Skip to content

Tags: cloudflare/cfssl_trust

Tags

trust-store-2025.9.0

Toggle trust-store-2025.9.0's commit message 
Trust store release 2025.9.0

Rolling trust store release at 2025-09-07T03:26:31+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=41f486f29c43c5aa9c525a7a3c7ef18431bc61ba, serial=7498531878704610227627489146658732915, subject='/Mass HIway CA/C=US/O=Massachusetts Health Information Highway (Mass HIway)/OU=Orion Health Direct Secure Messaging')
skipping expired certificate (SKI=702d4ba984011a8475f778a90949ec304bf96feb, serial=12080776302334618507873099194241583455, subject='/DigiCert Governmental Direct CA/C=US/O=DigiCert Inc/OU=www.digicert.com')
1293 certificates rolled
2 certificates skipped
Successfully rolled new int release 2025.9.0
$ cfssl-trust -d ./cert.db  -b ca release 504h
346 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.9.0
$ cfssl-trust -d ./cert.db  -r 2025.9.0 -b int bundle int-bundle.crt
selected release 2025.9.0
Selected 1293 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.9.0 -b ca bundle ca-bundle.crt
selected release 2025.9.0
Selected 346 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  cert.db
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.8.3

Toggle trust-store-2025.8.3's commit message 
Trust store release 2025.8.3

Rolling trust store release at 2025-08-31T03:28:58+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=5af3ed2bfc36c23779b95230ea546fcf55cb2eac, serial=238917698029532949600116015593252145733, subject='/E1/C=US/O=Let's Encrypt')
skipping expired certificate (SKI=7c4296aede4b483bfa92f89e8ccf6d8ba9723795, serial=10126462700708491348274246233644721251, subject='/ISRG Root X2/C=US/O=Internet Security Research Group')
skipping expired certificate (SKI=6d992af54d02ebe311c160ba926f8d3d2ef1ea44, serial=104771422782942698878324890912429255287, subject='/E2/C=US/O=Let's Encrypt')
skipping expired certificate (SKI=142eb317b75856cbae500940e61faf9d8b14c2c6, serial=192961496339968674994309121183282847578, subject='/R3/C=US/O=Let's Encrypt')
skipping expired certificate (SKI=369d3ee0b140f6272c7cbf8d9d318af654a64626, serial=184062427331579619898468442554398596450, subject='/R4/C=US/O=Let's Encrypt')
1295 certificates rolled
5 certificates skipped
Successfully rolled new int release 2025.8.3
$ cfssl-trust -d ./cert.db  -b ca release 504h
346 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.8.3
$ cfssl-trust -d ./cert.db  -r 2025.8.3 -b int bundle int-bundle.crt
selected release 2025.8.3
Selected 1295 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.8.3 -b ca bundle ca-bundle.crt
selected release 2025.8.3
Selected 346 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  cert.db
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.8.2

Toggle trust-store-2025.8.2's commit message 
Trust store release 2025.8.2

Rolling trust store release at 2025-08-24T03:36:10+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=a9b69575040136d2948f8cf3ea4324c5675440cb, serial=137335794185598683412356329842756907268, subject='/InterContinental Hotels Group RSA Client CA/C=US/O=Six Continents Hotels, Inc./L=Dunwoody/ST=GA')
skipping expired certificate (SKI=3d808279c54882a3c312eedf990f5735489ed0cb, serial=1440660458996309441122145202371455, subject='/GlobalSign Domain Validation CA - SHA256 - G3/C=BE/O=GlobalSign nv-sa')
skipping expired certificate (SKI=6886b87d7ad96d496b872f188b15346cd7b47a0e, serial=1440660459780004765215310003153401, subject='/GlobalSign Organization Validation CA - SHA256 - G3/C=BE/O=GlobalSign nv-sa')
skipping expired certificate (SKI=a9074811b8b295a0d572f12f552b987cec2d299e, serial=166275597015633400825329997352111055, subject='/CERTSIGN FOR BANKING QUALIFIED DS PRODUCTION CA V3/C=RO/O=certSIGN/OU=Certificat de productie Production certificate')
skipping expired certificate (SKI=20211332ca65a94a5b65f8414e1de3fbb55b7f60, serial=166275597015633424109129184783949709, subject='/CERTSIGN FOR BANKING SIMPLE SSL PRODUCTION CA V3/C=RO/O=certSIGN/OU=Certificat de productie Production certificate')
1300 certificates rolled
5 certificates skipped
Successfully rolled new int release 2025.8.2
$ cfssl-trust -d ./cert.db  -b ca release 504h
346 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.8.2
$ cfssl-trust -d ./cert.db  -r 2025.8.2 -b int bundle int-bundle.crt
selected release 2025.8.2
Selected 1300 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.8.2 -b ca bundle ca-bundle.crt
selected release 2025.8.2
Selected 346 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  cert.db
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.8.1

Toggle trust-store-2025.8.1's commit message 
Trust store release 2025.8.1

Rolling trust store release at 2025-08-10T03:48:38+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=56901a6bf9f4429a64a6072f1524ee8c280e2a63, serial=18700041124039476198255164019348132057, subject='/Care360 Direct Intermediate CA/C=US/O=Quest Diagnostics Care360/OU=Care360 Direct Messaging')
skipping expired certificate (SKI=157fefbd89eebcae1a1989c52ade7616cc26c66e, serial=15707864547634624399031729441762860588, subject='/Google CA1/C=US/O=Google, Inc./L=Mountain View/ST=CA')
skipping expired certificate (SKI=d7df929a0e4ab8b7b97009bd7667327757c92f1f, serial=19333297106921570230466422307331826112, subject='/Data Management Intermediate Certificate Authority/C=US/O=Fresenius Kabi AG/OU=Fresenius Kabi USA')
skipping expired certificate (SKI=8c3d5409c4800aa14b2789b239d81cf3d7ca1595, serial=167539670641822701624615479468876032624, subject='/Booz Allen Hamilton BA CA 01/C=US/O=IdenTrust/OU=TrustID')
skipping expired certificate (SKI=d8cd70db062207fcb9136b7939ef3ddd5c75d7fc, serial=8389317207983247744, subject='/Atos TrustedRoot Client Issuing CA 2015/C=DE/O=Atos')
skipping expired certificate (SKI=76e844a70b354cbdd1240cbc4adbf6316cec7234, serial=11080678570535353315623737611417375470, subject='/Data Management Intermediate CA2/C=US/O=Fresenius Kabi AG')
1305 certificates rolled
6 certificates skipped
Successfully rolled new int release 2025.8.1
$ cfssl-trust -d ./cert.db  -b ca release 504h
skipping expired certificate (SKI=bfb627d8035a76654c6101415631e58b7b3ad9cc, serial=4, subject='/KISA RootCA 1/C=KR/O=KISA/OU=Korea Certification Authority Central')
346 certificates rolled
1 certificates skipped
Successfully rolled new ca release 2025.8.1
$ cfssl-trust -d ./cert.db  -r 2025.8.1 -b int bundle int-bundle.crt
selected release 2025.8.1
Selected 1305 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.8.1 -b ca bundle ca-bundle.crt
selected release 2025.8.1
Selected 346 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  ca-bundle.crt
M  cert.db
M  certdata/ca-bundle.txt
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.8.0

Toggle trust-store-2025.8.0's commit message 
Trust store release 2025.8.0

Rolling trust store release at 2025-08-03T03:52:16+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=a92b87e1ce24473b1bbfcf853702559d0d9458e6, serial=1438827024893517455116777811697460, subject='/GlobalSign CloudSSL CA - SHA256 - G3/C=BE/O=GlobalSign nv-sa')
skipping expired certificate (SKI=a92b87e1ce24473b1bbfcf853702559d0d9458e6, serial=1476377652285114636243083462915621, subject='/GlobalSign CloudSSL CA - SHA256 - G3/C=BE/O=GlobalSign nv-sa')
1311 certificates rolled
2 certificates skipped
Successfully rolled new int release 2025.8.0
$ cfssl-trust -d ./cert.db  -b ca release 504h
skipping expired certificate (SKI=03252fde6f82013a5c2cdc2ba169b567d48cd3fd, serial=122348795730808398873664200247279986742, subject='/Swisscom Root CA 1/C=ch/O=Swisscom/OU=Digital Certificate Services')
347 certificates rolled
1 certificates skipped
Successfully rolled new ca release 2025.8.0
$ cfssl-trust -d ./cert.db  -r 2025.8.0 -b int bundle int-bundle.crt
selected release 2025.8.0
Selected 1311 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.8.0 -b ca bundle ca-bundle.crt
selected release 2025.8.0
Selected 347 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  ca-bundle.crt
M  cert.db
M  certdata/ca-bundle.txt
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.7.5

Toggle trust-store-2025.7.5's commit message 
Trust store release 2025.7.5

Rolling trust store release at 2025-07-28T17:23:28+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=8939416491e946a4165907f22baf527f7d4bda92, serial=640569741292333782980, subject='/SECOM Passport for Member PUB CA5/C=JP/O=SECOM Trust Systems CO.,LTD./OU=SECOM Passport for Member 2.0 PUB')
skipping expired certificate (SKI=e601e14b3776d6a20e76f39d72cc96f7cb1da8ce, serial=3664114130748528749194313935010737663, subject='/CertiSur Class 2 CA - G3/O=CertiSur S.A./OU=Symantec Trust Network')
1313 certificates rolled
2 certificates skipped
Successfully rolled new int release 2025.7.5
$ cfssl-trust -d ./cert.db  -b ca release 504h
348 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.7.5
Adding new roots:
--/home/runner/work/_temp/new_roots.txt ---
selected release 2025.7.5
Adding new intermediates:
--/home/runner/work/_temp/new_intermediates.txt ---
selected release 2025.7.5
$ cfssl-trust -d ./cert.db  -r 2025.7.5 -b int bundle int-bundle.crt
selected release 2025.7.5
Selected 1313 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.7.5 -b ca bundle ca-bundle.crt
selected release 2025.7.5
Selected 348 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  cert.db
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.7.4

Toggle trust-store-2025.7.4's commit message 
Trust store release 2025.7.4

Rolling trust store release at 2025-07-20T03:50:10+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=c77dea5d19ab54d4fa3fe64a73de7ab23c1d6c2e, serial=328267978012345001083588541062929633520, subject='/Trustwave Secure Global Extended Validation CA, Level 1/C=US/O=Trustwave Holdings, Inc./L=Chicago/ST=Illinois')
skipping expired certificate (SKI=c5ceb93b4245c0cd09e568e8483a835d6c8eab18, serial=281573588827361652370864010853525208364, subject='/Trustwave XRamp Global Extended Validation CA, Level 1/C=US/O=Trustwave Holdings, Inc./L=Chicago/ST=Illinois')
1315 certificates rolled
2 certificates skipped
Successfully rolled new int release 2025.7.4
$ cfssl-trust -d ./cert.db  -b ca release 504h
348 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.7.4
$ cfssl-trust -d ./cert.db  -r 2025.7.4 -b int bundle int-bundle.crt
selected release 2025.7.4
Selected 1315 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.7.4 -b ca bundle ca-bundle.crt
selected release 2025.7.4
Selected 348 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  cert.db
M  certdata/ca-bundle.txt
M  certdata/int-bundle.txt
M  int-bundle.crt

trust-store-2025.7.3

Toggle trust-store-2025.7.3's commit message 
Trust store release 2025.7.3

Rolling trust store release at 2025-07-11T16:44:11-0700.
$ cfssl-trust -d ./cert.db  -b int release 0h
1317 certificates rolled
0 certificates skipped
Successfully rolled new int release 2025.7.3
$ cfssl-trust -d ./cert.db  -b ca release 0h
347 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.7.3
Adding new roots:
--root ---
CERTIFICATE
Subject: /Sectigo Public Server Authentication Root R46/C=GB/O=Sectigo Limited
Issuer: /USERTrust RSA Certification Authority/C=US/O=The USERTRUST
    Network/L=Jersey City/ST=New Jersey
	Signature algorithm: RSA / SHA384
Details:
	Public key: RSA-4096
	Serial number: 279801108986267997430958846641392622020
	AKI: 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB
	SKI: 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49
	Valid from: 2021-03-22T00:00:00+0000
	     until: 2038-01-18T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Extended usages: client auth, server auth
	Basic constraints: valid, is a CA certificate
	SANs (0):
	OCSP server:
		- http://ocsp.usertrust.com
selected release 2025.7.3
- importing serial 279801108986267997430958846641392622020 SKI 5673586495f9921ab0122a046279a14015882149
$ cfssl-trust -d ./cert.db  -r 2025.7.3 -b int bundle int-bundle.crt
selected release 2025.7.3
Selected 1317 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.7.3 -b ca bundle ca-bundle.crt
selected release 2025.7.3
Selected 348 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  ca-bundle.crt
M  cert.db
M  certdata/ca-bundle.txt

trust-store-2025.7.2

Toggle trust-store-2025.7.2's commit message 
Trust store release 2025.7.2

Rolling trust store release at 2025-07-08T16:29:57-0400.
$ cfssl-trust -d ./cert.db  -b int release 0h
1317 certificates rolled
0 certificates skipped
Successfully rolled new int release 2025.7.2
$ cfssl-trust -d ./cert.db  -b ca release 0h
347 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2025.7.2
Adding new roots:
--./new-root.crt ---
CERTIFICATE
Subject: /Sectigo Public Server Authentication Root R46/C=GB/O=Sectigo Limited
Issuer: /Sectigo Public Server Authentication Root R46/C=GB/O=Sectigo Limited
	Signature algorithm: RSA / SHA384
Details:
	Public key: RSA-4096
	Serial number: 156256931880233212765902055439220583700
	SKI: 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49
	Valid from: 2021-03-22T00:00:00+0000
	     until: 2046-03-21T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Basic constraints: valid, is a CA certificate
	SANs (0):
selected release 2025.7.2
- importing serial 156256931880233212765902055439220583700 SKI 5673586495f9921ab0122a046279a14015882149
Adding new intermediates:
--./new-ints.crt ---
CERTIFICATE
Subject: /Entrust OV TLS Issuing RSA CA 2/C=CA/O=Entrust Limited
Issuer: /Sectigo Public Server Authentication Root R46/C=GB/O=Sectigo Limited
	Signature algorithm: RSA / SHA384
Details:
	Public key: RSA-3072
	Serial number: 172838154427687735430042424616462326861
	AKI: 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49
	SKI: 17:D1:AF:00:74:F9:55:FB:52:37:D8:84:76:0B:5B:12:8A:50:5A:C5
	Valid from: 2024-12-11T00:00:00+0000
	     until: 2027-12-10T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Extended usages: client auth, server auth
	Basic constraints: valid, is a CA certificate, max path length 0
	SANs (0):
	1 AIA:
		http://crt.sectigo.com/SectigoPublicServerAuthenticationRootR46.p7c
	OCSP server:
		- http://ocsp.sectigo.com
CERTIFICATE
Subject: /Entrust DV TLS Issuing RSA CA 2/C=CA/O=Entrust Limited
Issuer: /Sectigo Public Server Authentication Root R46/C=GB/O=Sectigo Limited
	Signature algorithm: RSA / SHA384
Details:
	Public key: RSA-3072
	Serial number: 14403217535373145338590986297320592700
	AKI: 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49
	SKI: 8D:42:49:37:40:B9:47:95:80:98:BE:A9:B9:3A:6B:F0:CD:96:A1:83
	Valid from: 2024-12-11T00:00:00+0000
	     until: 2027-12-10T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Extended usages: client auth, server auth
	Basic constraints: valid, is a CA certificate, max path length 0
	SANs (0):
	1 AIA:
		http://crt.sectigo.com/SectigoPublicServerAuthenticationRootR46.p7c
	OCSP server:
		- http://ocsp.sectigo.com
CERTIFICATE
Subject: /Entrust EV TLS Issuing RSA CA 2/C=CA/O=Entrust Limited
Issuer: /Sectigo Public Server Authentication Root R46/C=GB/O=Sectigo Limited
	Signature algorithm: RSA / SHA384
Details:
	Public key: RSA-3072
	Serial number: 254151669218637103585409482530369551934
	AKI: 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49
	SKI: C1:B1:A1:FD:27:35:8E:C8:71:02:9E:7A:93:06:39:64:66:E6:6A:9D
	Valid from: 2024-12-11T00:00:00+0000
	     until: 2027-12-10T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Extended usages: client auth, server auth
	Basic constraints: valid, is a CA certificate, max path length 0
	SANs (0):
	1 AIA:
		http://crt.sectigo.com/SectigoPublicServerAuthenticationRootR46.p7c
	OCSP server:
		- http://ocsp.sectigo.com
selected release 2025.7.2
- importing serial 172838154427687735430042424616462326861 SKI 17d1af0074f955fb5237d884760b5b128a505ac5
- importing serial 14403217535373145338590986297320592700 SKI 8d42493740b947958098bea9b93a6bf0cd96a183
- importing serial 254151669218637103585409482530369551934 SKI c1b1a1fd27358ec871029e7a9306396466e66a9d
$ cfssl-trust -d ./cert.db  -r 2025.7.2 -b int bundle int-bundle.crt
selected release 2025.7.2
Selected 1317 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.7.2 -b ca bundle ca-bundle.crt
selected release 2025.7.2
Selected 347 certificates for this release.

trust-store-2025.7.0

Toggle trust-store-2025.7.0's commit message 
Trust store release 2025.7.0

Rolling trust store release at 2025-07-06T03:41:32+0000.
$ cfssl-trust -d ./cert.db  -b int release 504h
skipping expired certificate (SKI=df060f63fb545e46cd45fee38cbb44460a745943, serial=149581395785420404814452296002015155524, subject='/BlackCert, Inc. RSA Client Certification Authority/C=US/O=BlackCert, Inc./L=Denver/ST=CO')
1314 certificates rolled
1 certificates skipped
Successfully rolled new int release 2025.7.0
$ cfssl-trust -d ./cert.db  -b ca release 504h
skipping expired certificate (SKI=4bdebe05312ef335c8d8caa756c5940db45a65c5, serial=4835703278459639067623829, subject='/Certipost E-Trust TOP Root CA/C=BE/O=Certipost s.a./n.v.')
347 certificates rolled
1 certificates skipped
Successfully rolled new ca release 2025.7.0
$ cfssl-trust -d ./cert.db  -r 2025.7.0 -b int bundle int-bundle.crt
selected release 2025.7.0
Selected 1314 certificates for this release.
$ cfssl-trust -d ./cert.db  -r 2025.7.0 -b ca bundle ca-bundle.crt
selected release 2025.7.0
Selected 347 certificates for this release.
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
$ git status --porcelain -uno
M  ca-bundle.crt
M  cert.db
M  certdata/ca-bundle.txt
M  certdata/int-bundle.txt
M  int-bundle.crt