projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ssl/ca-global: add ANSSI and CNNIC to the blacklist
[mirror/dsa-puppet.git] / modules / ssl / files / ca-certificates-global.conf
1 # This file is under puppet control
2 # All CAs are trusted, see /etc/ssl/README
3
4 # blacklist SPI's old CA
5 !spi-inc.org/spi-cacert-2008.crt
6
7 # blacklist StartCom/WoSign
8 # https://wiki.mozilla.org/CA:WoSign_Issues
9 !mozilla/StartCom_Certification_Authority_2.crt
10 !mozilla/StartCom_Certification_Authority_G2.crt
11 !mozilla/StartCom_Certification_Authority.crt
12 !mozilla/WoSign_China.crt
13 !mozilla/WoSign.crt
14 !mozilla/CA_WoSign_ECC_Root.crt
15 !mozilla/Certification_Authority_of_WoSign_G2.crt
16
17 # https://wiki.mozilla.org/CA/Additional_Trust_Changes#CNNIC
18 !mozilla/CNNIC_ROOT.crt
19 !mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt
20
21 # https://wiki.mozilla.org/CA/Additional_Trust_Changes#ANSSI
22 !mozilla/IGC_A.crt
Unnamed repository; edit this file 'description' to name the repository.