BugTraq
iOS: List of available trusted root certificates Sep 30 2013 10:06PM
Jeffrey Walton (noloader gmail com) (1 replies)
Re: iOS: List of available trusted root certificates Oct 01 2013 06:11AM
Jason Hellenthal (jhellenthal dataix net)
You can't install your own certificate chain ? "Profiles" respectively . . . that take place over the relevance of the already in place trust store certs ?

On Sep 30, 2013, at 18:06, Jeffrey Walton <noloader (at) gmail (dot) com [email concealed]> wrote:

From "iOS: List of available trusted root certificates",
http://support.apple.com/kb/HT5012.

There's no reason to allow some of this to occur in 2013. As a
proxy-relying-party, Apple is responsible for this stuff because users
are not allowed to make the decisions or modify the Trust Store.

For reference:
Peter Gutmann, Engineering Security,
www.cs.auckland.ac.nz/~pgut001/pubs/book.pdfâ??
Baseline Certificate Requirements:
https://www.cabforum.org/Baseline_Requirements_V1_1_6.pdf
Extended Validation Certificate Requirements:
https://www.cabforum.org/Guidelines_v1_4_3.pdf

Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4
Public Primary Certification Authority - G3
Serial Number: ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
Missing Critical Basic Constraint and CA=TRUE

Subject: C=DK, O=TDC Internet, OU=TDC Internet Root CA
Serial Number: 986490188 (0x3acca54c)
Missing Critical Basic Constraint

Subject: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=ANKARA, O=(c) 2005
T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim
G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
Serial Number: 1 (0x1)
Missing Critical Basic Constraint

Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref.
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure
Server Certification Authority
Serial Number: 927650371 (0x374ad243)
Missing Critical Basic Constraint

Subject: C=CN, O=UniTrust, CN=UCA Root
Serial Number: 9 (0x9)
Missing Critical Basic Constraint

Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority
Serial Number: 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority
Serial Number: 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Missing Critical Basic Constraint and CA=TRUE

Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert
Class 2 Policy Validation Authority,
CN=http://www.valicert.com//emailAddress=info (at) valicert (dot) com [email concealed]
Serial Number: 1 (0x1)
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: 7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: 32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
Missing Critical Basic Constraint and CA=TRUE

Subject: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing,
CN=StartCom Certification Authority
Serial Number: 1 (0x1)
Missing Critical Basic Constraint

Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert
Class 1 Policy Validation Authority,
CN=http://www.valicert.com//emailAddress=info (at) valicert (dot) com [email concealed]
Serial Number: 1 (0x1)
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary
Certification Authority
Serial Number: cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary
Certification Authority
Serial Number: 3f:69:1e:81:9c:f0:9a:4a:f3:73:ff:b9:48:a2:e4:dd
Missing Critical Basic Constraint and CA=TRUE

Subject: C=CN, O=UniTrust, CN=UCA Global Root
Serial Number: 8 (0x8)
Missing Critical Basic Constraint

Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2
Public Primary Certification Authority - G3
Serial Number: 61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD CLASS 3 Root CA
Serial Number: 4 (0x4)
Missing Critical Basic Constraint

Subject: C=KR, O=KISA, OU=Korea Certification Authority Central,
CN=KISA RootCA 3
Serial Number: 2 (0x2)
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
Missing Critical Basic Constraint and CA=TRUE

Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root
Certification Authority
Serial Number: 15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d
Missing Critical Basic Constraint

Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc.,
CN=GTE CyberTrust Global Root
Serial Number: 421 (0x1a5)
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2
Certification Authority
Serial Number: 0 (0x0)
Missing Critical Basic Constraint

Subject: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
Serial Number: 930140085 (0x3770cfb5)
Missing Critical Basic Constraint

Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert
Class 3 Policy Validation Authority,
CN=http://www.valicert.com//emailAddress=info (at) valicert (dot) com [email concealed]
Serial Number: 1 (0x1)
Missing Critical Basic Constraint

Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1
Public Primary Certification Authority - G3
Serial Number: 8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
Missing Critical Basic Constraint

Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary
Certification Authority
Serial Number: 2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c)
1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3
Public Primary Certification Authority - G3
Serial Number: 9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
Missing Critical Basic Constraint and CA=TRUE

Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2
Certification Authority
Serial Number: 0 (0x0)
Missing Critical Basic Constraint

Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref.
(limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net
Certification Authority (2048)
Serial Number: 946059622 (0x3863b966)
Missing Critical Basic Constraint and CA=TRUE

Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
Serial Number: 10000010 (0x98968a)
Missing Critical Basic Constraint

Subject: C=JP, O=Japanese Government, OU=MPHPT, OU=MPHPT Certification Authority
Serial Number: 0 (0x0)
Missing Critical Basic Constraint

Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center,
CN=Deutsche Telekom Root CA 2
Serial Number: 38 (0x26)
Missing Critical Basic Constraint

Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Serial Number: 903804111 (0x35def4cf)
Missing Critical Basic Constraint

Subject: C=CH, O=SwissSign, CN=SwissSign CA (RSA IK May 6 1999
18:00:58)/emailAddress=ca (at) SwissSign (dot) com [email concealed]
Serial Number: 437062991678488050 (0x610c279ab773df2)
Missing Critical Basic Constraint

Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary
Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For
authorized use only, OU=VeriSign Trust Network
Serial Number: 4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
Missing Critical Basic Constraint and CA=TRUE

Subject: C=FR, O=Certplus, CN=Class 2 Primary CA
Serial Number: 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
Missing Critical Basic Constraint
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?90?00? ¢?0
 *?H?÷
 0?1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
130518085048Z
140519220947Z0H10U jhellenthal (at) dataix (dot) net1 [email concealed]%0# *?H?÷
 jhellenthal (at) dataix (dot) net0 [email concealed]?"0
 *?H?÷
?0?
?¸'`TµmfkܨJ5?u+cá'ùUòp?bæê¬Á¾`?îzv?)&ȸX?Z*VáØN?6ò??Jv?LoV´o±hô
?}?gØ
p?QÇ?Kf/?tZ¿A?˳(?ì¿"4Ô?¹ÌË»¨'âd2h|ã±IB¦l¯'? ^vØ^´Â;'«?e8?S®ß9±9ä
ý·Û¿Vm|k8_UQ®°t¤C¹"5¼làÛ!kjZ]Þ?QGn³À?Æ\ß´B?Â?·h¥!F TÀsD¹%??üpV
^ÏE?ÙÓ?d¨x͸"9
г"ÈÈûÛ?Þ?¾f?£?Ü0?Ø0 U00 U°0U%0++0UÛÚ?®fmÙ
V?Ê¢é$ä??æ0U#0?Srí??àÚË\|~?5NòÔ¸Q?0!U0jhellenthal@dat
aix.net0?LU ?C0??0?; +µ70?*0.+"http://www.startssl.com/polic
y.pdf0÷+0ê0' StartCom Certification Authority0¾This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+ ) '?%http://crl.startssl.com/crtu1-crl.crl0?
+009+0?-http://ocsp.startssl.com/sub/class1/client/c
a0B+0?6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#
U0?http://www.startssl.com/0
 *?H?÷
 ?{0óñðÓ¸,52??W{àÐE´yÐ8ùbç[ãÐñ{Ùê7¢?_Û+ñûPÌ"ànó?[­·¼"-þ,°ÿ
@ŽpÝ?JÓÐ-W?á$ݍæ?jWA®è?-6Á?óz¡è( ?æ®ÀRdIZã.??¼À Kz?XÅÑ?[¾K6}{?s+v.?Qú?h?0×úæP¨Í?K³ ­h´Tw0Iô7ù3lëÈz*ýK vÍ÷4KkÚ¯çÏ6ù3;?p1:×±®?àæ¢@)®Úþö]o k>:W%XwÀC1
þLõ/Ío8ÿ?Ú~#éoP?0?40? 0
 *?H?÷
0}1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0?1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0?"0
 *?H?÷
?0?
?Ç ?ÌÎ-ر)¤.«?¾?2??¦?A?UG­Ôoêê¿#Gá
ï?B|N?D¢§»ÌÏRpºM-²õB?¥=oí?Í-êweÑ5¹JÿQpa>O??.Û#??âêÂû.Ïßý_µ<¡ÆüV?ÿ

[~â*»?*ÌpØz¨?~Æ3¡WåGÍ.á?????ÍMl?r[<CÏe¡6û«Èf?þ¿qàö¹?×õO?é"?uÆÐ
xf«WN?#uù¯ýi¹­ÅcÂgkÿãv$²®´?Lb¤%æëýÿáæßy??`¬ÍØÿØ_×{`ý?óxK'G±N§ë?
£?­0?©0Uÿ0ÿ0Uÿ0USrí??àÚË\|~?5Nò
Ô¸Q?0U#0?N ï¤@[¥i?0Ê4hCÐA®ò0f+Z0X0'+0?http:
//ocsp.startssl.com/ca0-+0?!http://www.startssl.com/sfsca.crt0[
UT0R0' % #?!http://www.startssl.com/sfsca.crl0' % #?!http://crl.star
tssl.com/sfsca.crl0?U y0w0u +µ70f0.+"http://www.startssl.com/policy.pdf04
+(http://www.startssl.com/intermediate.pdf0
 *?H?÷
?
?}x«,\¸c?^®¹#wM¡qØ}?¼>UK/ú­^yÛX֏y ÷ ?ð¨fÊrMIŲéB6Û1ymQó¸??ÆҨݬZ?µ¶0?¶?&äø;½@ú?#13qÛ??& åÈÌ¢?öÔò?ûo? 6Ørú?_?;­GO>*Iô(  74·?ä¹XS1r3¹?)!úÇ?ºy²®6Ko²þ¡ÄtË?#
_Ïw?SÝrÒôâ¦
ÿ;¾B
AÃDp?(fÏôs?ÏÛ÷½ áíä°·6%??¯¬±.W0J3?:b?Cô<·8t X»Ò¹1?<øüCÓänñ=°?Ïìãt==äwS?¨âT?º¾?êú~?ÔÐ\ñwkBðfº|1?ïµ5¸¾ÓzU?æP)±°(
?º?Iôéj?ÅVBø?!?øÑÒOfI=b?Íbé\4?-*em?/нSJm¾7çËNú?ÎíÃ[?]'þª@Ú½¦ù D9
?Kr>ù£ªR?é7/¸ñ?|?oõãì^I@ÆÙ¼'±?Pa$ z?ä9ìa'Lò)??(
¼IÝó}võöc H]ÕÛ¸¨D¦ãýÂ*ì?Wº}
mæ>QÓ»ØÆ|?C.Õ(,?lÌÎQâ0?É0?± 0
 *?H?÷
0}1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1)0'U StartCom Certification Authority0?"0
 *?H?÷
?0?
?Á?Û ¼lF|x??{µ3òrbÖÁ6 "$^ÎéwòC
¢d¤Ì?6ø8æ#ðnm±<Ýr£?¡Ó=´3+Ó/¯þê°AYg¶Ä}
?t?ÖyL?7zß9RY÷ôFC¤Ò??ÒÃqóub4º,?îí4ÐÇ?ÍR=º3ÖÝMÞ ;JK?Â&/úµr5wÊ<]æÊ
á&?6v\Ût%þíµ ?ÝxÊ-?0-ryúFÖ*¨¹¦«?IåòïÝä?
cS?b©:̵f¦Âktä+áv>´mØöDásb;ľ SV%lQ ÷ª«Ê¿vým?óÛ¿=f¼ Vª¯?H?:KߧXPÙ8u©[êC ÿ?ëèlMp[)e?ݪ]̯1ì ëҍèê?{æn÷'f H×nBã?Þ!>{á
pûcª¨lT´\%zÉ¢É?¦»,~^MXnî
Æ2ÿüôúÍn?è6I¾Hi?Â?M²iÁ
Öúy"H¿º{iøpÇúz7ØØ
ÒvOWÿ·ã?ÒÝïÂ`·g:Ýþª?ðÔ?r"ÎÆ??¶ø¯? ¨Ùûƶµ\R<?¶*s
³`òz/Û£nÿ&0?õ?Ý?W¶­=³¯+Å·vð¥Ö+??*röã3?] Kß»?tRK£?R0?N0 U0ÿ0 U®0UN ï¤@[¥i?0Ê4hCÐA®ò0dU]0[0, * 
(?&http://cert.startcom.org/sfsca-crl.crl0+ ) '?%http://crl.startcom.org
/sfsca-crl.crl0?]U ?T0?P0?L +µ70?;0/+#http://cert.startcom.org/poli
cy.pdf05+)http://cert.startcom.org/intermediate.pdf0Ð+
0Ã0' Start Commercial (StartCom) Ltd.0?Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0 `?H?øB08 `?H?øB
+)StartCom Free SSL Certification Authority0
 *?H?÷
?l?ôf 4õÐ?^}
ìÚN8^ߦ%K?2Áè;ñ=ÝD [I?)Ëf·±?÷%? <?áÝ6?+K»hÓ9f= &Çò9?Q«?{~ÕÎZäâWpi?ù^X¦
ß??E8
^WöbÇzæ¼µò?ô©)?ø²ãn(?DÐÞ8©<¬CMdEÎÝ(©\òs{ø諱ó.\dns1:¸¼³ä}Q?;
?ôM?f{<íÓ??óePõ Ðu?/¯ðê?C?øi??yÄC?Frãd6¯÷%8?w~Ãkj¹ÃËDK¬x?çÇ,KDÈ
4R'Í
]??Á?Õxò?S2Ý??fuÙµh(ûa.¾?¨8À??¥gd­./©p?Ç?|?eõ?CT«Ý¥?9?`À4É?p,£õ
H{½~k·ô";®øü*Êú?R ï¯KU?ëÁµð"?¬4N&"¡?,uJ·å}׸ dÀ6ÒÉ/??# Á?;sI£jW??åÖxÅ?CcãMàw-áe?riG æV$û¿y©X.¹Ä ~?ºm>²êJ9ØÐ+õ¿ìu¿?Å ÜU7âû7?Cb ÊçVKeêþlÁ$?$¡4ëÿ?"®?}?ñeQ
¦0j³ô??
ür?è?^1?o0?k0?0?1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA¢?0 + ?¯0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
131001061138Z0# *?H?÷
 1ï²/kuë/Â-£|ÌÙ?Öh0¥ +?71?0?0?1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA¢?0§ *?H?÷
  1? ?0?1 0 UIL10U

StartCom Ltd.1+0)U "Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA¢?0
 *?H?÷
?mÃ?eëHÈÞb?2ïÿ£Mé?ÌøÒ??.Ö*¨uê??D[s`õ÷tÝK¾Îj<2?å'mÁ{ÂZþ
2uIYÐê|ýÔÉq]÷vÕI¯x5h(Y® T§Ïá¹»ºkàFs?W¹RçÊVoânøëÙa?.=7?«VØ?·ë?
n2$µyêîfÀC? 1ïøÅÛIå?Ìr)=®h(Xæ6ec,?Ö¶*8½??¸ V{¬?8]¹Âå%Êò2)øüë¢2ÒvÈ«Izé'ÄÞc?àßÉ?#cýÌ?æÁÔi?7"0³???¼wÿg¢@Cð
y

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus