67:4b:

+ 80:83:af:99:cb:ac:17:db:2b:96:ca:7c:52:55:e2:

+ 1a:e1:3d:56:f0:2f:16:08:fa:15:bc:9b:bb:47:e6:

+ 3f:ee:a8:e1:4c:8c:f5:d3:36:f9:38:5d:ab:70:9a:

+ 47:0d:e2:81:41:06:eb:49:f9:b0:29:dd:33:ec:50:

+ a5:7f:79:29:b8:20:98

+ ASN1 OID: secp384r1

+ NIST CURVE: P-384

+ X509v3 extensions:

+ X509v3 Basic Constraints: critical

+ CA:TRUE

+ X509v3 Authority Key Identifier:

+ A5:BB:4A:97:CE:B3:2B:7F:A4:31:DE:97:83:59:83:A6:6F:71:CB:DE

+ X509v3 Subject Key Identifier:

+ A5:BB:4A:97:CE:B3:2B:7F:A4:31:DE:97:83:59:83:A6:6F:71:CB:DE

+ X509v3 Key Usage: critical

+ Certificate Sign, CRL Sign

+ Signature Algorithm: ecdsa-with-SHA384

+ Signature Value:

+ 30:64:02:30:5e:f2:eb:06:cc:49:31:9f:40:00:6d:b7:7e:36:

+ f0:4d:11:4f:f3:cb:89:3a:2c:78:91:50:a3:5b:c0:ca:75:26:

+ f2:bf:90:5d:0b:82:8c:60:28:9f:c6:70:9a:68:e4:f1:02:30:

+ 5c:58:0e:56:76:cf:58:c3:d7:10:8c:ba:8e:ae:e3:bc:64:75:

+ 47:c5:55:90:e3:fd:ba:55:eb:07:c4:53:ab:37:a9:ee:21:b2:

+ 21:5b:60:8f:3d:32:f1:d5:23:94:d6:58

+SHA1 Fingerprint=57:73:A5:61:5D:80:B2:E6:AC:38:82:FC:68:07:31:AC:9F:B5:92:5A

+-----BEGIN CERTIFICATE-----

+MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMw

+WjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs

+IEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0y

+MTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJaMFoxCzAJBgNVBAYTAkNOMSUwIwYD

+VQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtUcnVz

+dEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATx

+s8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbw

+LxYI+hW8m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJij

+YzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mD

+pm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/pDHel4NZg6ZvccveMA4GA1UdDwEB/wQE

+AwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AAbbd+NvBNEU/zy4k6LHiR

+UKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xkdUfFVZDj

+/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA==

+-----END CERTIFICATE-----