[1/2] update ca-certificates CA bundle

Message ID 62b6b3fe-6652-75b2-0388-d93c0af02491@ipfire.org
State New
Headers show
Series
  • [1/2] update ca-certificates CA bundle
Related show

Commit Message

Peter Müller Oct. 29, 2019, 6:16 p.m. UTC
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/ca-certificates/certdata.txt | 943 ++++++++++++------------------------
 lfs/ca-certificates                 |   2 +-
 2 files changed, 314 insertions(+), 631 deletions(-)

Comments

Michael Tremer Oct. 30, 2019, 10:42 a.m. UTC | #1
Acked-by: Michael Tremer <michael.tremer@ipfire.org>

> On 29 Oct 2019, at 18:16, peter.mueller@ipfire.org wrote:
> 
> Update the CA certificates list to what Mozilla NSS ships currently.
> 
> The original file can be retrieved from:
> https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/ca-certificates/certdata.txt | 943 ++++++++++++------------------------
> lfs/ca-certificates                 |   2 +-
> 2 files changed, 314 insertions(+), 631 deletions(-)
> 
> diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt
> index 3466f6ee4..3a44db293 100644
> --- a/config/ca-certificates/certdata.txt
> +++ b/config/ca-certificates/certdata.txt
> @@ -13,19 +13,21 @@
> #
> #    Certificates
> #
> -#  -- Attribute --          -- type --              -- value --
> -#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE
> -#  CKA_TOKEN                CK_BBOOL                CK_TRUE
> -#  CKA_PRIVATE              CK_BBOOL                CK_FALSE
> -#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE
> -#  CKA_LABEL                UTF8                    (varies)
> -#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509
> -#  CKA_SUBJECT              DER+base64              (varies)
> -#  CKA_ID                   byte array              (varies)
> -#  CKA_ISSUER               DER+base64              (varies)
> -#  CKA_SERIAL_NUMBER        DER+base64              (varies)
> -#  CKA_VALUE                DER+base64              (varies)
> -#  CKA_NSS_EMAIL            ASCII7                  (unused here)
> +#  -- Attribute --               -- type --          -- value --
> +#  CKA_CLASS                     CK_OBJECT_CLASS     CKO_CERTIFICATE
> +#  CKA_TOKEN                     CK_BBOOL            CK_TRUE
> +#  CKA_PRIVATE                   CK_BBOOL            CK_FALSE
> +#  CKA_MODIFIABLE                CK_BBOOL            CK_FALSE
> +#  CKA_LABEL                     UTF8                (varies)
> +#  CKA_CERTIFICATE_TYPE          CK_CERTIFICATE_TYPE CKC_X_509
> +#  CKA_SUBJECT                   DER+base64          (varies)
> +#  CKA_ID                        byte array          (varies)
> +#  CKA_ISSUER                    DER+base64          (varies)
> +#  CKA_SERIAL_NUMBER             DER+base64          (varies)
> +#  CKA_VALUE                     DER+base64          (varies)
> +#  CKA_NSS_EMAIL                 ASCII7              (unused here)
> +#  CKA_NSS_SERVER_DISTRUST_AFTER DER+base64          (varies)
> +#  CKA_NSS_EMAIL_DISTRUST_AFTER  DER+base64          (varies)
> #
> #    Trust
> #
> @@ -164,6 +166,8 @@ CKA_VALUE MULTILINE_OCTAL
> \125\342\374\110\311\051\046\151\340
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GlobalSign Root CA"
> # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
> @@ -298,6 +302,8 @@ CKA_VALUE MULTILINE_OCTAL
> \152\374\176\102\070\100\144\022\367\236\201\341\223\056
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GlobalSign Root CA - R2"
> # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
> @@ -454,6 +460,8 @@ CKA_VALUE MULTILINE_OCTAL
> \113\336\006\226\161\054\362\333\266\037\244\357\077\356
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
> # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> @@ -619,6 +627,8 @@ CKA_VALUE MULTILINE_OCTAL
> \311\130\020\371\252\357\132\266\317\113\113\337\052
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
> # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> @@ -784,6 +794,8 @@ CKA_VALUE MULTILINE_OCTAL
> \153\271\012\172\116\117\113\204\356\113\361\175\335\021
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
> # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> @@ -1059,6 +1071,8 @@ CKA_VALUE MULTILINE_OCTAL
> \174\136\232\166\351\131\220\305\174\203\065\021\145\121
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Entrust.net Premium 2048 Secure Server CA"
> # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
> @@ -1197,6 +1211,8 @@ CKA_VALUE MULTILINE_OCTAL
> \347\201\035\031\303\044\102\352\143\071\251
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Baltimore CyberTrust Root"
> # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
> @@ -1341,6 +1357,8 @@ CKA_VALUE MULTILINE_OCTAL
> \065\341\035\026\034\320\274\053\216\326\161\331
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "AddTrust Low-Value Services Root"
> # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
> @@ -1490,6 +1508,8 @@ CKA_VALUE MULTILINE_OCTAL
> \027\132\173\320\274\307\217\116\206\004
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "AddTrust External Root"
> # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
> @@ -1654,6 +1674,8 @@ CKA_VALUE MULTILINE_OCTAL
> \036\177\132\264\074
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Entrust Root Certification Authority"
> # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
> @@ -1788,6 +1810,8 @@ CKA_VALUE MULTILINE_OCTAL
> \302\005\146\200\241\313\346\063
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GeoTrust Global CA"
> # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
> @@ -1948,6 +1972,8 @@ CKA_VALUE MULTILINE_OCTAL
> \244\346\216\330\371\051\110\212\316\163\376\054
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GeoTrust Universal CA"
> # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
> @@ -2108,6 +2134,8 @@ CKA_VALUE MULTILINE_OCTAL
> \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GeoTrust Universal CA 2"
> # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
> @@ -2228,6 +2256,8 @@ CKA_VALUE MULTILINE_OCTAL
> \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Certum Root CA"
> # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
> @@ -2374,6 +2404,8 @@ CKA_VALUE MULTILINE_OCTAL
> \225\351\066\226\230\156
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Comodo AAA Services root"
> # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
> @@ -2552,6 +2584,8 @@ CKA_VALUE MULTILINE_OCTAL
> \112\164\066\371
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "QuoVadis Root CA"
> # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
> @@ -2721,6 +2755,8 @@ CKA_VALUE MULTILINE_OCTAL
> \020\005\145\325\202\020\352\302\061\315\056
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "QuoVadis Root CA 2"
> # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
> @@ -2901,6 +2937,8 @@ CKA_VALUE MULTILINE_OCTAL
> \332
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "QuoVadis Root CA 3"
> # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
> @@ -3030,6 +3068,8 @@ CKA_VALUE MULTILINE_OCTAL
> \057\317\246\356\311\160\042\024\275\375\276\154\013\003
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Security Communication Root CA"
> # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
> @@ -3153,6 +3193,8 @@ CKA_VALUE MULTILINE_OCTAL
> \160\254\337\114
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Sonera Class 2 Root CA"
> # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
> @@ -3188,177 +3230,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> 
> -#
> -# Certificate "UTN USERFirst Email Root CA"
> -#
> -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
> -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
> -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
> -# Not Valid Before: Fri Jul 09 17:28:50 1999
> -# Not Valid After : Tue Jul 09 17:36:58 2019
> -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
> -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
> -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
> -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> -CKA_SUBJECT MULTILINE_OCTAL
> -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
> -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
> -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
> -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
> -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
> -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
> -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
> -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
> -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
> -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
> -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
> -\154
> -END
> -CKA_ID UTF8 "0"
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
> -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
> -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
> -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
> -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
> -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
> -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
> -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
> -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
> -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
> -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
> -\154
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
> -\311\211
> -END
> -CKA_VALUE MULTILINE_OCTAL
> -\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104
> -\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060
> -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
> -\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
> -\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
> -\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
> -\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
> -\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
> -\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
> -\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
> -\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003
> -\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055
> -\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143
> -\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060
> -\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132
> -\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060
> -\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061
> -\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
> -\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
> -\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
> -\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
> -\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
> -\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
> -\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004
> -\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164
> -\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151
> -\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154
> -\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
> -\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
> -\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301
> -\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230
> -\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322
> -\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275
> -\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362
> -\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240
> -\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245
> -\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147
> -\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013
> -\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346
> -\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274
> -\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327
> -\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214
> -\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323
> -\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370
> -\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054
> -\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003
> -\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023
> -\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
> -\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264
> -\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037
> -\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160
> -\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164
> -\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162
> -\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164
> -\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056
> -\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010
> -\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007
> -\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005
> -\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112
> -\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356
> -\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040
> -\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126
> -\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264
> -\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327
> -\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057
> -\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320
> -\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233
> -\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003
> -\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246
> -\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254
> -\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174
> -\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044
> -\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266
> -\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303
> -\005\323\312\003\112\124
> -END
> -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> -
> -# Trust for Certificate "UTN USERFirst Email Root CA"
> -# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
> -# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
> -# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
> -# Not Valid Before: Fri Jul 09 17:28:50 1999
> -# Not Valid After : Tue Jul 09 17:36:58 2019
> -# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
> -# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
> -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
> -CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> -\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152
> -\104\143\166\212
> -END
> -CKA_CERT_MD5_HASH MULTILINE_OCTAL
> -\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367
> -END
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
> -\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
> -\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
> -\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
> -\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
> -\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
> -\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
> -\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
> -\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
> -\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
> -\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
> -\154
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
> -\311\211
> -END
> -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> -
> #
> # Certificate "Camerfirma Chambers of Commerce Root"
> #
> @@ -3481,6 +3352,8 @@ CKA_VALUE MULTILINE_OCTAL
> \334
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Camerfirma Chambers of Commerce Root"
> # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
> @@ -3641,6 +3514,8 @@ CKA_VALUE MULTILINE_OCTAL
> \166\135\165\220\032\365\046\217\360
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Camerfirma Global Chambersign Root"
> # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
> @@ -3794,6 +3669,8 @@ CKA_VALUE MULTILINE_OCTAL
> \264\003\045\274
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "XRamp Global CA Root"
> # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
> @@ -3941,6 +3818,8 @@ CKA_VALUE MULTILINE_OCTAL
> \177\333\275\237
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Go Daddy Class 2 CA"
> # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
> @@ -4086,6 +3965,8 @@ CKA_VALUE MULTILINE_OCTAL
> \037\027\224
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Starfield Class 2 CA"
> # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
> @@ -4250,6 +4131,8 @@ CKA_VALUE MULTILINE_OCTAL
> \245\206\054\174\364\022
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Taiwan GRCA"
> # Issuer: O=Government Root Certification Authority,C=TW
> @@ -4389,6 +4272,8 @@ CKA_VALUE MULTILINE_OCTAL
> \346\120\262\247\372\012\105\057\242\360\362
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "DigiCert Assured ID Root CA"
> # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -4530,6 +4415,8 @@ CKA_VALUE MULTILINE_OCTAL
> \225\155\336
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "DigiCert Global Root CA"
> # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -4672,6 +4559,8 @@ CKA_VALUE MULTILINE_OCTAL
> \370\351\056\023\243\167\350\037\112
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "DigiCert High Assurance EV Root CA"
> # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -4711,136 +4600,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> 
> -#
> -# Certificate "Certplus Class 2 Primary CA"
> -#
> -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
> -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
> -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
> -# Not Valid Before: Wed Jul 07 17:05:00 1999
> -# Not Valid After : Sat Jul 06 23:59:59 2019
> -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
> -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
> -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
> -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> -CKA_SUBJECT MULTILINE_OCTAL
> -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
> -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
> -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
> -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
> -END
> -CKA_ID UTF8 "0"
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
> -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
> -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
> -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
> -\245\104\043
> -END
> -CKA_VALUE MULTILINE_OCTAL
> -\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000
> -\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043
> -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
> -\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021
> -\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165
> -\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163
> -\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036
> -\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027
> -\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075
> -\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060
> -\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163
> -\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163
> -\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001
> -\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
> -\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120
> -\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317
> -\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103
> -\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221
> -\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154
> -\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063
> -\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213
> -\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171
> -\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337
> -\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235
> -\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140
> -\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276
> -\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254
> -\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162
> -\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311
> -\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064
> -\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003
> -\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023
> -\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035
> -\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026
> -\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171
> -\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370
> -\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037
> -\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160
> -\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056
> -\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143
> -\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005
> -\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177
> -\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104
> -\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333
> -\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174
> -\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076
> -\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233
> -\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021
> -\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006
> -\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100
> -\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000
> -\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157
> -\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330
> -\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201
> -\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366
> -\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056
> -\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273
> -\227\277\242\216\264\124
> -END
> -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> -
> -# Trust for Certificate "Certplus Class 2 Primary CA"
> -# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
> -# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
> -# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
> -# Not Valid Before: Wed Jul 07 17:05:00 1999
> -# Not Valid After : Sat Jul 06 23:59:59 2019
> -# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
> -# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
> -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
> -CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> -\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302
> -\201\222\342\273
> -END
> -CKA_CERT_MD5_HASH MULTILINE_OCTAL
> -\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013
> -END
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
> -\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
> -\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
> -\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
> -\245\104\043
> -END
> -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> -
> #
> # Certificate "DST Root CA X3"
> #
> @@ -4932,6 +4691,8 @@ CKA_VALUE MULTILINE_OCTAL
> \013\004\216\007\333\051\266\012\356\235\202\065\065\020
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "DST Root CA X3"
> # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
> @@ -5099,6 +4860,8 @@ CKA_VALUE MULTILINE_OCTAL
> \205\206\171\145\322
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "SwissSign Platinum CA - G2"
> # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
> @@ -5264,6 +5027,8 @@ CKA_VALUE MULTILINE_OCTAL
> \111\044\133\311\260\320\127\301\372\076\172\341\227\311
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "SwissSign Gold CA - G2"
> # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
> @@ -5430,6 +5195,8 @@ CKA_VALUE MULTILINE_OCTAL
> \156
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "SwissSign Silver CA - G2"
> # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
> @@ -5562,6 +5329,8 @@ CKA_VALUE MULTILINE_OCTAL
> \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GeoTrust Primary Certification Authority"
> # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
> @@ -5717,6 +5486,8 @@ CKA_VALUE MULTILINE_OCTAL
> \215\126\214\150
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "thawte Primary Root CA"
> # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
> @@ -5892,6 +5663,8 @@ CKA_VALUE MULTILINE_OCTAL
> \254\021\326\250\355\143\152
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
> # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> @@ -6035,6 +5808,8 @@ CKA_VALUE MULTILINE_OCTAL
> \113\035\236\054\302\270\150\274\355\002\356\061
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "SecureTrust CA"
> # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
> @@ -6170,6 +5945,8 @@ CKA_VALUE MULTILINE_OCTAL
> \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Secure Global CA"
> # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
> @@ -6320,6 +6097,8 @@ CKA_VALUE MULTILINE_OCTAL
> \145
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "COMODO Certification Authority"
> # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> @@ -6466,6 +6245,8 @@ CKA_VALUE MULTILINE_OCTAL
> \244\140\114\260\125\240\240\173\127\262
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Network Solutions Certificate Authority"
> # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
> @@ -6592,6 +6373,8 @@ CKA_VALUE MULTILINE_OCTAL
> \334\335\363\377\035\054\072\026\127\331\222\071\326
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "COMODO ECC Certification Authority"
> # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> @@ -6743,6 +6526,8 @@ CKA_VALUE MULTILINE_OCTAL
> \374\276\337\012\015
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "OISTE WISeKey Global Root GA CA"
> # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
> @@ -6878,6 +6663,8 @@ CKA_VALUE MULTILINE_OCTAL
> \300\226\130\057\352\273\106\327\273\344\331\056
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Certigna"
> # Issuer: CN=Certigna,O=Dhimyotis,C=FR
> @@ -6913,147 +6700,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> 
> -#
> -# Certificate "Deutsche Telekom Root CA 2"
> -#
> -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
> -# Serial Number: 38 (0x26)
> -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
> -# Not Valid Before: Fri Jul 09 12:11:00 1999
> -# Not Valid After : Tue Jul 09 23:59:00 2019
> -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
> -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
> -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
> -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> -CKA_SUBJECT MULTILINE_OCTAL
> -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
> -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
> -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
> -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
> -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
> -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
> -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
> -\101\040\062
> -END
> -CKA_ID UTF8 "0"
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
> -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
> -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
> -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
> -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
> -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
> -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
> -\101\040\062
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\001\046
> -END
> -CKA_VALUE MULTILINE_OCTAL
> -\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046
> -\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
> -\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034
> -\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150
> -\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035
> -\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143
> -\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060
> -\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145
> -\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101
> -\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061
> -\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060
> -\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104
> -\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164
> -\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061
> -\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145
> -\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162
> -\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163
> -\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164
> -\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110
> -\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
> -\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024
> -\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225
> -\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245
> -\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102
> -\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053
> -\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320
> -\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053
> -\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110
> -\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006
> -\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122
> -\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062
> -\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206
> -\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034
> -\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310
> -\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322
> -\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007
> -\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060
> -\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365
> -\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017
> -\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060
> -\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
> -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
> -\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303
> -\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211
> -\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051
> -\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037
> -\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330
> -\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132
> -\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240
> -\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236
> -\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345
> -\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020
> -\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124
> -\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376
> -\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257
> -\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143
> -\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224
> -\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005
> -\126\144\127
> -END
> -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> -
> -# Trust for Certificate "Deutsche Telekom Root CA 2"
> -# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
> -# Serial Number: 38 (0x26)
> -# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
> -# Not Valid Before: Fri Jul 09 12:11:00 1999
> -# Not Valid After : Tue Jul 09 23:59:00 2019
> -# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
> -# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
> -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
> -CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> -\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375
> -\214\336\067\277
> -END
> -CKA_CERT_MD5_HASH MULTILINE_OCTAL
> -\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010
> -END
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
> -\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
> -\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
> -\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
> -\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
> -\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
> -\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
> -\101\040\062
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\001\046
> -END
> -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> -
> #
> # Certificate "Cybertrust Global Root"
> #
> @@ -7148,6 +6794,8 @@ CKA_VALUE MULTILINE_OCTAL
> \246\210\070\316\125
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Cybertrust Global Root"
> # Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc"
> @@ -7315,6 +6963,8 @@ CKA_VALUE MULTILINE_OCTAL
> \201\370\021\234
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "ePKI Root Certification Authority"
> # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
> @@ -7440,6 +7090,8 @@ CKA_VALUE MULTILINE_OCTAL
> \366\356\260\132\116\111\104\124\130\137\102\203
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "certSIGN ROOT CA"
> # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
> @@ -7588,6 +7240,8 @@ CKA_VALUE MULTILINE_OCTAL
> \021\055
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GeoTrust Primary Certification Authority - G3"
> # Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
> @@ -7717,6 +7371,8 @@ CKA_VALUE MULTILINE_OCTAL
> \367\130\077\056\162\002\127\243\217\241\024\056
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "thawte Primary Root CA - G2"
> # Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
> @@ -7877,6 +7533,8 @@ CKA_VALUE MULTILINE_OCTAL
> \061\324\100\032\142\064\066\077\065\001\256\254\143\240
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "thawte Primary Root CA - G3"
> # Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
> @@ -8013,6 +7671,8 @@ CKA_VALUE MULTILINE_OCTAL
> \017\212
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GeoTrust Primary Certification Authority - G2"
> # Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
> @@ -8183,6 +7843,8 @@ CKA_VALUE MULTILINE_OCTAL
> \354\315\202\141\361\070\346\117\227\230\052\132\215
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "VeriSign Universal Root Certification Authority"
> # Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> @@ -8338,6 +8000,8 @@ CKA_VALUE MULTILINE_OCTAL
> \055\247\330\206\052\335\056\020
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
> # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
> @@ -8498,6 +8162,8 @@ CKA_VALUE MULTILINE_OCTAL
> \330\316\304\143\165\077\131\107\261
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány"
> # Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
> @@ -8672,6 +8338,8 @@ CKA_VALUE MULTILINE_OCTAL
> \370\161\012\334\271\374\175\062\140\346\353\257\212\001
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Staat der Nederlanden Root CA - G2"
> # Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
> @@ -8798,6 +8466,8 @@ CKA_VALUE MULTILINE_OCTAL
> \002\153\331\132
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Hongkong Post Root CA 1"
> # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
> @@ -8929,6 +8599,8 @@ CKA_VALUE MULTILINE_OCTAL
> \362
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "SecureSign RootCA11"
> # Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
> @@ -9076,6 +8748,8 @@ CKA_VALUE MULTILINE_OCTAL
> \202\042\055\172\124\253\160\303\175\042\145\202\160\226
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Microsec e-Szigno Root CA 2009"
> # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
> @@ -9208,6 +8882,8 @@ CKA_VALUE MULTILINE_OCTAL
> \130\077\137
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "GlobalSign Root CA - R3"
> # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
> @@ -9381,6 +9057,8 @@ CKA_VALUE MULTILINE_OCTAL
> \156\117\022\176\012\074\235\225
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
> # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
> @@ -9550,6 +9228,8 @@ CKA_VALUE MULTILINE_OCTAL
> \333\374\046\210\307
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Izenpe.com"
> # Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
> @@ -9755,6 +9435,8 @@ CKA_VALUE MULTILINE_OCTAL
> \167\110\320
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Chambers of Commerce Root - 2008"
> # Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
> @@ -9964,6 +9646,8 @@ CKA_VALUE MULTILINE_OCTAL
> \351\233\256\325\124\300\164\200\321\013\102\237\301
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Global Chambersign Root - 2008"
> # Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
> @@ -10112,6 +9796,8 @@ CKA_VALUE MULTILINE_OCTAL
> \342\342\104\276\134\367\352\034\365
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Go Daddy Root Certificate Authority - G2"
> # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> @@ -10262,6 +9948,8 @@ CKA_VALUE MULTILINE_OCTAL
> \364
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Starfield Root Certificate Authority - G2"
> # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
> @@ -10414,6 +10102,8 @@ CKA_VALUE MULTILINE_OCTAL
> \261\050\272
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Starfield Services Root Certificate Authority - G2"
> # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
> @@ -10545,6 +10235,8 @@ CKA_VALUE MULTILINE_OCTAL
> \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "AffirmTrust Commercial"
> # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
> @@ -10671,6 +10363,8 @@ CKA_VALUE MULTILINE_OCTAL
> \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "AffirmTrust Networking"
> # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US
> @@ -10829,6 +10523,8 @@ CKA_VALUE MULTILINE_OCTAL
> \051\340\266\270\011\150\031\034\030\103
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "AffirmTrust Premium"
> # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US
> @@ -10935,6 +10631,8 @@ CKA_VALUE MULTILINE_OCTAL
> \214\171
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "AffirmTrust Premium ECC"
> # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
> @@ -11074,6 +10772,8 @@ CKA_VALUE MULTILINE_OCTAL
> \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Certum Trusted Network CA"
> # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
> @@ -11210,6 +10910,8 @@ CKA_VALUE MULTILINE_OCTAL
> \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "TWCA Root Certification Authority"
> # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
> @@ -11693,6 +11395,8 @@ CKA_VALUE MULTILINE_OCTAL
> \201\050\174\247\175\047\353\000\256\215\067
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Security Communication RootCA2"
> # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
> @@ -11876,6 +11580,8 @@ CKA_VALUE MULTILINE_OCTAL
> \371\210\075\176\270\157\156\003\344\102
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "EC-ACC"
> # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
> @@ -12039,6 +11745,8 @@ CKA_VALUE MULTILINE_OCTAL
> \113\321\047\327\270
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011"
> # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
> @@ -12275,6 +11983,8 @@ CKA_VALUE MULTILINE_OCTAL
> \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Actalis Authentication Root CA"
> # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
> @@ -12406,6 +12116,8 @@ CKA_VALUE MULTILINE_OCTAL
> \145\353\127\331\363\127\226\273\110\315\201
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Trustis FPS Root CA"
> # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
> @@ -12566,6 +12278,8 @@ CKA_VALUE MULTILINE_OCTAL
> \327\201\011\361\311\307\046\015\254\230\026\126\240
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Buypass Class 2 Root CA"
> # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
> @@ -12725,6 +12439,8 @@ CKA_VALUE MULTILINE_OCTAL
> \061\356\006\274\163\277\023\142\012\237\307\271\227
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Buypass Class 3 Root CA"
> # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
> @@ -12867,6 +12583,8 @@ CKA_VALUE MULTILINE_OCTAL
> \116\223\303\244\124\024\133
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "T-TeleSec GlobalRoot Class 3"
> # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
> @@ -13016,6 +12734,8 @@ CKA_VALUE MULTILINE_OCTAL
> \307\314\165\301\226\305\235
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "EE Certification Centre Root CA"
> # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
> @@ -13229,6 +12949,8 @@ CKA_VALUE MULTILINE_OCTAL
> \164\145\327\134\376\243\342
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "D-TRUST Root Class 3 CA 2 2009"
> # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
> @@ -13373,6 +13095,8 @@ CKA_VALUE MULTILINE_OCTAL
> \352\237\026\361\054\124\265
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "D-TRUST Root Class 3 CA 2 EV 2009"
> # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
> @@ -13410,181 +13134,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> 
> -#
> -# Certificate "Swisscom Root CA 2"
> -#
> -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
> -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
> -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
> -# Not Valid Before: Fri Jun 24 08:38:14 2011
> -# Not Valid After : Wed Jun 25 07:38:14 2031
> -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
> -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
> -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "Swisscom Root CA 2"
> -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
> -CKA_SUBJECT MULTILINE_OCTAL
> -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
> -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
> -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
> -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
> -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
> -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
> -\164\040\103\101\040\062
> -END
> -CKA_ID UTF8 "0"
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
> -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
> -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
> -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
> -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
> -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
> -\164\040\103\101\040\062
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
> -\147\266
> -END
> -CKA_VALUE MULTILINE_OCTAL
> -\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036
> -\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060
> -\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144
> -\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060
> -\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155
> -\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164
> -\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123
> -\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003
> -\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040
> -\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070
> -\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063
> -\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023
> -\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167
> -\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023
> -\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151
> -\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060
> -\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155
> -\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015
> -\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
> -\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235
> -\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053
> -\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100
> -\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030
> -\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253
> -\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312
> -\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226
> -\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137
> -\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225
> -\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333
> -\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117
> -\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370
> -\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052
> -\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205
> -\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001
> -\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266
> -\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300
> -\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140
> -\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377
> -\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113
> -\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071
> -\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156
> -\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364
> -\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062
> -\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216
> -\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013
> -\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026
> -\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215
> -\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141
> -\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337
> -\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374
> -\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020
> -\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001
> -\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377
> -\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060
> -\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205
> -\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004
> -\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016
> -\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157
> -\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004
> -\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241
> -\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110
> -\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262
> -\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021
> -\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023
> -\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312
> -\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357
> -\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175
> -\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036
> -\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110
> -\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303
> -\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013
> -\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161
> -\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164
> -\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272
> -\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357
> -\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257
> -\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131
> -\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023
> -\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042
> -\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273
> -\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147
> -\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230
> -\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125
> -\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126
> -\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005
> -\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320
> -\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215
> -\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114
> -\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164
> -\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166
> -\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335
> -\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224
> -\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071
> -\301\053\022\236\246\236\033\305\346\016\331\061\331
> -END
> -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> -
> -# Trust for "Swisscom Root CA 2"
> -# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
> -# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
> -# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
> -# Not Valid Before: Fri Jun 24 08:38:14 2011
> -# Not Valid After : Wed Jun 25 07:38:14 2031
> -# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
> -# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
> -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
> -CKA_TOKEN CK_BBOOL CK_TRUE
> -CKA_PRIVATE CK_BBOOL CK_FALSE
> -CKA_MODIFIABLE CK_BBOOL CK_FALSE
> -CKA_LABEL UTF8 "Swisscom Root CA 2"
> -CKA_CERT_SHA1_HASH MULTILINE_OCTAL
> -\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225
> -\112\212\101\354
> -END
> -CKA_CERT_MD5_HASH MULTILINE_OCTAL
> -\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031
> -END
> -CKA_ISSUER MULTILINE_OCTAL
> -\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
> -\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
> -\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
> -\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
> -\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
> -\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
> -\164\040\103\101\040\062
> -END
> -CKA_SERIAL_NUMBER MULTILINE_OCTAL
> -\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
> -\147\266
> -END
> -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
> -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
> -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
> -
> #
> # Certificate "CA Disig Root R2"
> #
> @@ -13711,6 +13260,8 @@ CKA_VALUE MULTILINE_OCTAL
> \363\154\033\165\106\243\345\112\027\351\244\327\013
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "CA Disig Root R2"
> # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
> @@ -13911,6 +13462,8 @@ CKA_VALUE MULTILINE_OCTAL
> \125\064\106\052\213\206\073
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "ACCVRAIZ1"
> # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
> @@ -14071,6 +13624,8 @@ CKA_VALUE MULTILINE_OCTAL
> \053\006\320\004\315
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "TWCA Global Root CA"
> # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
> @@ -14228,6 +13783,8 @@ CKA_VALUE MULTILINE_OCTAL
> \245\240\314\277\323\366\165\244\165\226\155\126
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "TeliaSonera Root CA v1"
> # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
> @@ -14416,6 +13973,8 @@ CKA_VALUE MULTILINE_OCTAL
> \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "E-Tugra Certification Authority"
> # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
> @@ -14565,6 +14124,8 @@ CKA_VALUE MULTILINE_OCTAL
> \005\047\216\023\241\156\302
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "T-TeleSec GlobalRoot Class 2"
> # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
> @@ -14696,6 +14257,8 @@ CKA_VALUE MULTILINE_OCTAL
> \035\362\376\011\021\260\360\207\173\247\235
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Atos TrustedRoot 2011"
> # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
> @@ -14856,6 +14419,8 @@ CKA_VALUE MULTILINE_OCTAL
> \063\140\345\303
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "QuoVadis Root CA 1 G3"
> # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
> @@ -15018,6 +14583,8 @@ CKA_VALUE MULTILINE_OCTAL
> \203\336\177\214
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "QuoVadis Root CA 2 G3"
> # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
> @@ -15180,6 +14747,8 @@ CKA_VALUE MULTILINE_OCTAL
> \130\371\230\364
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "QuoVadis Root CA 3 G3"
> # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
> @@ -15317,6 +14886,8 @@ CKA_VALUE MULTILINE_OCTAL
> \042\023\163\154\317\046\365\212\051\347
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "DigiCert Assured ID Root G2"
> # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -15435,6 +15006,8 @@ CKA_VALUE MULTILINE_OCTAL
> \352\226\143\152\145\105\222\225\001\264
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "DigiCert Assured ID Root G3"
> # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -15574,6 +15147,8 @@ CKA_VALUE MULTILINE_OCTAL
> \062\266
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "DigiCert Global Root G2"
> # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -15692,6 +15267,8 @@ CKA_VALUE MULTILINE_OCTAL
> \263\047\027
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "DigiCert Global Root G3"
> # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -15863,6 +15440,8 @@ CKA_VALUE MULTILINE_OCTAL
> \317\363\146\176
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "DigiCert Trusted Root G4"
> # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
> @@ -16042,6 +15621,8 @@ CKA_VALUE MULTILINE_OCTAL
> \065\123\205\006\112\135\237\255\273\033\137\164
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "COMODO RSA Certification Authority"
> # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> @@ -16224,6 +15805,8 @@ CKA_VALUE MULTILINE_OCTAL
> \250\375
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "USERTrust RSA Certification Authority"
> # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
> @@ -16353,6 +15936,8 @@ CKA_VALUE MULTILINE_OCTAL
> \127\152\030
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "USERTrust ECC Certification Authority"
> # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
> @@ -16465,6 +16050,8 @@ CKA_VALUE MULTILINE_OCTAL
> \173\013\370\237\204
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GlobalSign ECC Root CA - R4"
> # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
> @@ -16578,6 +16165,8 @@ CKA_VALUE MULTILINE_OCTAL
> \220\067
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GlobalSign ECC Root CA - R5"
> # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
> @@ -16743,6 +16332,8 @@ CKA_VALUE MULTILINE_OCTAL
> \367\200\173\041\147\047\060\131
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Staat der Nederlanden Root CA - G3"
> # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
> @@ -16907,6 +16498,8 @@ CKA_VALUE MULTILINE_OCTAL
> \356\354\327\056
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Staat der Nederlanden EV Root CA"
> # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
> @@ -17069,6 +16662,8 @@ CKA_VALUE MULTILINE_OCTAL
> \272\204\156\207
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "IdenTrust Commercial Root CA 1"
> # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
> @@ -17231,6 +16826,8 @@ CKA_VALUE MULTILINE_OCTAL
> \267\254\266\255\267\312\076\001\357\234
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "IdenTrust Public Sector Root CA 1"
> # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
> @@ -17390,6 +16987,8 @@ CKA_VALUE MULTILINE_OCTAL
> \105\366
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Entrust Root Certification Authority - G2"
> # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
> @@ -17535,6 +17134,8 @@ CKA_VALUE MULTILINE_OCTAL
> \231\267\046\101\133\045\140\256\320\110\032\356\006
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Entrust Root Certification Authority - EC1"
> # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
> @@ -17708,6 +17309,8 @@ CKA_VALUE MULTILINE_OCTAL
> \056
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "CFCA EV ROOT"
> # Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
> @@ -17847,6 +17450,8 @@ CKA_VALUE MULTILINE_OCTAL
> \065\255\201\307\116\161\272\210\023
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "OISTE WISeKey Global Root GB CA"
> # Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
> @@ -17982,6 +17587,8 @@ CKA_VALUE MULTILINE_OCTAL
> \326\040\036\343\163\267
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "SZAFIR ROOT CA2"
> # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
> @@ -18160,6 +17767,8 @@ CKA_VALUE MULTILINE_OCTAL
> \016\265\271\276\044\217
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Certum Trusted Network CA 2"
> # Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
> @@ -18347,6 +17956,8 @@ CKA_VALUE MULTILINE_OCTAL
> \276\157\152\247\365\054\102\355\062\255\266\041\236\276\274
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Hellenic Academic and Research Institutions RootCA 2015"
> # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
> @@ -18483,6 +18094,8 @@ CKA_VALUE MULTILINE_OCTAL
> \342\174\352\002\130\042\221
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015"
> # Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
> @@ -18652,6 +18265,8 @@ CKA_VALUE MULTILINE_OCTAL
> \376\216\036\127\242\315\100\235\176\142\042\332\336\030\047
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "ISRG Root X1"
> # Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
> @@ -18815,6 +18430,8 @@ CKA_VALUE MULTILINE_OCTAL
> \072\117\110\366\213\266\263
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "AC RAIZ FNMT-RCM"
> # Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
> @@ -18940,6 +18557,8 @@ CKA_VALUE MULTILINE_OCTAL
> \304\220\276\361\271
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Amazon Root CA 1"
> # Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
> @@ -19097,6 +18716,8 @@ CKA_VALUE MULTILINE_OCTAL
> \340\373\011\140\154
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Amazon Root CA 2"
> # Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
> @@ -19197,6 +18818,8 @@ CKA_VALUE MULTILINE_OCTAL
> \143\044\110\034\337\060\175\325\150\073
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Amazon Root CA 3"
> # Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
> @@ -19301,6 +18924,8 @@ CKA_VALUE MULTILINE_OCTAL
> \012\166\324\245\274\020
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Amazon Root CA 4"
> # Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
> @@ -19468,6 +19093,8 @@ CKA_VALUE MULTILINE_OCTAL
> \045\307\043\200\203\012\353
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "LuxTrust Global Root 2"
> # Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
> @@ -19617,6 +19244,8 @@ CKA_VALUE MULTILINE_OCTAL
> \322\063\340\377\275\321\124\071\051\017
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
> # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> @@ -19771,6 +19400,8 @@ CKA_VALUE MULTILINE_OCTAL
> \157\374\132\344\202\125\131\257\061\251
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
> # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> @@ -19904,6 +19535,8 @@ CKA_VALUE MULTILINE_OCTAL
> \362\014\105\111\071\277\231\004\034\323\020\240
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
> # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> @@ -20037,6 +19670,8 @@ CKA_VALUE MULTILINE_OCTAL
> \051\246\330\107\331\240\226\030\333\362\105\263
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
> # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> @@ -20182,6 +19817,8 @@ CKA_VALUE MULTILINE_OCTAL
> \137\134
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "D-TRUST Root CA 3 2013"
> # Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE
> @@ -20344,6 +19981,8 @@ CKA_VALUE MULTILINE_OCTAL
> \237\042\136\242\017\241\343
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
> # Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
> @@ -20519,6 +20158,8 @@ CKA_VALUE MULTILINE_OCTAL
> \250\267\101\154\007\335\275\074\206\227\057\322
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GDCA TrustAUTH R5 ROOT"
> # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
> @@ -20674,6 +20315,8 @@ CKA_VALUE MULTILINE_OCTAL
> \132\171\054\031
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "TrustCor RootCert CA-1"
> # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> @@ -20865,6 +20508,8 @@ CKA_VALUE MULTILINE_OCTAL
> \326\354\011
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "TrustCor RootCert CA-2"
> # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> @@ -21021,6 +20666,8 @@ CKA_VALUE MULTILINE_OCTAL
> \264\237\327\346
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "TrustCor ECA-1"
> # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
> @@ -21200,6 +20847,8 @@ CKA_VALUE MULTILINE_OCTAL
> \271
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "SSL.com Root Certification Authority RSA"
> # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
> @@ -21324,6 +20973,8 @@ CKA_VALUE MULTILINE_OCTAL
> \145
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "SSL.com Root Certification Authority ECC"
> # Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
> @@ -21503,6 +21154,8 @@ CKA_VALUE MULTILINE_OCTAL
> \040\022\215\264\254\127\261\105\143\241\254\166\251\302\373
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "SSL.com EV Root Certification Authority RSA R2"
> # Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
> @@ -21630,6 +21283,8 @@ CKA_VALUE MULTILINE_OCTAL
> \371\007\340\142\232\214\134\112
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "SSL.com EV Root Certification Authority ECC"
> # Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
> @@ -21796,6 +21451,8 @@ CKA_VALUE MULTILINE_OCTAL
> \147\203\005\132\311\244\020
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GlobalSign Root CA - R6"
> # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6
> @@ -21913,6 +21570,8 @@ CKA_VALUE MULTILINE_OCTAL
> \242\355\357\173\260\200\117\130\017\113\123\071\275
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "OISTE WISeKey Global Root GC CA"
> # Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
> @@ -22076,6 +21735,8 @@ CKA_VALUE MULTILINE_OCTAL
> \361\306\143\107\125\034\272\245\010\121\165\246\110\045
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GTS Root R1"
> # Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
> @@ -22237,6 +21898,8 @@ CKA_VALUE MULTILINE_OCTAL
> \267\375\054\010\122\117\202\335\243\360\324\206\011\002
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GTS Root R2"
> # Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US
> @@ -22345,6 +22008,8 @@ CKA_VALUE MULTILINE_OCTAL
> \232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GTS Root R3"
> # Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US
> @@ -22453,6 +22118,8 @@ CKA_VALUE MULTILINE_OCTAL
> \161\314\362\260\115\326\376\231\310\224\251\165\242\343
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "GTS Root R4"
> # Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US
> @@ -22611,6 +22278,8 @@ CKA_VALUE MULTILINE_OCTAL
> \120\037\212\373\006\365\302\031\360\320
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "UCA Global G2 Root"
> # Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN
> @@ -22771,6 +22440,8 @@ CKA_VALUE MULTILINE_OCTAL
> \177\275\145\040\262\311\301\053\166\030\166\237\126\261
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "UCA Extended Validation Root"
> # Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN
> @@ -22950,6 +22621,8 @@ CKA_VALUE MULTILINE_OCTAL
> \045\124\377\242\332\117\212\141\071\136\256\075\112\214\275
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Certigna Root CA"
> # Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
> @@ -23087,6 +22760,8 @@ CKA_VALUE MULTILINE_OCTAL
> \210\336\272\314\037\200\176\112
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "emSign Root CA - G1"
> # Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
> @@ -23204,6 +22879,8 @@ CKA_VALUE MULTILINE_OCTAL
> \054\243
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "emSign ECC Root CA - G3"
> # Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
> @@ -23337,6 +23014,8 @@ CKA_VALUE MULTILINE_OCTAL
> \361\337\312\276\203\015\102
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "emSign Root CA - C1"
> # Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
> @@ -23448,6 +23127,8 @@ CKA_VALUE MULTILINE_OCTAL
> \276\201\007\125\060\120\040\024\365\127\070\012\250\061\121
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "emSign ECC Root CA - C3"
> # Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
> @@ -23623,6 +23304,8 @@ CKA_VALUE MULTILINE_OCTAL
> \232\233\364
> END
> CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
> +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
> +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
> 
> # Trust for "Hongkong Post Root CA 3"
> # Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
> diff --git a/lfs/ca-certificates b/lfs/ca-certificates
> index c190f6188..769f38217 100644
> --- a/lfs/ca-certificates
> +++ b/lfs/ca-certificates
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 20190730
> +VER        = 20191029
> 
> THISAPP    = ca-certificates
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> -- 
> 2.16.4

Patch

diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt
index 3466f6ee4..3a44db293 100644
--- a/config/ca-certificates/certdata.txt
+++ b/config/ca-certificates/certdata.txt
@@ -13,19 +13,21 @@ 
 #
 #    Certificates
 #
-#  -- Attribute --          -- type --              -- value --
-#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE
-#  CKA_TOKEN                CK_BBOOL                CK_TRUE
-#  CKA_PRIVATE              CK_BBOOL                CK_FALSE
-#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE
-#  CKA_LABEL                UTF8                    (varies)
-#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509
-#  CKA_SUBJECT              DER+base64              (varies)
-#  CKA_ID                   byte array              (varies)
-#  CKA_ISSUER               DER+base64              (varies)
-#  CKA_SERIAL_NUMBER        DER+base64              (varies)
-#  CKA_VALUE                DER+base64              (varies)
-#  CKA_NSS_EMAIL            ASCII7                  (unused here)
+#  -- Attribute --               -- type --          -- value --
+#  CKA_CLASS                     CK_OBJECT_CLASS     CKO_CERTIFICATE
+#  CKA_TOKEN                     CK_BBOOL            CK_TRUE
+#  CKA_PRIVATE                   CK_BBOOL            CK_FALSE
+#  CKA_MODIFIABLE                CK_BBOOL            CK_FALSE
+#  CKA_LABEL                     UTF8                (varies)
+#  CKA_CERTIFICATE_TYPE          CK_CERTIFICATE_TYPE CKC_X_509
+#  CKA_SUBJECT                   DER+base64          (varies)
+#  CKA_ID                        byte array          (varies)
+#  CKA_ISSUER                    DER+base64          (varies)
+#  CKA_SERIAL_NUMBER             DER+base64          (varies)
+#  CKA_VALUE                     DER+base64          (varies)
+#  CKA_NSS_EMAIL                 ASCII7              (unused here)
+#  CKA_NSS_SERVER_DISTRUST_AFTER DER+base64          (varies)
+#  CKA_NSS_EMAIL_DISTRUST_AFTER  DER+base64          (varies)
 #
 #    Trust
 #
@@ -164,6 +166,8 @@  CKA_VALUE MULTILINE_OCTAL
 \125\342\374\110\311\051\046\151\340
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GlobalSign Root CA"
 # Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
@@ -298,6 +302,8 @@  CKA_VALUE MULTILINE_OCTAL
 \152\374\176\102\070\100\144\022\367\236\201\341\223\056
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GlobalSign Root CA - R2"
 # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
@@ -454,6 +460,8 @@  CKA_VALUE MULTILINE_OCTAL
 \113\336\006\226\161\054\362\333\266\037\244\357\077\356
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
 # Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -619,6 +627,8 @@  CKA_VALUE MULTILINE_OCTAL
 \311\130\020\371\252\357\132\266\317\113\113\337\052
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
 # Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -784,6 +794,8 @@  CKA_VALUE MULTILINE_OCTAL
 \153\271\012\172\116\117\113\204\356\113\361\175\335\021
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
 # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -1059,6 +1071,8 @@  CKA_VALUE MULTILINE_OCTAL
 \174\136\232\166\351\131\220\305\174\203\065\021\145\121
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Entrust.net Premium 2048 Secure Server CA"
 # Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
@@ -1197,6 +1211,8 @@  CKA_VALUE MULTILINE_OCTAL
 \347\201\035\031\303\044\102\352\143\071\251
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Baltimore CyberTrust Root"
 # Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
@@ -1341,6 +1357,8 @@  CKA_VALUE MULTILINE_OCTAL
 \065\341\035\026\034\320\274\053\216\326\161\331
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "AddTrust Low-Value Services Root"
 # Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
@@ -1490,6 +1508,8 @@  CKA_VALUE MULTILINE_OCTAL
 \027\132\173\320\274\307\217\116\206\004
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "AddTrust External Root"
 # Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
@@ -1654,6 +1674,8 @@  CKA_VALUE MULTILINE_OCTAL
 \036\177\132\264\074
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Entrust Root Certification Authority"
 # Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
@@ -1788,6 +1810,8 @@  CKA_VALUE MULTILINE_OCTAL
 \302\005\146\200\241\313\346\063
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GeoTrust Global CA"
 # Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
@@ -1948,6 +1972,8 @@  CKA_VALUE MULTILINE_OCTAL
 \244\346\216\330\371\051\110\212\316\163\376\054
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GeoTrust Universal CA"
 # Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
@@ -2108,6 +2134,8 @@  CKA_VALUE MULTILINE_OCTAL
 \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GeoTrust Universal CA 2"
 # Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
@@ -2228,6 +2256,8 @@  CKA_VALUE MULTILINE_OCTAL
 \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Certum Root CA"
 # Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
@@ -2374,6 +2404,8 @@  CKA_VALUE MULTILINE_OCTAL
 \225\351\066\226\230\156
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Comodo AAA Services root"
 # Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -2552,6 +2584,8 @@  CKA_VALUE MULTILINE_OCTAL
 \112\164\066\371
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "QuoVadis Root CA"
 # Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
@@ -2721,6 +2755,8 @@  CKA_VALUE MULTILINE_OCTAL
 \020\005\145\325\202\020\352\302\061\315\056
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "QuoVadis Root CA 2"
 # Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
@@ -2901,6 +2937,8 @@  CKA_VALUE MULTILINE_OCTAL
 \332
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "QuoVadis Root CA 3"
 # Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
@@ -3030,6 +3068,8 @@  CKA_VALUE MULTILINE_OCTAL
 \057\317\246\356\311\160\042\024\275\375\276\154\013\003
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Security Communication Root CA"
 # Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
@@ -3153,6 +3193,8 @@  CKA_VALUE MULTILINE_OCTAL
 \160\254\337\114
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Sonera Class 2 Root CA"
 # Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
@@ -3188,177 +3230,6 @@  CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "UTN USERFirst Email Root CA"
-#
-# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
-# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Not Valid Before: Fri Jul 09 17:28:50 1999
-# Not Valid After : Tue Jul 09 17:36:58 2019
-# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
-# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
-\154
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
-\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
-\311\211
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104
-\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
-\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
-\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
-\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
-\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
-\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
-\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
-\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
-\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003
-\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055
-\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143
-\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060
-\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132
-\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060
-\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
-\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
-\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
-\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
-\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
-\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
-\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004
-\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164
-\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151
-\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154
-\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
-\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301
-\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230
-\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322
-\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275
-\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362
-\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240
-\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245
-\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147
-\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013
-\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346
-\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274
-\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327
-\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214
-\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323
-\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370
-\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054
-\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003
-\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023
-\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
-\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264
-\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037
-\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160
-\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164
-\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162
-\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056
-\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010
-\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007
-\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112
-\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356
-\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040
-\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126
-\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264
-\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327
-\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057
-\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320
-\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233
-\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003
-\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246
-\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254
-\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174
-\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044
-\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266
-\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303
-\005\323\312\003\112\124
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "UTN USERFirst Email Root CA"
-# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
-# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
-# Not Valid Before: Fri Jul 09 17:28:50 1999
-# Not Valid After : Tue Jul 09 17:36:58 2019
-# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
-# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152
-\104\143\166\212
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
-\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
-\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
-\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
-\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
-\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
-\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
-\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
-\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
-\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
-\154
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
-\311\211
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "Camerfirma Chambers of Commerce Root"
 #
@@ -3481,6 +3352,8 @@  CKA_VALUE MULTILINE_OCTAL
 \334
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Camerfirma Chambers of Commerce Root"
 # Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
@@ -3641,6 +3514,8 @@  CKA_VALUE MULTILINE_OCTAL
 \166\135\165\220\032\365\046\217\360
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Camerfirma Global Chambersign Root"
 # Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
@@ -3794,6 +3669,8 @@  CKA_VALUE MULTILINE_OCTAL
 \264\003\045\274
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "XRamp Global CA Root"
 # Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
@@ -3941,6 +3818,8 @@  CKA_VALUE MULTILINE_OCTAL
 \177\333\275\237
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Go Daddy Class 2 CA"
 # Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
@@ -4086,6 +3965,8 @@  CKA_VALUE MULTILINE_OCTAL
 \037\027\224
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Starfield Class 2 CA"
 # Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
@@ -4250,6 +4131,8 @@  CKA_VALUE MULTILINE_OCTAL
 \245\206\054\174\364\022
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Taiwan GRCA"
 # Issuer: O=Government Root Certification Authority,C=TW
@@ -4389,6 +4272,8 @@  CKA_VALUE MULTILINE_OCTAL
 \346\120\262\247\372\012\105\057\242\360\362
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "DigiCert Assured ID Root CA"
 # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -4530,6 +4415,8 @@  CKA_VALUE MULTILINE_OCTAL
 \225\155\336
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "DigiCert Global Root CA"
 # Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -4672,6 +4559,8 @@  CKA_VALUE MULTILINE_OCTAL
 \370\351\056\023\243\167\350\037\112
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "DigiCert High Assurance EV Root CA"
 # Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -4711,136 +4600,6 @@  CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "Certplus Class 2 Primary CA"
-#
-# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
-# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Not Valid Before: Wed Jul 07 17:05:00 1999
-# Not Valid After : Sat Jul 06 23:59:59 2019
-# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
-# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
-\245\104\043
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000
-\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021
-\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165
-\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163
-\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036
-\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027
-\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075
-\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060
-\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163
-\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163
-\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001
-\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
-\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120
-\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317
-\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103
-\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221
-\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154
-\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063
-\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213
-\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171
-\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337
-\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235
-\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140
-\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276
-\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254
-\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162
-\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311
-\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064
-\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003
-\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023
-\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035
-\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026
-\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171
-\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370
-\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037
-\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160
-\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056
-\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143
-\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177
-\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104
-\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333
-\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174
-\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076
-\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233
-\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021
-\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006
-\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100
-\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000
-\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157
-\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330
-\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201
-\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366
-\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056
-\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273
-\227\277\242\216\264\124
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Certplus Class 2 Primary CA"
-# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
-# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
-# Not Valid Before: Wed Jul 07 17:05:00 1999
-# Not Valid After : Sat Jul 06 23:59:59 2019
-# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
-# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302
-\201\222\342\273
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
-\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
-\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
-\245\104\043
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "DST Root CA X3"
 #
@@ -4932,6 +4691,8 @@  CKA_VALUE MULTILINE_OCTAL
 \013\004\216\007\333\051\266\012\356\235\202\065\065\020
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "DST Root CA X3"
 # Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
@@ -5099,6 +4860,8 @@  CKA_VALUE MULTILINE_OCTAL
 \205\206\171\145\322
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "SwissSign Platinum CA - G2"
 # Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
@@ -5264,6 +5027,8 @@  CKA_VALUE MULTILINE_OCTAL
 \111\044\133\311\260\320\127\301\372\076\172\341\227\311
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "SwissSign Gold CA - G2"
 # Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
@@ -5430,6 +5195,8 @@  CKA_VALUE MULTILINE_OCTAL
 \156
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "SwissSign Silver CA - G2"
 # Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
@@ -5562,6 +5329,8 @@  CKA_VALUE MULTILINE_OCTAL
 \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GeoTrust Primary Certification Authority"
 # Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
@@ -5717,6 +5486,8 @@  CKA_VALUE MULTILINE_OCTAL
 \215\126\214\150
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "thawte Primary Root CA"
 # Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
@@ -5892,6 +5663,8 @@  CKA_VALUE MULTILINE_OCTAL
 \254\021\326\250\355\143\152
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
 # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -6035,6 +5808,8 @@  CKA_VALUE MULTILINE_OCTAL
 \113\035\236\054\302\270\150\274\355\002\356\061
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "SecureTrust CA"
 # Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
@@ -6170,6 +5945,8 @@  CKA_VALUE MULTILINE_OCTAL
 \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Secure Global CA"
 # Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
@@ -6320,6 +6097,8 @@  CKA_VALUE MULTILINE_OCTAL
 \145
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "COMODO Certification Authority"
 # Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -6466,6 +6245,8 @@  CKA_VALUE MULTILINE_OCTAL
 \244\140\114\260\125\240\240\173\127\262
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Network Solutions Certificate Authority"
 # Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
@@ -6592,6 +6373,8 @@  CKA_VALUE MULTILINE_OCTAL
 \334\335\363\377\035\054\072\026\127\331\222\071\326
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "COMODO ECC Certification Authority"
 # Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -6743,6 +6526,8 @@  CKA_VALUE MULTILINE_OCTAL
 \374\276\337\012\015
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "OISTE WISeKey Global Root GA CA"
 # Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
@@ -6878,6 +6663,8 @@  CKA_VALUE MULTILINE_OCTAL
 \300\226\130\057\352\273\106\327\273\344\331\056
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Certigna"
 # Issuer: CN=Certigna,O=Dhimyotis,C=FR
@@ -6913,147 +6700,6 @@  CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "Deutsche Telekom Root CA 2"
-#
-# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Serial Number: 38 (0x26)
-# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Not Valid Before: Fri Jul 09 12:11:00 1999
-# Not Valid After : Tue Jul 09 23:59:00 2019
-# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
-# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
-\101\040\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
-\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\046
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034
-\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035
-\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143
-\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060
-\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145
-\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101
-\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061
-\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060
-\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104
-\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164
-\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061
-\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145
-\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162
-\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163
-\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164
-\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110
-\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
-\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024
-\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225
-\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245
-\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102
-\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053
-\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320
-\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053
-\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110
-\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006
-\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122
-\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062
-\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206
-\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034
-\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310
-\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322
-\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007
-\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060
-\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365
-\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017
-\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060
-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
-\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303
-\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211
-\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051
-\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037
-\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330
-\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132
-\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240
-\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236
-\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345
-\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020
-\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124
-\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376
-\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257
-\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143
-\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224
-\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005
-\126\144\127
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "Deutsche Telekom Root CA 2"
-# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Serial Number: 38 (0x26)
-# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
-# Not Valid Before: Fri Jul 09 12:11:00 1999
-# Not Valid After : Tue Jul 09 23:59:00 2019
-# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
-# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375
-\214\336\067\277
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
-\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
-\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
-\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
-\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
-\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
-\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
-\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\046
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "Cybertrust Global Root"
 #
@@ -7148,6 +6794,8 @@  CKA_VALUE MULTILINE_OCTAL
 \246\210\070\316\125
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Cybertrust Global Root"
 # Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc"
@@ -7315,6 +6963,8 @@  CKA_VALUE MULTILINE_OCTAL
 \201\370\021\234
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "ePKI Root Certification Authority"
 # Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
@@ -7440,6 +7090,8 @@  CKA_VALUE MULTILINE_OCTAL
 \366\356\260\132\116\111\104\124\130\137\102\203
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "certSIGN ROOT CA"
 # Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
@@ -7588,6 +7240,8 @@  CKA_VALUE MULTILINE_OCTAL
 \021\055
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GeoTrust Primary Certification Authority - G3"
 # Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
@@ -7717,6 +7371,8 @@  CKA_VALUE MULTILINE_OCTAL
 \367\130\077\056\162\002\127\243\217\241\024\056
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "thawte Primary Root CA - G2"
 # Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
@@ -7877,6 +7533,8 @@  CKA_VALUE MULTILINE_OCTAL
 \061\324\100\032\142\064\066\077\065\001\256\254\143\240
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "thawte Primary Root CA - G3"
 # Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
@@ -8013,6 +7671,8 @@  CKA_VALUE MULTILINE_OCTAL
 \017\212
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GeoTrust Primary Certification Authority - G2"
 # Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
@@ -8183,6 +7843,8 @@  CKA_VALUE MULTILINE_OCTAL
 \354\315\202\141\361\070\346\117\227\230\052\132\215
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "VeriSign Universal Root Certification Authority"
 # Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -8338,6 +8000,8 @@  CKA_VALUE MULTILINE_OCTAL
 \055\247\330\206\052\335\056\020
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
 # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
@@ -8498,6 +8162,8 @@  CKA_VALUE MULTILINE_OCTAL
 \330\316\304\143\165\077\131\107\261
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány"
 # Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
@@ -8672,6 +8338,8 @@  CKA_VALUE MULTILINE_OCTAL
 \370\161\012\334\271\374\175\062\140\346\353\257\212\001
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Staat der Nederlanden Root CA - G2"
 # Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
@@ -8798,6 +8466,8 @@  CKA_VALUE MULTILINE_OCTAL
 \002\153\331\132
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Hongkong Post Root CA 1"
 # Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
@@ -8929,6 +8599,8 @@  CKA_VALUE MULTILINE_OCTAL
 \362
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "SecureSign RootCA11"
 # Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
@@ -9076,6 +8748,8 @@  CKA_VALUE MULTILINE_OCTAL
 \202\042\055\172\124\253\160\303\175\042\145\202\160\226
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Microsec e-Szigno Root CA 2009"
 # Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
@@ -9208,6 +8882,8 @@  CKA_VALUE MULTILINE_OCTAL
 \130\077\137
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "GlobalSign Root CA - R3"
 # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
@@ -9381,6 +9057,8 @@  CKA_VALUE MULTILINE_OCTAL
 \156\117\022\176\012\074\235\225
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
 # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
@@ -9550,6 +9228,8 @@  CKA_VALUE MULTILINE_OCTAL
 \333\374\046\210\307
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Izenpe.com"
 # Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
@@ -9755,6 +9435,8 @@  CKA_VALUE MULTILINE_OCTAL
 \167\110\320
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Chambers of Commerce Root - 2008"
 # Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
@@ -9964,6 +9646,8 @@  CKA_VALUE MULTILINE_OCTAL
 \351\233\256\325\124\300\164\200\321\013\102\237\301
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Global Chambersign Root - 2008"
 # Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
@@ -10112,6 +9796,8 @@  CKA_VALUE MULTILINE_OCTAL
 \342\342\104\276\134\367\352\034\365
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Go Daddy Root Certificate Authority - G2"
 # Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -10262,6 +9948,8 @@  CKA_VALUE MULTILINE_OCTAL
 \364
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Starfield Root Certificate Authority - G2"
 # Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -10414,6 +10102,8 @@  CKA_VALUE MULTILINE_OCTAL
 \261\050\272
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Starfield Services Root Certificate Authority - G2"
 # Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
@@ -10545,6 +10235,8 @@  CKA_VALUE MULTILINE_OCTAL
 \007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "AffirmTrust Commercial"
 # Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
@@ -10671,6 +10363,8 @@  CKA_VALUE MULTILINE_OCTAL
 \355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "AffirmTrust Networking"
 # Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US
@@ -10829,6 +10523,8 @@  CKA_VALUE MULTILINE_OCTAL
 \051\340\266\270\011\150\031\034\030\103
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "AffirmTrust Premium"
 # Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US
@@ -10935,6 +10631,8 @@  CKA_VALUE MULTILINE_OCTAL
 \214\171
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "AffirmTrust Premium ECC"
 # Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
@@ -11074,6 +10772,8 @@  CKA_VALUE MULTILINE_OCTAL
 \326\267\064\365\176\316\071\232\331\070\361\121\367\117\054
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Certum Trusted Network CA"
 # Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
@@ -11210,6 +10910,8 @@  CKA_VALUE MULTILINE_OCTAL
 \274\060\376\173\016\063\220\373\355\322\024\221\037\007\257
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "TWCA Root Certification Authority"
 # Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
@@ -11693,6 +11395,8 @@  CKA_VALUE MULTILINE_OCTAL
 \201\050\174\247\175\047\353\000\256\215\067
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Security Communication RootCA2"
 # Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
@@ -11876,6 +11580,8 @@  CKA_VALUE MULTILINE_OCTAL
 \371\210\075\176\270\157\156\003\344\102
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "EC-ACC"
 # Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
@@ -12039,6 +11745,8 @@  CKA_VALUE MULTILINE_OCTAL
 \113\321\047\327\270
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011"
 # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
@@ -12275,6 +11983,8 @@  CKA_VALUE MULTILINE_OCTAL
 \216\362\024\212\314\351\265\174\373\154\235\014\245\341\226
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Actalis Authentication Root CA"
 # Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
@@ -12406,6 +12116,8 @@  CKA_VALUE MULTILINE_OCTAL
 \145\353\127\331\363\127\226\273\110\315\201
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Trustis FPS Root CA"
 # Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
@@ -12566,6 +12278,8 @@  CKA_VALUE MULTILINE_OCTAL
 \327\201\011\361\311\307\046\015\254\230\026\126\240
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Buypass Class 2 Root CA"
 # Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
@@ -12725,6 +12439,8 @@  CKA_VALUE MULTILINE_OCTAL
 \061\356\006\274\163\277\023\142\012\237\307\271\227
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Buypass Class 3 Root CA"
 # Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
@@ -12867,6 +12583,8 @@  CKA_VALUE MULTILINE_OCTAL
 \116\223\303\244\124\024\133
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "T-TeleSec GlobalRoot Class 3"
 # Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
@@ -13016,6 +12734,8 @@  CKA_VALUE MULTILINE_OCTAL
 \307\314\165\301\226\305\235
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "EE Certification Centre Root CA"
 # Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
@@ -13229,6 +12949,8 @@  CKA_VALUE MULTILINE_OCTAL
 \164\145\327\134\376\243\342
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "D-TRUST Root Class 3 CA 2 2009"
 # Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
@@ -13373,6 +13095,8 @@  CKA_VALUE MULTILINE_OCTAL
 \352\237\026\361\054\124\265
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "D-TRUST Root Class 3 CA 2 EV 2009"
 # Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
@@ -13410,181 +13134,6 @@  CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "Swisscom Root CA 2"
-#
-# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
-# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Not Valid Before: Fri Jun 24 08:38:14 2011
-# Not Valid After : Wed Jun 25 07:38:14 2031
-# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
-# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Swisscom Root CA 2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
-\164\040\103\101\040\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
-\164\040\103\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
-\147\266
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036
-\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144
-\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060
-\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155
-\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164
-\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123
-\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003
-\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040
-\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070
-\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063
-\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023
-\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167
-\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023
-\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151
-\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060
-\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155
-\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
-\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235
-\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053
-\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100
-\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030
-\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253
-\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312
-\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226
-\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137
-\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225
-\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333
-\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117
-\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370
-\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052
-\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205
-\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001
-\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266
-\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300
-\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140
-\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377
-\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113
-\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071
-\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156
-\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364
-\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062
-\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216
-\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013
-\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026
-\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215
-\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141
-\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337
-\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374
-\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020
-\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001
-\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060
-\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205
-\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004
-\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016
-\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157
-\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004
-\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241
-\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110
-\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262
-\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021
-\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023
-\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312
-\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357
-\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175
-\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036
-\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110
-\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303
-\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013
-\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161
-\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164
-\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272
-\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357
-\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257
-\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131
-\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023
-\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042
-\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273
-\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147
-\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230
-\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125
-\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126
-\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005
-\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320
-\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215
-\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114
-\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164
-\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166
-\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335
-\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224
-\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071
-\301\053\022\236\246\236\033\305\346\016\331\061\331
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "Swisscom Root CA 2"
-# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
-# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
-# Not Valid Before: Fri Jun 24 08:38:14 2011
-# Not Valid After : Wed Jun 25 07:38:14 2031
-# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
-# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Swisscom Root CA 2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225
-\112\212\101\354
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
-\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
-\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
-\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
-\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
-\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
-\164\040\103\101\040\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
-\147\266
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 #
 # Certificate "CA Disig Root R2"
 #
@@ -13711,6 +13260,8 @@  CKA_VALUE MULTILINE_OCTAL
 \363\154\033\165\106\243\345\112\027\351\244\327\013
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "CA Disig Root R2"
 # Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
@@ -13911,6 +13462,8 @@  CKA_VALUE MULTILINE_OCTAL
 \125\064\106\052\213\206\073
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "ACCVRAIZ1"
 # Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
@@ -14071,6 +13624,8 @@  CKA_VALUE MULTILINE_OCTAL
 \053\006\320\004\315
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "TWCA Global Root CA"
 # Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
@@ -14228,6 +13783,8 @@  CKA_VALUE MULTILINE_OCTAL
 \245\240\314\277\323\366\165\244\165\226\155\126
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "TeliaSonera Root CA v1"
 # Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
@@ -14416,6 +13973,8 @@  CKA_VALUE MULTILINE_OCTAL
 \243\253\157\134\035\266\176\350\263\202\064\355\006\134\044
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "E-Tugra Certification Authority"
 # Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
@@ -14565,6 +14124,8 @@  CKA_VALUE MULTILINE_OCTAL
 \005\047\216\023\241\156\302
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "T-TeleSec GlobalRoot Class 2"
 # Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
@@ -14696,6 +14257,8 @@  CKA_VALUE MULTILINE_OCTAL
 \035\362\376\011\021\260\360\207\173\247\235
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Atos TrustedRoot 2011"
 # Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
@@ -14856,6 +14419,8 @@  CKA_VALUE MULTILINE_OCTAL
 \063\140\345\303
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "QuoVadis Root CA 1 G3"
 # Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
@@ -15018,6 +14583,8 @@  CKA_VALUE MULTILINE_OCTAL
 \203\336\177\214
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "QuoVadis Root CA 2 G3"
 # Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
@@ -15180,6 +14747,8 @@  CKA_VALUE MULTILINE_OCTAL
 \130\371\230\364
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "QuoVadis Root CA 3 G3"
 # Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
@@ -15317,6 +14886,8 @@  CKA_VALUE MULTILINE_OCTAL
 \042\023\163\154\317\046\365\212\051\347
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "DigiCert Assured ID Root G2"
 # Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15435,6 +15006,8 @@  CKA_VALUE MULTILINE_OCTAL
 \352\226\143\152\145\105\222\225\001\264
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "DigiCert Assured ID Root G3"
 # Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15574,6 +15147,8 @@  CKA_VALUE MULTILINE_OCTAL
 \062\266
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "DigiCert Global Root G2"
 # Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15692,6 +15267,8 @@  CKA_VALUE MULTILINE_OCTAL
 \263\047\027
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "DigiCert Global Root G3"
 # Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -15863,6 +15440,8 @@  CKA_VALUE MULTILINE_OCTAL
 \317\363\146\176
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "DigiCert Trusted Root G4"
 # Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
@@ -16042,6 +15621,8 @@  CKA_VALUE MULTILINE_OCTAL
 \065\123\205\006\112\135\237\255\273\033\137\164
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "COMODO RSA Certification Authority"
 # Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
@@ -16224,6 +15805,8 @@  CKA_VALUE MULTILINE_OCTAL
 \250\375
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "USERTrust RSA Certification Authority"
 # Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
@@ -16353,6 +15936,8 @@  CKA_VALUE MULTILINE_OCTAL
 \127\152\030
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "USERTrust ECC Certification Authority"
 # Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
@@ -16465,6 +16050,8 @@  CKA_VALUE MULTILINE_OCTAL
 \173\013\370\237\204
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GlobalSign ECC Root CA - R4"
 # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
@@ -16578,6 +16165,8 @@  CKA_VALUE MULTILINE_OCTAL
 \220\067
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GlobalSign ECC Root CA - R5"
 # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
@@ -16743,6 +16332,8 @@  CKA_VALUE MULTILINE_OCTAL
 \367\200\173\041\147\047\060\131
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Staat der Nederlanden Root CA - G3"
 # Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
@@ -16907,6 +16498,8 @@  CKA_VALUE MULTILINE_OCTAL
 \356\354\327\056
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Staat der Nederlanden EV Root CA"
 # Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
@@ -17069,6 +16662,8 @@  CKA_VALUE MULTILINE_OCTAL
 \272\204\156\207
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "IdenTrust Commercial Root CA 1"
 # Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
@@ -17231,6 +16826,8 @@  CKA_VALUE MULTILINE_OCTAL
 \267\254\266\255\267\312\076\001\357\234
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "IdenTrust Public Sector Root CA 1"
 # Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
@@ -17390,6 +16987,8 @@  CKA_VALUE MULTILINE_OCTAL
 \105\366
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Entrust Root Certification Authority - G2"
 # Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
@@ -17535,6 +17134,8 @@  CKA_VALUE MULTILINE_OCTAL
 \231\267\046\101\133\045\140\256\320\110\032\356\006
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Entrust Root Certification Authority - EC1"
 # Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
@@ -17708,6 +17309,8 @@  CKA_VALUE MULTILINE_OCTAL
 \056
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "CFCA EV ROOT"
 # Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
@@ -17847,6 +17450,8 @@  CKA_VALUE MULTILINE_OCTAL
 \065\255\201\307\116\161\272\210\023
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "OISTE WISeKey Global Root GB CA"
 # Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
@@ -17982,6 +17587,8 @@  CKA_VALUE MULTILINE_OCTAL
 \326\040\036\343\163\267
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "SZAFIR ROOT CA2"
 # Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
@@ -18160,6 +17767,8 @@  CKA_VALUE MULTILINE_OCTAL
 \016\265\271\276\044\217
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Certum Trusted Network CA 2"
 # Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
@@ -18347,6 +17956,8 @@  CKA_VALUE MULTILINE_OCTAL
 \276\157\152\247\365\054\102\355\062\255\266\041\236\276\274
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Hellenic Academic and Research Institutions RootCA 2015"
 # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
@@ -18483,6 +18094,8 @@  CKA_VALUE MULTILINE_OCTAL
 \342\174\352\002\130\042\221
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015"
 # Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
@@ -18652,6 +18265,8 @@  CKA_VALUE MULTILINE_OCTAL
 \376\216\036\127\242\315\100\235\176\142\042\332\336\030\047
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "ISRG Root X1"
 # Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
@@ -18815,6 +18430,8 @@  CKA_VALUE MULTILINE_OCTAL
 \072\117\110\366\213\266\263
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "AC RAIZ FNMT-RCM"
 # Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
@@ -18940,6 +18557,8 @@  CKA_VALUE MULTILINE_OCTAL
 \304\220\276\361\271
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Amazon Root CA 1"
 # Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
@@ -19097,6 +18716,8 @@  CKA_VALUE MULTILINE_OCTAL
 \340\373\011\140\154
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Amazon Root CA 2"
 # Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
@@ -19197,6 +18818,8 @@  CKA_VALUE MULTILINE_OCTAL
 \143\044\110\034\337\060\175\325\150\073
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Amazon Root CA 3"
 # Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
@@ -19301,6 +18924,8 @@  CKA_VALUE MULTILINE_OCTAL
 \012\166\324\245\274\020
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Amazon Root CA 4"
 # Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
@@ -19468,6 +19093,8 @@  CKA_VALUE MULTILINE_OCTAL
 \045\307\043\200\203\012\353
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "LuxTrust Global Root 2"
 # Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
@@ -19617,6 +19244,8 @@  CKA_VALUE MULTILINE_OCTAL
 \322\063\340\377\275\321\124\071\051\017
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
 # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
@@ -19771,6 +19400,8 @@  CKA_VALUE MULTILINE_OCTAL
 \157\374\132\344\202\125\131\257\061\251
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
 # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
@@ -19904,6 +19535,8 @@  CKA_VALUE MULTILINE_OCTAL
 \362\014\105\111\071\277\231\004\034\323\020\240
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
 # Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
@@ -20037,6 +19670,8 @@  CKA_VALUE MULTILINE_OCTAL
 \051\246\330\107\331\240\226\030\333\362\105\263
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
 # Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
@@ -20182,6 +19817,8 @@  CKA_VALUE MULTILINE_OCTAL
 \137\134
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "D-TRUST Root CA 3 2013"
 # Issuer: CN=D-TRUST Root CA 3 2013,O=D-Trust GmbH,C=DE
@@ -20344,6 +19981,8 @@  CKA_VALUE MULTILINE_OCTAL
 \237\042\136\242\017\241\343
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
 # Issuer: CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1,OU=Kamu Sertifikasyon Merkezi - Kamu SM,O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK,L=Gebze - Kocaeli,C=TR
@@ -20519,6 +20158,8 @@  CKA_VALUE MULTILINE_OCTAL
 \250\267\101\154\007\335\275\074\206\227\057\322
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GDCA TrustAUTH R5 ROOT"
 # Issuer: CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
@@ -20674,6 +20315,8 @@  CKA_VALUE MULTILINE_OCTAL
 \132\171\054\031
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "TrustCor RootCert CA-1"
 # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
@@ -20865,6 +20508,8 @@  CKA_VALUE MULTILINE_OCTAL
 \326\354\011
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "TrustCor RootCert CA-2"
 # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
@@ -21021,6 +20666,8 @@  CKA_VALUE MULTILINE_OCTAL
 \264\237\327\346
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "TrustCor ECA-1"
 # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA
@@ -21200,6 +20847,8 @@  CKA_VALUE MULTILINE_OCTAL
 \271
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "SSL.com Root Certification Authority RSA"
 # Issuer: CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21324,6 +20973,8 @@  CKA_VALUE MULTILINE_OCTAL
 \145
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "SSL.com Root Certification Authority ECC"
 # Issuer: CN=SSL.com Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21503,6 +21154,8 @@  CKA_VALUE MULTILINE_OCTAL
 \040\022\215\264\254\127\261\105\143\241\254\166\251\302\373
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "SSL.com EV Root Certification Authority RSA R2"
 # Issuer: CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21630,6 +21283,8 @@  CKA_VALUE MULTILINE_OCTAL
 \371\007\340\142\232\214\134\112
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "SSL.com EV Root Certification Authority ECC"
 # Issuer: CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US
@@ -21796,6 +21451,8 @@  CKA_VALUE MULTILINE_OCTAL
 \147\203\005\132\311\244\020
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GlobalSign Root CA - R6"
 # Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R6
@@ -21913,6 +21570,8 @@  CKA_VALUE MULTILINE_OCTAL
 \242\355\357\173\260\200\117\130\017\113\123\071\275
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "OISTE WISeKey Global Root GC CA"
 # Issuer: CN=OISTE WISeKey Global Root GC CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
@@ -22076,6 +21735,8 @@  CKA_VALUE MULTILINE_OCTAL
 \361\306\143\107\125\034\272\245\010\121\165\246\110\045
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GTS Root R1"
 # Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
@@ -22237,6 +21898,8 @@  CKA_VALUE MULTILINE_OCTAL
 \267\375\054\010\122\117\202\335\243\360\324\206\011\002
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GTS Root R2"
 # Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US
@@ -22345,6 +22008,8 @@  CKA_VALUE MULTILINE_OCTAL
 \232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GTS Root R3"
 # Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US
@@ -22453,6 +22118,8 @@  CKA_VALUE MULTILINE_OCTAL
 \161\314\362\260\115\326\376\231\310\224\251\165\242\343
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "GTS Root R4"
 # Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US
@@ -22611,6 +22278,8 @@  CKA_VALUE MULTILINE_OCTAL
 \120\037\212\373\006\365\302\031\360\320
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "UCA Global G2 Root"
 # Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN
@@ -22771,6 +22440,8 @@  CKA_VALUE MULTILINE_OCTAL
 \177\275\145\040\262\311\301\053\166\030\166\237\126\261
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "UCA Extended Validation Root"
 # Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN
@@ -22950,6 +22621,8 @@  CKA_VALUE MULTILINE_OCTAL
 \045\124\377\242\332\117\212\141\071\136\256\075\112\214\275
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Certigna Root CA"
 # Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
@@ -23087,6 +22760,8 @@  CKA_VALUE MULTILINE_OCTAL
 \210\336\272\314\037\200\176\112
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "emSign Root CA - G1"
 # Issuer: CN=emSign Root CA - G1,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
@@ -23204,6 +22879,8 @@  CKA_VALUE MULTILINE_OCTAL
 \054\243
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "emSign ECC Root CA - G3"
 # Issuer: CN=emSign ECC Root CA - G3,O=eMudhra Technologies Limited,OU=emSign PKI,C=IN
@@ -23337,6 +23014,8 @@  CKA_VALUE MULTILINE_OCTAL
 \361\337\312\276\203\015\102
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "emSign Root CA - C1"
 # Issuer: CN=emSign Root CA - C1,O=eMudhra Inc,OU=emSign PKI,C=US
@@ -23448,6 +23127,8 @@  CKA_VALUE MULTILINE_OCTAL
 \276\201\007\125\060\120\040\024\365\127\070\012\250\061\121
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "emSign ECC Root CA - C3"
 # Issuer: CN=emSign ECC Root CA - C3,O=eMudhra Inc,OU=emSign PKI,C=US
@@ -23623,6 +23304,8 @@  CKA_VALUE MULTILINE_OCTAL
 \232\233\364
 END
 CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
 
 # Trust for "Hongkong Post Root CA 3"
 # Issuer: CN=Hongkong Post Root CA 3,O=Hongkong Post,L=Hong Kong,ST=Hong Kong,C=HK
diff --git a/lfs/ca-certificates b/lfs/ca-certificates
index c190f6188..769f38217 100644
--- a/lfs/ca-certificates
+++ b/lfs/ca-certificates
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 20190730
+VER        = 20191029
 
 THISAPP    = ca-certificates
 DIR_APP    = $(DIR_SRC)/$(THISAPP)