| OLD | NEW |
|---|
| (Empty) | |
| 1 # Symantec Certificates |
| 2 |
| 3 This directory contains the set of known active and legacy root certificates |
| 4 operated by Symantec Corporation. In order for certificates issued from |
| 5 roots to be trusted, it is required that the certificates be logged using |
| 6 Certificate Transparency. |
| 7 |
| 8 For details about why, see <https://security.googleblog.com/2015/10/sustaining-d
igital-certificate-security.html> |
| 9 |
| 10 The exception to this is sub-CAs which have been disclosed as independently |
| 11 operated, whose keys are not in control of Symantec, and which are |
| 12 maintaining a current and appropriate audit. |
| 13 |
| 14 ## Roots |
| 15 |
| 16 The full set of roots are in the [roots/](roots/) directory, organized by |
| 17 SHA-256 hash of the certificate file. |
| 18 |
| 19 The following command can be used to match certificates and their key hashes: |
| 20 |
| 21 `` for f in roots/*.pem; do openssl x509 -noout -pubkey -in "${f}" | openssl asn
1parse -inform pem -out /tmp/pubkey.out -noout; digest=`cat /tmp/pubkey.out | op
enssl dgst -sha256 -c | awk -F " " '{print $2}' | sed s/:/,0x/g `; echo "0x${dig
est} ${f##*/}"; done | sort `` |
| 22 |
| 23 ## Excluded Sub-CAs |
| 24 |
| 25 ### Aetna |
| 26 |
| 27 WebTrust audit confirmed out-of-band. |
| 28 [Certification Practices Statement](http://crl.aetna.com/aetnacps.pdf) |
| 29 Note: Not issuing new certificates and can be removed after October 2016. |
| 30 |
| 31 * [d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem](exclu
ded/d6e4e7b9af3bd5a8f2d6321cde26639c25644f7307ce16aad347d9ad53d3ce13.pem) |
| 32 |
| 33 ### Apple |
| 34 |
| 35 [WebTrust Audit](https://cert.webtrust.org/ViewSeal?id=1917) |
| 36 [Certification Practices Statement](http://images.apple.com/certificateauthority
/pdf/Apple_IST_CPS_v2.0.pdf) |
| 37 |
| 38 * [17f96609ac6ad0a2d6ab0a21b2d1b5b2946bd04dbf120703d1def6fb62f4b661.pem](exclu
ded/17f96609ac6ad0a2d6ab0a21b2d1b5b2946bd04dbf120703d1def6fb62f4b661.pem) |
| 39 * [3db76d1dd7d3a759dccc3f8fa7f68675c080cb095e4881063a6b850fdd68b8bc.pem](exclu
ded/3db76d1dd7d3a759dccc3f8fa7f68675c080cb095e4881063a6b850fdd68b8bc.pem) |
| 40 * [6115f06a338a649e61585210e76f2ece3989bca65a62b066040cd7c5f408edd0.pem](exclu
ded/6115f06a338a649e61585210e76f2ece3989bca65a62b066040cd7c5f408edd0.pem) |
| 41 * [904fb5a437754b1b32b80ebae7416db63d05f56a9939720b7c8e3dcc54f6a3d1.pem](exclu
ded/904fb5a437754b1b32b80ebae7416db63d05f56a9939720b7c8e3dcc54f6a3d1.pem) |
| 42 * [ac2b922ecfd5e01711772fea8ed372de9d1e2245fce3f57a9cdbec77296a424b.pem](exclu
ded/ac2b922ecfd5e01711772fea8ed372de9d1e2245fce3f57a9cdbec77296a424b.pem) |
| 43 |
| 44 ### Google |
| 45 |
| 46 [WebTrust Audit](https://cert.webtrust.org/ViewSeal?id=1941) |
| 47 [Certification Practices Statement](http://static.googleusercontent.com/media/pk
i.google.com/en//GIAG2-CPS-1.3.pdf) |
| 48 |
| 49 * [c3f697a92a293d86f9a3ee7ccb970e20e0050b8728cc83ed1b996ce9005d4c36.pem](exclu
ded/c3f697a92a293d86f9a3ee7ccb970e20e0050b8728cc83ed1b996ce9005d4c36.pem) |
| 50 |
| 51 ### Unicredit |
| 52 |
| 53 Audit information still undergoing review. |
| 54 [Certification Practices Statement](http://ca.unicredit.eu/CPS/cps.html) |
| 55 |
| 56 * [8c31013d19f8eea618c95fda6d21f5777c6e930c7413031559ee863d78dfe809.pem](exclu
ded/8c31013d19f8eea618c95fda6d21f5777c6e930c7413031559ee863d78dfe809.pem) |
| 57 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2109913004:
Require Certificate Transparency for Symantec-operated roots (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@wire_up_policy