From 6c97cccb08e19f6d47a617779d1f07632bf23c1a Mon Sep 17 00:00:00 2001
From: Florian Loitsch <florian@loitsch.com>
Date: Thu, 20 Feb 2025 15:29:57 +0100
Subject: [PATCH 1/2] Update.

---
 src/certificate-roots.toit | 283 +++++++++++++-------
 tools/certdata.new         | 126 ++++++---
 tools/certdata.txt         | 510 ++++++++++++++++++++++++-------------
 3 files changed, 611 insertions(+), 308 deletions(-)

diff --git a/src/certificate-roots.toit b/src/certificate-roots.toit
index 04e7638..e976c2e 100644
--- a/src/certificate-roots.toit
+++ b/src/certificate-roots.toit
@@ -2958,6 +2958,97 @@ D-TRUST-BR-ROOT-CA-1-2020-BYTES_ ::= #[
 ]
 
 
+/**
+D-TRUST BR Root CA 2 2023.
+This certificate can be installed using its $tls.RootCertificate.install method.
+  This makes it available to all TLS sockets that do not have explicit roots.
+This certificate can be added to an HTTP client or a TLS socket with
+  the --root_certificates argument.
+SHA256 fingerprint: 05:52:e6:f8:3f:df:65:e8:fa:96:70:e6:66:df:28:a4:e2:13:40:b5:10:cb:e5:25:66:f9:7c:4f:b9:4b:2b:d1
+Expiry: 2038-05-09
+Subject: CN=D-TRUST BR Root CA 2 2023 O=D-Trust GmbH
+*/
+D-TRUST-BR-ROOT-CA-2-2023 ::= tls.RootCertificate --fingerprint=0x84eb6d36 D-TRUST-BR-ROOT-CA-2-2023-BYTES_
+
+D-TRUST-BR-ROOT-CA-2-2023-BYTES_ ::= #[
+    '0',0x82,0x5,169,'0',130,3,145,160,3,2,1,2,2,16,'s',';','0',4,'H','[',217,
+    'M','x','.','s','K',201,161,220,'f','0',13,6,9,'*',134,'H',134,247,13,1,1,
+    0x0d,5,0,'0','H','1',0xb,'0',9,6,3,'U',4,6,19,2,'D','E','1',21,'0',19,6,3,
+    'U',0x04,10,19,12,'D','-','T','r','u','s','t',' ','G','m','b','H','1','"',
+    '0',' ',6,3,'U',4,3,19,25,'D','-','T','R','U','S','T',' ','B','R',' ','R',
+    'o','o','t',' ','C','A',' ','2',' ','2','0','2','3','0',30,23,0xd,'2','3',
+    '0','5','0','9','0','8','5','6','3','1','Z',23,13,'3','8','0','5','0','9',
+    '0','8','5','6','3','0','Z','0','H','1',11,'0',9,6,3,'U',4,6,19,2,'D','E',
+    '1',21,'0',19,6,3,'U',4,0xa,19,12,'D','-','T','r','u','s','t',' ','G','m',
+    'b','H','1','"','0',' ',6,3,'U',4,3,19,25,'D','-','T','R','U','S','T',' ',
+    'B','R',' ','R','o','o','t',' ','C','A',' ','2',' ','2','0','2','3','0',
+    0x82,0x2,'"','0',13,6,9,'*',134,'H',134,247,13,1,1,1,5,0,3,130,2,15,0,'0',
+    130,2,10,2,130,2,1,0,174,255,9,'Y',145,128,10,'J','h',230,'$','?',184,167,
+    228,200,':',10,':',22,205,201,'#','a',160,147,'q',242,171,139,'s',143,160,
+    'g','e','`',0xd2,'T','k','c','Q','o','I','3',0xe0,'r',7,19,'}','8',0xcd,6,
+    0x92,7,')','R','k','N','w','l',4,0xd3,149,250,221,'L',140,217,']',193,'a',
+    '}','K',0xe7,'(',0xb3,'D',129,'{','Q',175,221,'3',177,'h','|',214,'N','L',
+    0xfe,'+','h',0xb9,0xca,'f','i',196,236,'^','W',127,247,13,199,156,'6','6',
+    0xe5,7,'`',0xac,192,'L',234,8,'l',239,6,'|','O','[','(','z',8,252,147,']',
+    0x9b,0xf6,156,180,139,134,186,'!',185,244,240,232,'Y','Z','(',161,'4',132,
+    26,'%',145,182,181,143,239,178,249,128,250,249,'=','<',17,'r',216,227,'/',
+    0x86,'v',0xc5,'y',',',193,169,144,147,'F',152,'g',203,131,'j',160,'P','#',
+    167,';',246,129,'9',224,237,240,185,191,'e',241,216,203,'z',251,239,'s',3,
+    0xce,0,0xf4,'}',215,224,']',';','f',184,220,142,186,131,203,135,'v',3,252,
+    '%',0xd9,0xe7,'#','o',6,253,'g',243,224,255,132,188,'G',191,181,22,24,'F',
+    'i',0x14,204,5,247,219,211,'I',172,'k',204,171,228,181,11,'C','$','^','K',
+    'k','M','g',0xdf,0xd6,0xb5,'>','O','x',31,148,'q','$',234,222,'p',252,241,
+    0x93,0xfe,158,147,'Z',228,148,'Z',151,'T',12,'5','{','_','l',238,0,31,'$',
+    0xec,3,0xba,2,245,'v',244,159,212,154,237,133,',','8','"','/',199,216,'/',
+    'v',0x11,'O',0xfd,'l',92,232,245,142,39,135,127,25,'J','!','G',144,29,'y',
+    0x8d,0x1c,'[',248,207,'J',133,228,237,179,'[',141,190,196,'d','(',']','A',
+    0xc4,'n',0xac,'8','Z','O','#','t','t',0xa9,18,195,246,210,185,17,21,'3',7,
+    0x91,216,';','7',':','c','0',6,209,197,'"','6','(','b','#',16,224,'F',204,
+    0x97,0xac,214,'+',']','d','$',213,238,28,14,222,251,8,'Z','u','*',246,'c',
+    'm',0xce,0x0b,'B',190,209,186,'p',28,156,'!',229,15,'1','i',23,215,252,10,
+    0xb4,222,237,128,156,203,146,180,139,245,222,'Y',162,'X',9,165,'c','G',11,
+    0xe1,'A','2','4','A',217,154,177,217,168,176,27,'Z',222,13,13,244,226,178,
+    ']','5',128,185,129,212,132,'i',145,2,203,'u',208,141,197,181,'=',9,145,9,
+    0x8f,20,0xa1,20,'t','y','>',214,201,21,29,164,'Y','Y','"',220,246,138,'E',
+    '=','<',18,214,'>',']','2','/',2,3,1,0,1,163,129,142,'0',129,139,'0',15,6,
+    3,'U',29,19,1,1,0xff,4,5,'0',3,1,1,255,'0',29,6,3,'U',29,14,4,22,4,20,'g',
+    0x90,0xf0,0xd6,222,181,24,213,'F',')','~',92,171,248,158,8,188,'d',149,16,
+    '0',0xe,6,3,'U',29,15,1,1,255,4,4,3,2,1,6,'0','I',6,3,'U',29,31,4,'B','0',
+    '@','0','>',0xa0,'<',0xa0,':',134,'8','h','t','t','p',':','/','/','c','r',
+    'l','.','d','-','t','r','u','s','t','.','n','e','t','/','c','r','l','/',
+    'd','-','t','r','u','s','t','_','b','r','_','r','o','o','t','_','c','a',
+    '_','2','_','2','0','2','3','.','c','r','l','0',0x0d,6,9,'*',0x86,'H',134,
+    0xf7,13,1,1,13,5,0,3,130,2,1,0,'4',247,179,'w','S',219,'0',22,185,'-',165,
+    '!',241,'@','!','u',235,235,'H',22,129,'=','s',224,158,39,'*',235,'w',169,
+    0x13,164,'j',10,'Z','Z',20,'3','=','h',31,129,174,'i',253,140,159,'e','l',
+    '4','B',0xd9,'-',0xd0,0x7f,'x',22,177,':',172,'#','1',173,'^',127,174,231,
+    174,'+',250,186,252,'<',151,149,'@',147,'_',195,'-',3,163,237,164,'o','S',
+    215,250,'@',14,'0',245,0,' ',',',0,'L',140,';',180,163,31,182,191,145,'2',
+    171,175,146,152,211,22,230,212,209,'T',92,'C','[','.',174,239,'W','*',168,
+    0xb4,'o',0xa4,239,13,'V',20,218,'!',171,' ','v',158,3,252,'&',184,158,'?',
+    '>',3,'&',0xe6,'L',219,157,'_','B',132,'=','E',3,3,28,'Y',136,202,220,'.',
+    'a','$','Z',0xa4,234,39,11,'s',18,190,'R',179,10,207,'2',23,226,30,135,26,
+    0x16,149,'H','m','Z',224,208,207,9,146,'&','f',145,216,163,'a',14,170,129,
+    0x81,127,232,'R',130,209,'B',231,224,29,24,250,164,133,'6',231,134,224,13,
+    0xeb,0xbc,212,201,214,'<','C',241,']','I','n','~',129,155,'i',181,137,'b',
+    0x8f,136,'R',216,215,254,39,193,'#',197,203,'+',2,187,177,'_',254,251,'C',
+    133,3,'F',190,']',198,202,'!','&',255,215,2,158,'t','J',220,248,19,21,177,
+    129,'W','6',203,'e',92,209,29,'1','w',233,'%',195,195,178,'2','7',213,241,
+    152,9,228,'m','c',128,8,171,6,146,129,212,233,'p',143,167,'?',178,237,134,
+    0x8c,0x82,'j','5',0xc8,'B','Z',130,209,'R',26,'E',15,21,165,0,240,148,'{',
+    'e',39,'W','9','C',207,'|',127,230,189,'5',179,'{',241,25,'L',222,':',150,
+    0xcf,233,'v',238,3,231,194,'C','R','<','j',129,232,193,'Z',128,189,17,']',
+    0x93,'k',0xfb,0xc7,230,'d','?',187,'i',28,233,221,'%',139,175,'t',201,'T',
+    '@',0xca,0xcb,0x93,19,10,237,251,'f',146,17,202,245,192,250,216,131,'U',3,
+    '|',0xd3,0xc5,'"','F','u','p','k','y','H',6,'*',130,154,191,230,235,22,14,
+    '"','E',0x1,188,221,'6',148,'4',169,'5','&',138,215,151,185,238,8,'r',191,
+    '4',0x92,'p',131,128,171,'8',170,'Y','h',221,'@',164,24,144,178,243,213,3,
+    202,'&',202,239,213,199,224,143,'S',142,240,0,227,168,237,159,249,173,'w',
+    224,'+','c','O',158,195,238,'7',187,'x',9,132,158,185,'n',251,')',153,144,
+    232,128,211,159,'$',
+]
+
+
 /**
 D-TRUST EV Root CA 1 2020.
 This certificate can be installed using its $tls.RootCertificate.install method.
@@ -3011,6 +3102,97 @@ D-TRUST-EV-ROOT-CA-1-2020-BYTES_ ::= #[
 ]
 
 
+/**
+D-TRUST EV Root CA 2 2023.
+This certificate can be installed using its $tls.RootCertificate.install method.
+  This makes it available to all TLS sockets that do not have explicit roots.
+This certificate can be added to an HTTP client or a TLS socket with
+  the --root_certificates argument.
+SHA256 fingerprint: 8e:82:21:b2:e7:d4:00:78:36:a1:67:2f:0d:cc:29:9c:33:bc:07:d3:16:f1:32:fa:1a:20:6d:58:71:50:f1:ce
+Expiry: 2038-05-09
+Subject: CN=D-TRUST EV Root CA 2 2023 O=D-Trust GmbH
+*/
+D-TRUST-EV-ROOT-CA-2-2023 ::= tls.RootCertificate --fingerprint=0x70485dfa D-TRUST-EV-ROOT-CA-2-2023-BYTES_
+
+D-TRUST-EV-ROOT-CA-2-2023-BYTES_ ::= #[
+    '0',0x82,0x5,169,'0',130,3,145,160,3,2,1,2,2,16,'i','&',9,'~',128,'K','L',
+    160,167,140,'x','b','S','_','Z','o','0',13,6,9,'*',134,'H',134,247,13,1,1,
+    0x0d,5,0,'0','H','1',0xb,'0',9,6,3,'U',4,6,19,2,'D','E','1',21,'0',19,6,3,
+    'U',0x04,10,19,12,'D','-','T','r','u','s','t',' ','G','m','b','H','1','"',
+    '0',' ',6,3,'U',4,3,19,25,'D','-','T','R','U','S','T',' ','E','V',' ','R',
+    'o','o','t',' ','C','A',' ','2',' ','2','0','2','3','0',30,23,0xd,'2','3',
+    '0','5','0','9','0','9','1','0','3','3','Z',23,13,'3','8','0','5','0','9',
+    '0','9','1','0','3','2','Z','0','H','1',11,'0',9,6,3,'U',4,6,19,2,'D','E',
+    '1',21,'0',19,6,3,'U',4,0xa,19,12,'D','-','T','r','u','s','t',' ','G','m',
+    'b','H','1','"','0',' ',6,3,'U',4,3,19,25,'D','-','T','R','U','S','T',' ',
+    'E','V',' ','R','o','o','t',' ','C','A',' ','2',' ','2','0','2','3','0',
+    0x82,0x2,'"','0',13,6,9,'*',134,'H',134,247,13,1,1,1,5,0,3,130,2,15,0,'0',
+    0x82,2,0xa,2,130,2,1,0,216,142,163,137,128,11,178,'W','R',220,169,'S','L',
+    '7',0xb9,0x7f,'c',23,19,239,167,'[','#','[','i','u',176,153,10,23,193,139,
+    0xc4,0xdb,0xa8,224,204,'1',186,194,242,205,']',233,183,248,29,175,'j',196,
+    0x95,0x87,215,'G',201,149,216,130,4,'P','=',129,8,255,228,'=',179,177,214,
+    0xc5,0xb2,253,136,9,219,156,132,236,'%',23,20,135,127,'0','x',155,'j','X',
+    0xc9,0xb6,'s','(','<','4',0xf7,153,247,127,211,166,248,28,'E','|',173,',',
+    140,148,'?',216,'g',16,'S','~','"',205,'N','%','Q',240,'%','$','5',17,'^',
+    16,198,236,135,'f',137,129,'h',186,204,'+',157,'G','s',31,189,205,145,164,
+    'r','j',156,162,27,24,160,'o',236,'P',244,'}','@',194,168,'0',207,189,'s',
+    200,19,'+',16,19,30,139,154,168,':',148,'s',211,24,'i',10,'J',255,193,1,3,
+    0xff,'y',0x7f,181,'H',127,'{',238,232,')','o','6','L',149,'a',134,216,249,
+    0xa2,'s',0x8a,238,174,'/',150,238,'h',205,'=','M','(','B',249,'E','+','2',
+    0x1b,'F','U',22,'j',0xa6,'K',')',249,187,149,'V',191,'F',29,236,29,147,29,
+    0xc0,'e',178,31,161,'C',174,'V',158,160,177,143,'k',18,183,'`','m','x',11,
+    0xca,138,92,237,30,150,14,131,166,'H',149,141,';',163,'!',196,174,'X',198,
+    0,178,132,180,'#',164,150,134,'5',184,216,158,216,172,'4','I',152,'c',149,
+    197,203,'m','H','G',226,242,'.',24,30,208,'1',171,221,'t',236,249,220,140,
+    0xb8,0x1c,142,'h','#',186,208,243,'P',220,207,'e',143,'s',':','2',199,'|',
+    254,202,130,'"','O',190,142,'b','G','f',229,205,135,226,232,213,15,24,159,
+    0xe5,4,'r','K','F','<',16,242,'D',194,'d','V','q','N','u',232,156,201,'&',
+    't',197,'}','Y',209,10,'[',15,'m',254,158,'u',28,24,198,26,':','|',216,13,
+    0x4,204,205,183,'E','e','z',177,143,184,174,132,'H','>',179,'z','M',168,3,
+    0xe2,0xe2,'~',1,22,'Y','h',24,'C','3',0xb0,210,220,176,26,'C','5',238,165,
+    0xda,169,'F',92,174,134,129,'A',1,'J','t','&',236,159,6,191,194,5,'7','d',
+    'u','x',')','h',0xfd,0xc5,245,235,254,'G',249,228,133,176,225,'{','1',157,
+    0xa6,0x7f,'r',163,185,196,',','.',204,153,'W',14,'!',12,'E',1,148,'e',235,
+    'e',9,0xc6,'c','"',11,'3','I',146,'H','<',252,205,206,176,'>',142,158,139,
+    0xf8,254,'I',197,'5','r','G',2,3,1,0,1,163,129,142,'0',129,139,'0',15,6,3,
+    'U',0x1d,19,1,1,0xff,4,5,'0',3,1,1,255,'0',29,6,3,'U',29,14,4,22,4,20,170,
+    252,145,16,27,135,145,'_',22,185,191,'O','K',145,'^',0,28,177,'2',128,'0',
+    0xe,6,3,'U',29,15,1,1,255,4,4,3,2,1,6,'0','I',6,3,'U',29,31,4,'B','0','@',
+    '0','>',0xa0,'<',0xa0,':',134,'8','h','t','t','p',':','/','/','c','r','l',
+    '.','d','-','t','r','u','s','t','.','n','e','t','/','c','r','l','/','d',
+    '-','t','r','u','s','t','_','e','v','_','r','o','o','t','_','c','a','_',
+    '2','_','2','0','2','3','.','c','r','l','0',13,6,9,'*',134,'H',134,247,13,
+    0x01,1,13,5,0,3,130,2,1,0,147,203,165,31,153,17,236,154,13,'_',',',21,147,
+    0xc6,'?',0xbe,16,0x8d,'x','B',240,'n',144,'G','G',142,163,146,'2',141,'p',
+    0x8f,0xf6,'[',141,190,137,206,'G',1,'j',27,' ',' ',137,'[',200,130,16,'l',
+    0xe0,0xe7,0x99,170,'k',198,'*',160,'c','5',145,'j',133,'%',173,23,'8',165,
+    0x9b,'~','P',242,'v',234,133,5,'*',39,'A','+',177,129,209,162,246,'@','u',
+    169,14,203,241,'U','H',216,236,209,236,179,232,206,20,161,'5',236,194,'^',
+    '5',26,171,166,22,1,6,142,234,220,'/',163,138,202,',',145,235,'R',142,'_',
+    12,155,23,207,203,'s',7,25,196,'j',194,'s','T',239,'|','C','R','c',193,17,
+    0xca,0xc2,'E',177,244,';','S',245,'i',174,'<',227,165,222,172,232,'T',183,
+    0xb2,145,253,172,169,31,242,135,228,23,198,'I',168,'|',216,10,'A',244,242,
+    '>',0xe7,'w','4',4,'R',221,232,129,242,'M','/','T','E',157,21,225,'O',204,
+    0xe5,222,'4','W',16,201,'#','r',23,'p',141,'P','p',31,'V','l',204,185,255,
+    ':','Z','O','c','z',0xc3,'n','e',7,29,0x84,161,255,169,12,'c',137,'m',178,
+    '@',0x88,'9',0xd7,31,'w','h',0xb5,252,156,213,214,'g','i','[',168,'t',219,
+    0xfc,0x89,0xf6,27,'2',247,164,'$',166,'v',183,'G','S',239,141,'I',143,169,
+    0xb6,0x83,'Z',0xa5,150,144,'E','a',245,222,3,'O','&',15,168,139,240,3,150,
+    0xb0,0xac,21,0xd0,'q','Z','j','{',148,230,'p',147,218,241,'i',224,178,'b',
+    'M',158,143,255,137,157,155,']',205,'E',233,148,2,'"',141,224,'5',127,232,
+    0xf1,4,'y','q','l','T',131,248,'3',185,5,'2',27,'X','U',17,'O',208,229,39,
+    'G','q',0xec,0xed,0xda,'g',214,'b',166,'K','M',15,'i',162,201,188,236,'"',
+    'K',0x94,0xc7,'h',0x94,23,'~',226,142,'(','>',182,198,234,245,'4','l',159,
+    '7',136,7,'8',219,134,'q',250,205,149,'H','C','n',163,'O',130,135,215,'4',
+    0x98,'n','K',147,'y','`','u','i',15,240,26,213,'S',250,'!',12,194,'?',233,
+    '?',0x1f,24,0x8c,146,']','x',167,'v','g',25,187,178,234,127,233,'p',9,'V',
+    'V',0xa3,176,12,11,'-','6','^',197,233,196,213,131,203,134,23,151,',','l',
+    0x13,'o',0x87,'Z',175,'I',166,29,219,205,'8',4,'.','_',226,'J','5',14,'-',
+    'K',248,162,'$',4,141,216,225,'c','^',2,146,'4',218,152,'a',92,28,'o','X',
+    'v','d',179,252,2,184,245,157,10,
+]
+
+
 /**
 D-TRUST Root Class 3 CA 2 2009.
 This certificate can be installed using its $tls.RootCertificate.install method.
@@ -8214,97 +8396,6 @@ SWISSSIGN-GOLD-CA-G2-BYTES_ ::= #[
 ]
 
 
-/**
-SwissSign Silver CA - G2.
-This certificate can be installed using its $tls.RootCertificate.install method.
-  This makes it available to all TLS sockets that do not have explicit roots.
-This certificate can be added to an HTTP client or a TLS socket with
-  the --root_certificates argument.
-SHA256 fingerprint: be:6c:4d:a2:bb:b9:ba:59:b6:f3:93:97:68:37:42:46:c3:c0:05:99:3f:a9:8f:02:0d:1d:ed:be:d4:8a:81:d5
-Expiry: 2036-10-25
-Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG
-*/
-SWISSSIGN-SILVER-CA-G2 ::= tls.RootCertificate --fingerprint=0x8630f7d6 SWISSSIGN-SILVER-CA-G2-BYTES_
-
-SWISSSIGN-SILVER-CA-G2-BYTES_ ::= #[
-    '0',0x82,0x5,189,'0',130,3,165,160,3,2,1,2,2,8,'O',27,212,'/','T',187,'/',
-    'K','0',0xd,6,9,'*',134,'H',134,247,13,1,1,5,5,0,'0','G','1',11,'0',9,6,3,
-    'U',4,6,19,2,'C','H','1',21,'0',19,6,3,'U',4,10,19,12,'S','w','i','s','s',
-    'S','i','g','n',' ','A','G','1','!','0',31,6,3,'U',4,3,19,24,'S','w','i',
-    's','s','S','i','g','n',' ','S','i','l','v','e','r',' ','C','A',' ','-',
-    ' ','G','2','0',30,23,0xd,'0','6','1','0','2','5','0','8','3','2','4','6',
-    'Z',23,13,'3','6','1','0','2','5','0','8','3','2','4','6','Z','0','G','1',
-    0x0b,'0',9,6,3,'U',4,6,19,2,'C','H','1',21,'0',19,6,3,'U',4,0xa,19,12,'S',
-    'w','i','s','s','S','i','g','n',' ','A','G','1','!','0',31,6,3,'U',4,3,19,
-    0x18,'S','w','i','s','s','S','i','g','n',' ','S','i','l','v','e','r',' ',
-    'C','A',' ','-',' ','G','2','0',0x82,2,'"','0',13,6,9,'*',134,'H',134,247,
-    0x0d,1,1,1,5,0,3,0x82,2,15,0,'0',130,2,10,2,130,2,1,0,196,241,135,127,211,
-    'x','1',0xf7,'8',0xc9,248,195,153,'C',188,199,247,188,'7',231,'N','q',186,
-    'K',143,165,'s',29,92,'n',152,174,3,'W',174,'8','7','C','/',23,'=',31,200,
-    0xce,'h',0x10,193,'x',174,25,3,'+',16,250,',','y',131,246,232,185,'h',185,
-    'U',242,4,'D',167,'9',249,252,4,139,30,241,162,'M',39,249,'a','{',186,183,
-    229,162,19,182,235,'a','>',208,'l',209,230,251,250,'^',237,29,180,158,160,
-    '5','[',0xa1,0x92,203,240,'I',146,254,133,10,5,'>',230,217,11,226,'O',187,
-    0xdc,149,'7',252,145,233,'2','5','"',209,31,':','N',39,133,157,176,21,148,
-    '2',0xda,'a',0x0d,'G','M','`','B',174,146,'G',232,131,'Z','P','X',233,138,
-    0x8b,0xb9,']',0xa1,220,221,153,'J',31,'6','g',187,'H',228,131,182,'7',235,
-    'H',':',175,15,'g',143,23,7,232,4,202,239,'j','1',135,212,192,182,249,148,
-    'q','{','g','d',0xb8,0xb6,0x91,'J','B','{','e','.','0','j',12,245,144,238,
-    0x95,0xe6,242,205,130,236,217,161,'J',236,246,178,'K',229,'E',133,230,'m',
-    'x',0x93,4,'.',0x9c,130,'m','6',169,196,'1','d',31,134,131,11,'*',244,'5',
-    0xa,'x',201,'U',207,'A',176,'G',233,'0',159,153,190,'a',168,6,132,185,'(',
-    'z','_','8',217,27,169,'8',176,131,127,'s',193,195,';','H','*',130,15,'!',
-    0x9b,0xb8,0xcc,168,'5',195,132,27,131,179,'>',190,164,149,'i',1,':',137,0,
-    'x',4,0xd9,201,244,153,25,171,'V','~','[',139,134,'9',21,145,164,16,',',9,
-    '2',0x80,'`',179,147,192,'*',182,24,11,157,'~',141,'I',242,16,'J',127,249,
-    0xd5,'F','/',25,0x92,163,153,167,'&',172,187,140,'<',230,14,188,'G',7,220,
-    's','Q',0xf1,'p','d','/',8,249,180,'G',29,'0','l','D',234,')','7',133,146,
-    'h','f',0xbc,0x83,'8',0xfe,'{','9','.',211,'P',240,31,251,'^','`',182,169,
-    166,250,39,'A',241,155,24,'r',242,245,132,'t','J',201,'g',196,'T',174,'H',
-    'd',223,140,209,'n',176,29,225,7,143,8,30,153,156,'q',233,'L',216,165,247,
-    'G',18,31,'t',0xd1,'Q',158,134,243,194,162,'#','@',11,'s',219,'K',166,231,
-    's',6,140,193,160,233,193,'Y',172,'F',250,230,'/',248,207,'q',156,'F','m',
-    0xb9,0xc4,21,0x8d,'8','y',3,'E','H',239,196,']',215,8,238,135,'9','"',134,
-    0xb2,0x0d,15,'X','C',247,'q',169,'H','.',253,234,214,31,2,3,1,0,1,163,129,
-    0xac,'0',0x81,169,'0',14,6,3,'U',29,15,1,1,255,4,4,3,2,1,6,'0',15,6,3,'U',
-    29,19,1,1,255,4,5,'0',3,1,1,255,'0',29,6,3,'U',29,14,4,22,4,20,23,160,205,
-    193,228,'A',182,':','[',';',203,'E',157,189,28,194,152,250,134,'X','0',31,
-    6,3,'U',29,'#',4,24,'0',22,0x80,20,23,160,205,193,228,'A',182,':','[',';',
-    0xcb,'E',0x9d,189,28,194,152,250,134,'X','0','F',6,3,'U',29,' ',4,'?','0',
-    '=','0',';',6,9,'`',133,'t',1,'Y',1,3,1,1,'0','.','0',',',6,8,'+',6,1,5,5,
-    7,2,1,22,' ','h','t','t','p',':','/','/','r','e','p','o','s','i','t','o',
-    'r','y','.','s','w','i','s','s','s','i','g','n','.','c','o','m','/','0',
-    0x0d,6,9,'*',0x86,'H',134,247,13,1,1,5,5,0,3,130,2,1,0,'s',198,129,224,39,
-    0xd2,'-',0x0f,224,149,'0',226,154,'A',127,'P',',','_','_','b','a',169,134,
-    'j','i',24,0xc,'t','I',214,']',132,234,'A','R',24,'o','X',173,'P','V',' ',
-    'j',0xc6,189,'(','i','X',145,220,145,17,'5',169,':',29,188,26,165,'`',158,
-    0xd8,31,0x7f,'E',145,'i',217,'~',187,'x','r',193,6,15,'*',206,143,133,'p',
-    'a',0xac,0xa0,0xcd,11,184,'9',')','V',132,'2','N',134,187,'=',196,'*',217,
-    0xd7,31,'r',0xee,254,'Q',161,'"','A',177,'q',2,'c',26,130,176,'b',171,'^',
-    'W',18,31,0xdf,203,221,'u',160,192,']','y',144,140,27,224,'P',230,222,'1',
-    254,152,'{','p','_',165,144,216,173,248,2,182,'o',211,'`',221,'@','K','"',
-    0xc5,'=',0xad,':','z',159,26,26,'G',145,'y','3',186,130,220,'2','i',3,150,
-    'n',31,'K',240,'q',254,227,'g','r',160,177,191,92,139,228,250,153,'"',199,
-    0x84,0xb9,27,141,'#',151,'?',237,'%',224,207,'e',187,245,'a',4,239,221,30,
-    178,'Z','A','"','Z',161,159,']',',',232,'[',201,'m',169,12,12,'x',170,'`',
-    0xc6,'V',143,1,'Z',12,'h',188,'i',25,'y',196,31,'~',151,5,191,197,233,'$',
-    'Q','^',0xd4,0xd5,'K','S',237,217,'#','Z','6',3,'e',163,193,3,173,'A','0',
-    0xf3,'F',27,133,144,175,'e',181,213,177,228,22,'[','x','u',29,151,'z','m',
-    'Y',0xa9,'*',0x8f,'{',0xde,195,135,137,16,153,'I','s','x',200,'=',189,'Q',
-    '5','t','*',0xd5,0xf1,'~','i',27,'*',0xbb,';',189,'%',184,154,'Z','=','r',
-    'a',144,'f',135,238,12,214,'M',212,17,'t',11,'j',254,11,3,252,163,'U','W',
-    0x89,254,'J',203,174,'[',23,5,200,242,141,'#','1','S','8',210,'-','j','?',
-    0x82,0xb9,0x8d,8,'j',247,'^','A','t','n',195,17,'~',7,172,')','`',145,'?',
-    '8',0xca,'W',16,0xd,189,'0','/',199,165,230,'A',160,218,174,5,135,154,160,
-    0xa4,'e','l','L',9,12,137,186,184,211,185,192,147,138,'0',250,141,229,154,
-    'k',21,1,'N','g',170,218,'b','V','>',132,8,'f',210,196,'6','}',167,'>',16,
-    252,136,224,212,128,229,0,189,170,243,'N',6,163,'z','j',249,'b','r',227,9,
-    'O',0xeb,0x9b,14,1,'#',241,159,187,'|',220,220,'l',17,151,'%',178,242,180,
-    'c',20,0xd2,6,'*','g',140,131,245,206,234,7,216,154,'j',30,236,228,10,187,
-    '*','L',235,9,'`','9',206,202,'b',216,'.','n',
-]
-
-
 /**
 T-TeleSec GlobalRoot Class 2.
 This certificate can be installed using its $tls.RootCertificate.install method.
@@ -10524,7 +10615,9 @@ MAP ::= {
   "CommScope Public Trust RSA Root-02": COMMSCOPE-PUBLIC-TRUST-RSA-ROOT-02,
   "Comodo AAA Services root": COMODO-AAA-SERVICES-ROOT,
   "D-TRUST BR Root CA 1 2020": D-TRUST-BR-ROOT-CA-1-2020,
+  "D-TRUST BR Root CA 2 2023": D-TRUST-BR-ROOT-CA-2-2023,
   "D-TRUST EV Root CA 1 2020": D-TRUST-EV-ROOT-CA-1-2020,
+  "D-TRUST EV Root CA 2 2023": D-TRUST-EV-ROOT-CA-2-2023,
   "D-TRUST Root Class 3 CA 2 2009": D-TRUST-ROOT-CLASS-3-CA-2-2009,
   "D-TRUST Root Class 3 CA 2 EV 2009": D-TRUST-ROOT-CLASS-3-CA-2-EV-2009,
   "DigiCert Assured ID Root CA": DIGICERT-ASSURED-ID-ROOT-CA,
@@ -10600,7 +10693,6 @@ MAP ::= {
   "Starfield Root Certificate Authority - G2": STARFIELD-ROOT-CERTIFICATE-AUTHORITY-G2,
   "Starfield Services Root Certificate Authority - G2": STARFIELD-SERVICES-ROOT-CERTIFICATE-AUTHORITY-G2,
   "SwissSign Gold CA - G2": SWISSSIGN-GOLD-CA-G2,
-  "SwissSign Silver CA - G2": SWISSSIGN-SILVER-CA-G2,
   "T-TeleSec GlobalRoot Class 2": T-TELESEC-GLOBALROOT-CLASS-2,
   "T-TeleSec GlobalRoot Class 3": T-TELESEC-GLOBALROOT-CLASS-3,
   "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1": TUBITAK-KAMU-SM-SSL-KOK-SERTIFIKASI-SURUM-1,
@@ -10695,7 +10787,9 @@ ALL ::= [
   COMMSCOPE-PUBLIC-TRUST-RSA-ROOT-02,
   COMODO-AAA-SERVICES-ROOT,
   D-TRUST-BR-ROOT-CA-1-2020,
+  D-TRUST-BR-ROOT-CA-2-2023,
   D-TRUST-EV-ROOT-CA-1-2020,
+  D-TRUST-EV-ROOT-CA-2-2023,
   D-TRUST-ROOT-CLASS-3-CA-2-2009,
   D-TRUST-ROOT-CLASS-3-CA-2-EV-2009,
   DIGICERT-ASSURED-ID-ROOT-CA,
@@ -10771,7 +10865,6 @@ ALL ::= [
   STARFIELD-ROOT-CERTIFICATE-AUTHORITY-G2,
   STARFIELD-SERVICES-ROOT-CERTIFICATE-AUTHORITY-G2,
   SWISSSIGN-GOLD-CA-G2,
-  SWISSSIGN-SILVER-CA-G2,
   T-TELESEC-GLOBALROOT-CLASS-2,
   T-TELESEC-GLOBALROOT-CLASS-3,
   TUBITAK-KAMU-SM-SSL-KOK-SERTIFIKASI-SURUM-1,
@@ -10851,7 +10944,9 @@ install-all-trusted-roots -> none:
   COMMSCOPE-PUBLIC-TRUST-RSA-ROOT-02.install
   COMODO-AAA-SERVICES-ROOT.install
   D-TRUST-BR-ROOT-CA-1-2020.install
+  D-TRUST-BR-ROOT-CA-2-2023.install
   D-TRUST-EV-ROOT-CA-1-2020.install
+  D-TRUST-EV-ROOT-CA-2-2023.install
   D-TRUST-ROOT-CLASS-3-CA-2-2009.install
   D-TRUST-ROOT-CLASS-3-CA-2-EV-2009.install
   DIGICERT-ASSURED-ID-ROOT-CA.install
@@ -10927,7 +11022,6 @@ install-all-trusted-roots -> none:
   STARFIELD-ROOT-CERTIFICATE-AUTHORITY-G2.install
   STARFIELD-SERVICES-ROOT-CERTIFICATE-AUTHORITY-G2.install
   SWISSSIGN-GOLD-CA-G2.install
-  SWISSSIGN-SILVER-CA-G2.install
   T-TELESEC-GLOBALROOT-CLASS-2.install
   T-TELESEC-GLOBALROOT-CLASS-3.install
   TUBITAK-KAMU-SM-SSL-KOK-SERTIFIKASI-SURUM-1.install
@@ -10976,7 +11070,6 @@ COMMON-TRUSTED-ROOTS ::= [
   DIGICERT-HIGH-ASSURANCE-EV-ROOT-CA,
   ISRG-ROOT-X1,
   STARFIELD-CLASS-2-CA,
-  STARFIELD-SERVICES-ROOT-CERTIFICATE-AUTHORITY-G2,
 ]
 
 /**
diff --git a/tools/certdata.new b/tools/certdata.new
index 6243f80..8e9e87e 100644
--- a/tools/certdata.new
+++ b/tools/certdata.new
@@ -491,48 +491,6 @@ ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
 Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
 -----END CERTIFICATE-----
 
-# Issuer: CN=SwissSign Silver CA - G2 O=SwissSign AG
-# Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG
-# Label: "SwissSign Silver CA - G2"
-# Serial: 5700383053117599563
-# MD5 Fingerprint: e0:06:a1:c9:7d:cf:c9:fc:0d:c0:56:75:96:d8:62:13
-# SHA1 Fingerprint: 9b:aa:e5:9f:56:ee:21:cb:43:5a:be:25:93:df:a7:f0:40:d1:1d:cb
-# SHA256 Fingerprint: be:6c:4d:a2:bb:b9:ba:59:b6:f3:93:97:68:37:42:46:c3:c0:05:99:3f:a9:8f:02:0d:1d:ed:be:d4:8a:81:d5
-# Expiry: 2036-10-25 08:32:46 +0000 UTC
------BEGIN CERTIFICATE-----
-MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
-BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
-IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
-RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
-U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
-MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
-Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
-YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
-nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
-6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
-eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
-c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
-MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
-HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
-jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
-5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
-rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
-F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
-wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
-cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
-AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
-WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
-xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
-2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
-IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
-aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
-em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
-dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
-OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
-hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
-tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
------END CERTIFICATE-----
-
 # Issuer: CN=SecureTrust CA O=SecureTrust Corporation
 # Subject: CN=SecureTrust CA O=SecureTrust Corporation
 # Label: "SecureTrust CA"
@@ -5006,3 +4964,87 @@ Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT
 4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJSwdLZrWeqrqgHkHZAXQ6
 bkU6iYAZezKYVWOr62Nuk22rGwlgMU4=
 -----END CERTIFICATE-----
+
+# Issuer: CN=D-TRUST BR Root CA 2 2023 O=D-Trust GmbH
+# Subject: CN=D-TRUST BR Root CA 2 2023 O=D-Trust GmbH
+# Label: "D-TRUST BR Root CA 2 2023"
+# Serial: 153168538924886464690566649552453098598
+# MD5 Fingerprint: e1:09:ed:d3:60:d4:56:1b:47:1f:b7:0c:5f:1b:5f:85
+# SHA1 Fingerprint: 2d:b0:70:ee:71:94:af:69:68:17:db:79:ce:58:9f:a0:6b:96:f7:87
+# SHA256 Fingerprint: 05:52:e6:f8:3f:df:65:e8:fa:96:70:e6:66:df:28:a4:e2:13:40:b5:10:cb:e5:25:66:f9:7c:4f:b9:4b:2b:d1
+# Expiry: 2038-05-09 08:56:30 +0000 UTC
+-----BEGIN CERTIFICATE-----
+MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBI
+MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE
+LVRSVVNUIEJSIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUw
+OTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi
+MCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCTcfKr
+i3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNE
+gXtRr90zsWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8
+k12b9py0i4a6Ibn08OhZWiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCT
+Rphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl
+2ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LULQyReS2tNZ9/WtT5PeB+U
+cSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIvx9gvdhFP
+/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bS
+uREVMweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+
+0bpwHJwh5Q8xaRfX/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4N
+DfTisl01gLmB1IRpkQLLddCNxbU9CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+
+XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUZ5Dw1t61
+GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG
+OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y
+XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tI
+FoE9c+CeJyrrd6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67n
+riv6uvw8l5VAk1/DLQOj7aRvU9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTR
+VFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4nj8+AybmTNudX0KEPUUDAxxZiMrc
+LmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdijYQ6qgYF/6FKC0ULn
+4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff/vtD
+hQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsG
+koHU6XCPpz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46
+ls/pdu4D58JDUjxqgejBWoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aS
+Ecr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/5usWDiJFAbzdNpQ0qTUmiteXue4Icr80
+knCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jtn/mtd+ArY0+ew+43u3gJ
+hJ65bvspmZDogNOfJA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=D-TRUST EV Root CA 2 2023 O=D-Trust GmbH
+# Subject: CN=D-TRUST EV Root CA 2 2023 O=D-Trust GmbH
+# Label: "D-TRUST EV Root CA 2 2023"
+# Serial: 139766439402180512324132425437959641711
+# MD5 Fingerprint: 96:b4:78:09:f0:09:cb:77:eb:bb:1b:4d:6f:36:bc:b6
+# SHA1 Fingerprint: a5:5b:d8:47:6c:8f:19:f7:4c:f4:6d:6b:b6:c2:79:82:22:df:54:8b
+# SHA256 Fingerprint: 8e:82:21:b2:e7:d4:00:78:36:a1:67:2f:0d:cc:29:9c:33:bc:07:d3:16:f1:32:fa:1a:20:6d:58:71:50:f1:ce
+# Expiry: 2038-05-09 09:10:32 +0000 UTC
+-----BEGIN CERTIFICATE-----
+MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBI
+MQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE
+LVRSVVNUIEVWIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUw
+OTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi
+MCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1sJkK
+F8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE
+7CUXFId/MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFe
+EMbsh2aJgWi6zCudR3Mfvc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6
+lHPTGGkKSv/BAQP/eX+1SH977ugpbzZMlWGG2Pmic4ruri+W7mjNPU0oQvlFKzIb
+RlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3YG14C8qKXO0elg6DpkiV
+jTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq9107PncjLgc
+jmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZx
+TnXonMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+
+ARZZaBhDM7DS3LAaQzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nk
+hbDhezGdpn9yo7nELC7MmVcOIQxFAZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knF
+NXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqvyREBuH
+kV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG
+OGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y
+XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14
+QvBukEdHjqOSMo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4
+pZt+UPJ26oUFKidBK7GB0aL2QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q
+3C+jisosketSjl8MmxfPy3MHGcRqwnNU73xDUmPBEcrCRbH0O1P1aa4846XerOhU
+t7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V4U/M5d40VxDJI3IX
+cI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuodNv8
+ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT
+2vFp4LJiTZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs
+7dpn1mKmS00PaaLJvOwiS5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNP
+gofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAst
+Nl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L+KIkBI3Y4WNeApI02phh
+XBxvWHZks/wCuPWdCg==
+-----END CERTIFICATE-----
diff --git a/tools/certdata.txt b/tools/certdata.txt
index e0f60ab..1ed5a24 100644
--- a/tools/certdata.txt
+++ b/tools/certdata.txt
@@ -2347,174 +2347,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "SwissSign Silver CA - G2"
-#
-# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
-# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Not Valid Before: Wed Oct 25 08:32:46 2006
-# Not Valid After : Sat Oct 25 08:32:46 2036
-# Fingerprint (SHA-256): BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5
-# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SwissSign Silver CA - G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
-\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
-\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
-\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
-\162\040\103\101\040\055\040\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
-\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
-\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
-\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
-\162\040\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\117\033\324\057\124\273\057\113
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\275\060\202\003\245\240\003\002\001\002\002\010\117
-\033\324\057\124\273\057\113\060\015\006\011\052\206\110\206\367
-\015\001\001\005\005\000\060\107\061\013\060\011\006\003\125\004
-\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023\014
-\123\167\151\163\163\123\151\147\156\040\101\107\061\041\060\037
-\006\003\125\004\003\023\030\123\167\151\163\163\123\151\147\156
-\040\123\151\154\166\145\162\040\103\101\040\055\040\107\062\060
-\036\027\015\060\066\061\060\062\065\060\070\063\062\064\066\132
-\027\015\063\066\061\060\062\065\060\070\063\062\064\066\132\060
-\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061\025
-\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123\151
-\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023\030
-\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145\162
-\040\103\101\040\055\040\107\062\060\202\002\042\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
-\060\202\002\012\002\202\002\001\000\304\361\207\177\323\170\061
-\367\070\311\370\303\231\103\274\307\367\274\067\347\116\161\272
-\113\217\245\163\035\134\156\230\256\003\127\256\070\067\103\057
-\027\075\037\310\316\150\020\301\170\256\031\003\053\020\372\054
-\171\203\366\350\271\150\271\125\362\004\104\247\071\371\374\004
-\213\036\361\242\115\047\371\141\173\272\267\345\242\023\266\353
-\141\076\320\154\321\346\373\372\136\355\035\264\236\240\065\133
-\241\222\313\360\111\222\376\205\012\005\076\346\331\013\342\117
-\273\334\225\067\374\221\351\062\065\042\321\037\072\116\047\205
-\235\260\025\224\062\332\141\015\107\115\140\102\256\222\107\350
-\203\132\120\130\351\212\213\271\135\241\334\335\231\112\037\066
-\147\273\110\344\203\266\067\353\110\072\257\017\147\217\027\007
-\350\004\312\357\152\061\207\324\300\266\371\224\161\173\147\144
-\270\266\221\112\102\173\145\056\060\152\014\365\220\356\225\346
-\362\315\202\354\331\241\112\354\366\262\113\345\105\205\346\155
-\170\223\004\056\234\202\155\066\251\304\061\144\037\206\203\013
-\052\364\065\012\170\311\125\317\101\260\107\351\060\237\231\276
-\141\250\006\204\271\050\172\137\070\331\033\251\070\260\203\177
-\163\301\303\073\110\052\202\017\041\233\270\314\250\065\303\204
-\033\203\263\076\276\244\225\151\001\072\211\000\170\004\331\311
-\364\231\031\253\126\176\133\213\206\071\025\221\244\020\054\011
-\062\200\140\263\223\300\052\266\030\013\235\176\215\111\362\020
-\112\177\371\325\106\057\031\222\243\231\247\046\254\273\214\074
-\346\016\274\107\007\334\163\121\361\160\144\057\010\371\264\107
-\035\060\154\104\352\051\067\205\222\150\146\274\203\070\376\173
-\071\056\323\120\360\037\373\136\140\266\251\246\372\047\101\361
-\233\030\162\362\365\204\164\112\311\147\304\124\256\110\144\337
-\214\321\156\260\035\341\007\217\010\036\231\234\161\351\114\330
-\245\367\107\022\037\164\321\121\236\206\363\302\242\043\100\013
-\163\333\113\246\347\163\006\214\301\240\351\301\131\254\106\372
-\346\057\370\317\161\234\106\155\271\304\025\215\070\171\003\105
-\110\357\304\135\327\010\356\207\071\042\206\262\015\017\130\103
-\367\161\251\110\056\375\352\326\037\002\003\001\000\001\243\201
-\254\060\201\251\060\016\006\003\125\035\017\001\001\377\004\004
-\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005
-\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024
-\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034\302
-\230\372\206\130\060\037\006\003\125\035\043\004\030\060\026\200
-\024\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034
-\302\230\372\206\130\060\106\006\003\125\035\040\004\077\060\075
-\060\073\006\011\140\205\164\001\131\001\003\001\001\060\056\060
-\054\006\010\053\006\001\005\005\007\002\001\026\040\150\164\164
-\160\072\057\057\162\145\160\157\163\151\164\157\162\171\056\163
-\167\151\163\163\163\151\147\156\056\143\157\155\057\060\015\006
-\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001
-\000\163\306\201\340\047\322\055\017\340\225\060\342\232\101\177
-\120\054\137\137\142\141\251\206\152\151\030\014\164\111\326\135
-\204\352\101\122\030\157\130\255\120\126\040\152\306\275\050\151
-\130\221\334\221\021\065\251\072\035\274\032\245\140\236\330\037
-\177\105\221\151\331\176\273\170\162\301\006\017\052\316\217\205
-\160\141\254\240\315\013\270\071\051\126\204\062\116\206\273\075
-\304\052\331\327\037\162\356\376\121\241\042\101\261\161\002\143
-\032\202\260\142\253\136\127\022\037\337\313\335\165\240\300\135
-\171\220\214\033\340\120\346\336\061\376\230\173\160\137\245\220
-\330\255\370\002\266\157\323\140\335\100\113\042\305\075\255\072
-\172\237\032\032\107\221\171\063\272\202\334\062\151\003\226\156
-\037\113\360\161\376\343\147\162\240\261\277\134\213\344\372\231
-\042\307\204\271\033\215\043\227\077\355\045\340\317\145\273\365
-\141\004\357\335\036\262\132\101\042\132\241\237\135\054\350\133
-\311\155\251\014\014\170\252\140\306\126\217\001\132\014\150\274
-\151\031\171\304\037\176\227\005\277\305\351\044\121\136\324\325
-\113\123\355\331\043\132\066\003\145\243\301\003\255\101\060\363
-\106\033\205\220\257\145\265\325\261\344\026\133\170\165\035\227
-\172\155\131\251\052\217\173\336\303\207\211\020\231\111\163\170
-\310\075\275\121\065\164\052\325\361\176\151\033\052\273\073\275
-\045\270\232\132\075\162\141\220\146\207\356\014\326\115\324\021
-\164\013\152\376\013\003\374\243\125\127\211\376\112\313\256\133
-\027\005\310\362\215\043\061\123\070\322\055\152\077\202\271\215
-\010\152\367\136\101\164\156\303\021\176\007\254\051\140\221\077
-\070\312\127\020\015\275\060\057\307\245\346\101\240\332\256\005
-\207\232\240\244\145\154\114\011\014\211\272\270\323\271\300\223
-\212\060\372\215\345\232\153\025\001\116\147\252\332\142\126\076
-\204\010\146\322\304\066\175\247\076\020\374\210\340\324\200\345
-\000\275\252\363\116\006\243\172\152\371\142\162\343\011\117\353
-\233\016\001\043\361\237\273\174\334\334\154\021\227\045\262\362
-\264\143\024\322\006\052\147\214\203\365\316\352\007\330\232\152
-\036\354\344\012\273\052\114\353\011\140\071\316\312\142\330\056
-\156
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "SwissSign Silver CA - G2"
-# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
-# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
-# Not Valid Before: Wed Oct 25 08:32:46 2006
-# Not Valid After : Sat Oct 25 08:32:46 2036
-# Fingerprint (SHA-256): BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5
-# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SwissSign Silver CA - G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\233\252\345\237\126\356\041\313\103\132\276\045\223\337\247\360
-\100\321\035\313
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\340\006\241\311\175\317\311\374\015\300\126\165\226\330\142\023
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
-\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
-\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
-\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
-\162\040\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\117\033\324\057\124\273\057\113
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "SecureTrust CA"
 #
@@ -21231,7 +21063,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\011\000\326\135\233\263\170\201\056\353
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -21399,7 +21231,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \154\040
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -21514,7 +21346,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \112\353
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
@@ -25970,3 +25802,339 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-TRUST BR Root CA 2 2023"
+#
+# Issuer: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:73:3b:30:04:48:5b:d9:4d:78:2e:73:4b:c9:a1:dc:66
+# Subject: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 08:56:31 2023
+# Not Valid After : Sun May 09 08:56:30 2038
+# Fingerprint (SHA-256): 05:52:E6:F8:3F:DF:65:E8:FA:96:70:E6:66:DF:28:A4:E2:13:40:B5:10:CB:E5:25:66:F9:7C:4F:B9:4B:2B:D1
+# Fingerprint (SHA1): 2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST BR Root CA 2 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\102\122\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\102\122\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\163\073\060\004\110\133\331\115\170\056\163\113\311\241
+\334\146
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\251\060\202\003\221\240\003\002\001\002\002\020\163
+\073\060\004\110\133\331\115\170\056\163\113\311\241\334\146\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\110
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060
+\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040
+\107\155\142\110\061\042\060\040\006\003\125\004\003\023\031\104
+\055\124\122\125\123\124\040\102\122\040\122\157\157\164\040\103
+\101\040\062\040\062\060\062\063\060\036\027\015\062\063\060\065
+\060\071\060\070\065\066\063\061\132\027\015\063\070\060\065\060
+\071\060\070\065\066\063\060\132\060\110\061\013\060\011\006\003
+\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012
+\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061\042
+\060\040\006\003\125\004\003\023\031\104\055\124\122\125\123\124
+\040\102\122\040\122\157\157\164\040\103\101\040\062\040\062\060
+\062\063\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\256\377\011\131\221\200\012\112\150\346\044\077\270
+\247\344\310\072\012\072\026\315\311\043\141\240\223\161\362\253
+\213\163\217\240\147\145\140\322\124\153\143\121\157\111\063\340
+\162\007\023\175\070\315\006\222\007\051\122\153\116\167\154\004
+\323\225\372\335\114\214\331\135\301\141\175\113\347\050\263\104
+\201\173\121\257\335\063\261\150\174\326\116\114\376\053\150\271
+\312\146\151\304\354\136\127\177\367\015\307\234\066\066\345\007
+\140\254\300\114\352\010\154\357\006\174\117\133\050\172\010\374
+\223\135\233\366\234\264\213\206\272\041\271\364\360\350\131\132
+\050\241\064\204\032\045\221\266\265\217\357\262\371\200\372\371
+\075\074\021\162\330\343\057\206\166\305\171\054\301\251\220\223
+\106\230\147\313\203\152\240\120\043\247\073\366\201\071\340\355
+\360\271\277\145\361\330\313\172\373\357\163\003\316\000\364\175
+\327\340\135\073\146\270\334\216\272\203\313\207\166\003\374\045
+\331\347\043\157\006\375\147\363\340\377\204\274\107\277\265\026
+\030\106\151\024\314\005\367\333\323\111\254\153\314\253\344\265
+\013\103\044\136\113\153\115\147\337\326\265\076\117\170\037\224
+\161\044\352\336\160\374\361\223\376\236\223\132\344\224\132\227
+\124\014\065\173\137\154\356\000\037\044\354\003\272\002\365\166
+\364\237\324\232\355\205\054\070\042\057\307\330\057\166\021\117
+\375\154\134\350\365\216\047\207\177\031\112\041\107\220\035\171
+\215\034\133\370\317\112\205\344\355\263\133\215\276\304\144\050
+\135\101\304\156\254\070\132\117\043\164\164\251\022\303\366\322
+\271\021\025\063\007\221\330\073\067\072\143\060\006\321\305\042
+\066\050\142\043\020\340\106\314\227\254\326\053\135\144\044\325
+\356\034\016\336\373\010\132\165\052\366\143\155\316\013\102\276
+\321\272\160\034\234\041\345\017\061\151\027\327\374\012\264\336
+\355\200\234\313\222\264\213\365\336\131\242\130\011\245\143\107
+\013\341\101\062\064\101\331\232\261\331\250\260\033\132\336\015
+\015\364\342\262\135\065\200\271\201\324\204\151\221\002\313\165
+\320\215\305\265\075\011\221\011\217\024\241\024\164\171\076\326
+\311\025\035\244\131\131\042\334\366\212\105\075\074\022\326\076
+\135\062\057\002\003\001\000\001\243\201\216\060\201\213\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\147\220\360\326\336\265
+\030\325\106\051\176\134\253\370\236\010\274\144\225\020\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\111
+\006\003\125\035\037\004\102\060\100\060\076\240\074\240\072\206
+\070\150\164\164\160\072\057\057\143\162\154\056\144\055\164\162
+\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164\162
+\165\163\164\137\142\162\137\162\157\157\164\137\143\141\137\062
+\137\062\060\062\063\056\143\162\154\060\015\006\011\052\206\110
+\206\367\015\001\001\015\005\000\003\202\002\001\000\064\367\263
+\167\123\333\060\026\271\055\245\041\361\100\041\165\353\353\110
+\026\201\075\163\340\236\047\052\353\167\251\023\244\152\012\132
+\132\024\063\075\150\037\201\256\151\375\214\237\145\154\064\102
+\331\055\320\177\170\026\261\072\254\043\061\255\136\177\256\347
+\256\053\372\272\374\074\227\225\100\223\137\303\055\003\243\355
+\244\157\123\327\372\100\016\060\365\000\040\054\000\114\214\073
+\264\243\037\266\277\221\062\253\257\222\230\323\026\346\324\321
+\124\134\103\133\056\256\357\127\052\250\264\157\244\357\015\126
+\024\332\041\253\040\166\236\003\374\046\270\236\077\076\003\046
+\346\114\333\235\137\102\204\075\105\003\003\034\131\210\312\334
+\056\141\044\132\244\352\047\013\163\022\276\122\263\012\317\062
+\027\342\036\207\032\026\225\110\155\132\340\320\317\011\222\046
+\146\221\330\243\141\016\252\201\201\177\350\122\202\321\102\347
+\340\035\030\372\244\205\066\347\206\340\015\353\274\324\311\326
+\074\103\361\135\111\156\176\201\233\151\265\211\142\217\210\122
+\330\327\376\047\301\043\305\313\053\002\273\261\137\376\373\103
+\205\003\106\276\135\306\312\041\046\377\327\002\236\164\112\334
+\370\023\025\261\201\127\066\313\145\134\321\035\061\167\351\045
+\303\303\262\062\067\325\361\230\011\344\155\143\200\010\253\006
+\222\201\324\351\160\217\247\077\262\355\206\214\202\152\065\310
+\102\132\202\321\122\032\105\017\025\245\000\360\224\173\145\047
+\127\071\103\317\174\177\346\275\065\263\173\361\031\114\336\072
+\226\317\351\166\356\003\347\302\103\122\074\152\201\350\301\132
+\200\275\021\135\223\153\373\307\346\144\077\273\151\034\351\335
+\045\213\257\164\311\124\100\312\313\223\023\012\355\373\146\222
+\021\312\365\300\372\330\203\125\003\174\323\305\042\106\165\160
+\153\171\110\006\052\202\232\277\346\353\026\016\042\105\001\274
+\335\066\224\064\251\065\046\212\327\227\271\356\010\162\277\064
+\222\160\203\200\253\070\252\131\150\335\100\244\030\220\262\363
+\325\003\312\046\312\357\325\307\340\217\123\216\360\000\343\250
+\355\237\371\255\167\340\053\143\117\236\303\356\067\273\170\011
+\204\236\271\156\373\051\231\220\350\200\323\237\044
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "D-TRUST BR Root CA 2 2023"
+# Issuer: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:73:3b:30:04:48:5b:d9:4d:78:2e:73:4b:c9:a1:dc:66
+# Subject: CN=D-TRUST BR Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 08:56:31 2023
+# Not Valid After : Sun May 09 08:56:30 2038
+# Fingerprint (SHA-256): 05:52:E6:F8:3F:DF:65:E8:FA:96:70:E6:66:DF:28:A4:E2:13:40:B5:10:CB:E5:25:66:F9:7C:4F:B9:4B:2B:D1
+# Fingerprint (SHA1): 2D:B0:70:EE:71:94:AF:69:68:17:DB:79:CE:58:9F:A0:6B:96:F7:87
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST BR Root CA 2 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\055\260\160\356\161\224\257\151\150\027\333\171\316\130\237\240
+\153\226\367\207
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\341\011\355\323\140\324\126\033\107\037\267\014\137\033\137\205
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\102\122\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\163\073\060\004\110\133\331\115\170\056\163\113\311\241
+\334\146
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-TRUST EV Root CA 2 2023"
+#
+# Issuer: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:69:26:09:7e:80:4b:4c:a0:a7:8c:78:62:53:5f:5a:6f
+# Subject: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 09:10:33 2023
+# Not Valid After : Sun May 09 09:10:32 2038
+# Fingerprint (SHA-256): 8E:82:21:B2:E7:D4:00:78:36:A1:67:2F:0D:CC:29:9C:33:BC:07:D3:16:F1:32:FA:1A:20:6D:58:71:50:F1:CE
+# Fingerprint (SHA1): A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST EV Root CA 2 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\105\126\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\105\126\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\151\046\011\176\200\113\114\240\247\214\170\142\123\137
+\132\157
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\251\060\202\003\221\240\003\002\001\002\002\020\151
+\046\011\176\200\113\114\240\247\214\170\142\123\137\132\157\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\110
+\061\013\060\011\006\003\125\004\006\023\002\104\105\061\025\060
+\023\006\003\125\004\012\023\014\104\055\124\162\165\163\164\040
+\107\155\142\110\061\042\060\040\006\003\125\004\003\023\031\104
+\055\124\122\125\123\124\040\105\126\040\122\157\157\164\040\103
+\101\040\062\040\062\060\062\063\060\036\027\015\062\063\060\065
+\060\071\060\071\061\060\063\063\132\027\015\063\070\060\065\060
+\071\060\071\061\060\063\062\132\060\110\061\013\060\011\006\003
+\125\004\006\023\002\104\105\061\025\060\023\006\003\125\004\012
+\023\014\104\055\124\162\165\163\164\040\107\155\142\110\061\042
+\060\040\006\003\125\004\003\023\031\104\055\124\122\125\123\124
+\040\105\126\040\122\157\157\164\040\103\101\040\062\040\062\060
+\062\063\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\330\216\243\211\200\013\262\127\122\334\251\123\114
+\067\271\177\143\027\023\357\247\133\043\133\151\165\260\231\012
+\027\301\213\304\333\250\340\314\061\272\302\362\315\135\351\267
+\370\035\257\152\304\225\207\327\107\311\225\330\202\004\120\075
+\201\010\377\344\075\263\261\326\305\262\375\210\011\333\234\204
+\354\045\027\024\207\177\060\170\233\152\130\311\266\163\050\074
+\064\367\231\367\177\323\246\370\034\105\174\255\054\214\224\077
+\330\147\020\123\176\042\315\116\045\121\360\045\044\065\021\136
+\020\306\354\207\146\211\201\150\272\314\053\235\107\163\037\275
+\315\221\244\162\152\234\242\033\030\240\157\354\120\364\175\100
+\302\250\060\317\275\163\310\023\053\020\023\036\213\232\250\072
+\224\163\323\030\151\012\112\377\301\001\003\377\171\177\265\110
+\177\173\356\350\051\157\066\114\225\141\206\330\371\242\163\212
+\356\256\057\226\356\150\315\075\115\050\102\371\105\053\062\033
+\106\125\026\152\246\113\051\371\273\225\126\277\106\035\354\035
+\223\035\300\145\262\037\241\103\256\126\236\240\261\217\153\022
+\267\140\155\170\013\312\212\134\355\036\226\016\203\246\110\225
+\215\073\243\041\304\256\130\306\000\262\204\264\043\244\226\206
+\065\270\330\236\330\254\064\111\230\143\225\305\313\155\110\107
+\342\362\056\030\036\320\061\253\335\164\354\371\334\214\270\034
+\216\150\043\272\320\363\120\334\317\145\217\163\072\062\307\174
+\376\312\202\042\117\276\216\142\107\146\345\315\207\342\350\325
+\017\030\237\345\004\162\113\106\074\020\362\104\302\144\126\161
+\116\165\350\234\311\046\164\305\175\131\321\012\133\017\155\376
+\236\165\034\030\306\032\072\174\330\015\004\314\315\267\105\145
+\172\261\217\270\256\204\110\076\263\172\115\250\003\342\342\176
+\001\026\131\150\030\103\063\260\322\334\260\032\103\065\356\245
+\332\251\106\134\256\206\201\101\001\112\164\046\354\237\006\277
+\302\005\067\144\165\170\051\150\375\305\365\353\376\107\371\344
+\205\260\341\173\061\235\246\177\162\243\271\304\054\056\314\231
+\127\016\041\014\105\001\224\145\353\145\011\306\143\042\013\063
+\111\222\110\074\374\315\316\260\076\216\236\213\370\376\111\305
+\065\162\107\002\003\001\000\001\243\201\216\060\201\213\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\252\374\221\020\033\207
+\221\137\026\271\277\117\113\221\136\000\034\261\062\200\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\111
+\006\003\125\035\037\004\102\060\100\060\076\240\074\240\072\206
+\070\150\164\164\160\072\057\057\143\162\154\056\144\055\164\162
+\165\163\164\056\156\145\164\057\143\162\154\057\144\055\164\162
+\165\163\164\137\145\166\137\162\157\157\164\137\143\141\137\062
+\137\062\060\062\063\056\143\162\154\060\015\006\011\052\206\110
+\206\367\015\001\001\015\005\000\003\202\002\001\000\223\313\245
+\037\231\021\354\232\015\137\054\025\223\306\077\276\020\215\170
+\102\360\156\220\107\107\216\243\222\062\215\160\217\366\133\215
+\276\211\316\107\001\152\033\040\040\211\133\310\202\020\154\340
+\347\231\252\153\306\052\240\143\065\221\152\205\045\255\027\070
+\245\233\176\120\362\166\352\205\005\052\047\101\053\261\201\321
+\242\366\100\165\251\016\313\361\125\110\330\354\321\354\263\350
+\316\024\241\065\354\302\136\065\032\253\246\026\001\006\216\352
+\334\057\243\212\312\054\221\353\122\216\137\014\233\027\317\313
+\163\007\031\304\152\302\163\124\357\174\103\122\143\301\021\312
+\302\105\261\364\073\123\365\151\256\074\343\245\336\254\350\124
+\267\262\221\375\254\251\037\362\207\344\027\306\111\250\174\330
+\012\101\364\362\076\347\167\064\004\122\335\350\201\362\115\057
+\124\105\235\025\341\117\314\345\336\064\127\020\311\043\162\027
+\160\215\120\160\037\126\154\314\271\377\072\132\117\143\172\303
+\156\145\007\035\204\241\377\251\014\143\211\155\262\100\210\071
+\327\037\167\150\265\374\234\325\326\147\151\133\250\164\333\374
+\211\366\033\062\367\244\044\246\166\267\107\123\357\215\111\217
+\251\266\203\132\245\226\220\105\141\365\336\003\117\046\017\250
+\213\360\003\226\260\254\025\320\161\132\152\173\224\346\160\223
+\332\361\151\340\262\142\115\236\217\377\211\235\233\135\315\105
+\351\224\002\042\215\340\065\177\350\361\004\171\161\154\124\203
+\370\063\271\005\062\033\130\125\021\117\320\345\047\107\161\354
+\355\332\147\326\142\246\113\115\017\151\242\311\274\354\042\113
+\224\307\150\224\027\176\342\216\050\076\266\306\352\365\064\154
+\237\067\210\007\070\333\206\161\372\315\225\110\103\156\243\117
+\202\207\327\064\230\156\113\223\171\140\165\151\017\360\032\325
+\123\372\041\014\302\077\351\077\037\030\214\222\135\170\247\166
+\147\031\273\262\352\177\351\160\011\126\126\243\260\014\013\055
+\066\136\305\351\304\325\203\313\206\027\227\054\154\023\157\207
+\132\257\111\246\035\333\315\070\004\056\137\342\112\065\016\055
+\113\370\242\044\004\215\330\341\143\136\002\222\064\332\230\141
+\134\034\157\130\166\144\263\374\002\270\365\235\012
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "D-TRUST EV Root CA 2 2023"
+# Issuer: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Serial Number:69:26:09:7e:80:4b:4c:a0:a7:8c:78:62:53:5f:5a:6f
+# Subject: CN=D-TRUST EV Root CA 2 2023,O=D-Trust GmbH,C=DE
+# Not Valid Before: Tue May 09 09:10:33 2023
+# Not Valid After : Sun May 09 09:10:32 2038
+# Fingerprint (SHA-256): 8E:82:21:B2:E7:D4:00:78:36:A1:67:2F:0D:CC:29:9C:33:BC:07:D3:16:F1:32:FA:1A:20:6D:58:71:50:F1:CE
+# Fingerprint (SHA1): A5:5B:D8:47:6C:8F:19:F7:4C:F4:6D:6B:B6:C2:79:82:22:DF:54:8B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST EV Root CA 2 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\245\133\330\107\154\217\031\367\114\364\155\153\266\302\171\202
+\042\337\124\213
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\226\264\170\011\360\011\313\167\353\273\033\115\157\066\274\266
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\023\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\042\060\040\006\003\125\004\003\023
+\031\104\055\124\122\125\123\124\040\105\126\040\122\157\157\164
+\040\103\101\040\062\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\151\046\011\176\200\113\114\240\247\214\170\142\123\137
+\132\157
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

From 6f6d3af93198c59a3ad51de2b15ad83c0ebcb340 Mon Sep 17 00:00:00 2001
From: Florian Loitsch <florian@loitsch.com>
Date: Thu, 20 Feb 2025 15:46:32 +0100
Subject: [PATCH 2/2] Update common list.

---
 src/certificate-roots.toit           | 5 +++--
 tests/tls_global_cert_test_slow.toit | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/certificate-roots.toit b/src/certificate-roots.toit
index e976c2e..534b010 100644
--- a/src/certificate-roots.toit
+++ b/src/certificate-roots.toit
@@ -11058,8 +11058,9 @@ install-all-trusted-roots -> none:
 Common certificate roots.
 */
 COMMON-TRUSTED-ROOTS ::= [
-  DIGICERT-GLOBAL-ROOT-G2,
   DIGICERT-GLOBAL-ROOT-CA,
+  DIGICERT-GLOBAL-ROOT-G2,
+  DIGICERT-GLOBAL-ROOT-G3,
   GLOBALSIGN-ROOT-CA,
   GLOBALSIGN-ROOT-CA-R3,
   COMODO-AAA-SERVICES-ROOT,
@@ -11069,7 +11070,7 @@ COMMON-TRUSTED-ROOTS ::= [
   USERTRUST-RSA-CERTIFICATION-AUTHORITY,
   DIGICERT-HIGH-ASSURANCE-EV-ROOT-CA,
   ISRG-ROOT-X1,
-  STARFIELD-CLASS-2-CA,
+  AMAZON-ROOT-CA-1,
 ]
 
 /**
diff --git a/tests/tls_global_cert_test_slow.toit b/tests/tls_global_cert_test_slow.toit
index a97d464..1f80ed3 100644
--- a/tests/tls_global_cert_test_slow.toit
+++ b/tests/tls_global_cert_test_slow.toit
@@ -60,6 +60,7 @@ run-tests network/net.Client:
 
     "dkhostmaster.dk",
     "dmi.dk",
+    "example.com",
     "pravda.ru",
     "elpriser.nu",
     "coinbase.com",