The "canonical", up-to-date Cert Authority bundle currently provides many root certificates. We grab the Mozilla 'certdata.txt', use the 'certdata2pem.py' script from Red Hat to split that into PEM files, and remove anything that is untrusted (i.e. with anything in the distrust= field), or doesn't explicitly list serverAuth in the openssl-trust field. The result lines up with the linked curl bundle above.

Build Instructions

Run make refresh-certs to download new certs, clean out those we do not want, and format them for this repo
Run make prepare to create the cert bundle and keystore that will be installed in puppet-runtime builds

Install Instructions

Run make install to copy the already prepared PEM and JKS cert bundles and set permissions on the installed files.
On FIPS hosts, run make install-fips instead.

Release

Tag the puppet-ca-bundle project with the next version number
Update the configs/components/puppet-ca-bundle.json file in puppet-runtime with the new version
An automatic tagging job will tag puppet-runtime and kickoff build pipelines

Contributors 14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Puppet is now shipping a CA cert bundle!

Build Instructions

Install Instructions

Release

About

Releases

Packages

Contributors 14

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 63 Commits
ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.crt		ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.crt
AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt		AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt
AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS:2.16.98.246.50.108.229.196.227.104.92.27.98.221.156.46.157.149.crt		AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS:2.16.98.246.50.108.229.196.227.104.92.27.98.221.156.46.157.149.crt
ANF_Secure_Server_Root_CA:2.8.13.211.227.188.108.249.107.177.crt		ANF_Secure_Server_Root_CA:2.8.13.211.227.188.108.249.107.177.crt
Actalis_Authentication_Root_CA:2.8.87.10.17.151.66.196.227.204.crt		Actalis_Authentication_Root_CA:2.8.87.10.17.151.66.196.227.204.crt
AffirmTrust_Commercial:2.8.119.119.6.39.38.169.177.124.crt		AffirmTrust_Commercial:2.8.119.119.6.39.38.169.177.124.crt
AffirmTrust_Networking:2.8.124.79.4.57.28.212.153.45.crt		AffirmTrust_Networking:2.8.124.79.4.57.28.212.153.45.crt
AffirmTrust_Premium:2.8.109.140.20.70.177.166.10.238.crt		AffirmTrust_Premium:2.8.109.140.20.70.177.166.10.238.crt
AffirmTrust_Premium_ECC:2.8.116.151.37.138.199.63.122.84.crt		AffirmTrust_Premium_ECC:2.8.116.151.37.138.199.63.122.84.crt
Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt		Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt
Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt		Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt
Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt		Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt
Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt		Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt
Atos_TrustedRoot_2011:2.8.92.51.203.98.44.95.179.50.crt		Atos_TrustedRoot_2011:2.8.92.51.203.98.44.95.179.50.crt
Atos_TrustedRoot_Root_CA_ECC_TLS_2021:2.16.61.152.59.166.102.61.144.99.247.126.38.87.56.4.239.0.crt		Atos_TrustedRoot_Root_CA_ECC_TLS_2021:2.16.61.152.59.166.102.61.144.99.247.126.38.87.56.4.239.0.crt
Atos_TrustedRoot_Root_CA_RSA_TLS_2021:2.16.83.213.207.230.25.147.11.251.43.5.18.216.194.42.162.164.crt		Atos_TrustedRoot_Root_CA_RSA_TLS_2021:2.16.83.213.207.230.25.147.11.251.43.5.18.216.194.42.162.164.crt
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068:2.8.27.112.233.210.255.174.108.113.crt		Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068:2.8.27.112.233.210.255.174.108.113.crt
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068:2.8.83.236.59.238.251.178.72.95.crt		Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068:2.8.83.236.59.238.251.178.72.95.crt
BJCA_Global_Root_CA1:2.16.85.111.101.227.180.217.144.106.27.9.209.108.62.192.108.32.crt		BJCA_Global_Root_CA1:2.16.85.111.101.227.180.217.144.106.27.9.209.108.62.192.108.32.crt
BJCA_Global_Root_CA2:2.16.44.23.8.125.100.42.192.254.133.24.89.6.207.180.74.235.crt		BJCA_Global_Root_CA2:2.16.44.23.8.125.100.42.192.254.133.24.89.6.207.180.74.235.crt
Baltimore_CyberTrust_Root:2.4.2.0.0.185.crt		Baltimore_CyberTrust_Root:2.4.2.0.0.185.crt
Buypass_Class_2_Root_CA:2.1.2.crt		Buypass_Class_2_Root_CA:2.1.2.crt
Buypass_Class_3_Root_CA:2.1.2.crt		Buypass_Class_3_Root_CA:2.1.2.crt
CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt		CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
CFCA_EV_ROOT:2.4.24.74.204.214.crt		CFCA_EV_ROOT:2.4.24.74.204.214.crt
CODEOWNERS		CODEOWNERS
COMODO_Certification_Authority:2.16.78.129.45.138.130.101.224.11.2.238.62.53.2.70.229.61.crt		COMODO_Certification_Authority:2.16.78.129.45.138.130.101.224.11.2.238.62.53.2.70.229.61.crt
COMODO_ECC_Certification_Authority:2.16.31.71.175.170.98.0.112.80.84.76.1.158.155.99.153.42.crt		COMODO_ECC_Certification_Authority:2.16.31.71.175.170.98.0.112.80.84.76.1.158.155.99.153.42.crt
COMODO_RSA_Certification_Authority:2.16.76.170.249.202.219.99.111.224.31.247.78.216.91.3.134.157.crt		COMODO_RSA_Certification_Authority:2.16.76.170.249.202.219.99.111.224.31.247.78.216.91.3.134.157.crt
Certainly_Root_E1:2.16.6.37.51.177.71.3.51.39.92.249.141.154.185.191.204.248.crt		Certainly_Root_E1:2.16.6.37.51.177.71.3.51.39.92.249.141.154.185.191.204.248.crt
Certainly_Root_R1:2.17.0.142.15.249.75.144.113.104.101.51.84.244.212.68.57.183.224.crt		Certainly_Root_R1:2.17.0.142.15.249.75.144.113.104.101.51.84.244.212.68.57.183.224.crt
Certigna:2.9.0.254.220.227.1.15.201.72.255.crt		Certigna:2.9.0.254.220.227.1.15.201.72.255.crt
Certigna_Root_CA:2.17.0.202.233.27.137.241.85.3.13.163.230.65.109.196.227.166.225.crt		Certigna_Root_CA:2.17.0.202.233.27.137.241.85.3.13.163.230.65.109.196.227.166.225.crt
Certum_EC-384_CA:2.16.120.143.39.92.129.18.82.32.165.4.208.45.221.186.115.244.crt		Certum_EC-384_CA:2.16.120.143.39.92.129.18.82.32.165.4.208.45.221.186.115.244.crt
Certum_Trusted_Network_CA:2.3.4.68.192.crt		Certum_Trusted_Network_CA:2.3.4.68.192.crt
Certum_Trusted_Network_CA_2:2.16.33.214.208.74.79.37.15.201.50.55.252.170.94.18.141.233.crt		Certum_Trusted_Network_CA_2:2.16.33.214.208.74.79.37.15.201.50.55.252.170.94.18.141.233.crt
Certum_Trusted_Root_CA:2.16.30.191.89.80.184.201.128.55.76.6.247.235.85.79.181.237.crt		Certum_Trusted_Root_CA:2.16.30.191.89.80.184.201.128.55.76.6.247.235.85.79.181.237.crt
Comodo_AAA_Services_root:2.1.1.crt		Comodo_AAA_Services_root:2.1.1.crt
D-TRUST_BR_Root_CA_1_2020:2.16.124.201.143.43.132.215.223.234.15.201.101.154.211.75.77.150.crt		D-TRUST_BR_Root_CA_1_2020:2.16.124.201.143.43.132.215.223.234.15.201.101.154.211.75.77.150.crt
D-TRUST_EV_Root_CA_1_2020:2.16.95.2.65.215.122.135.124.76.3.163.172.150.141.251.255.208.crt		D-TRUST_EV_Root_CA_1_2020:2.16.95.2.65.215.122.135.124.76.3.163.172.150.141.251.255.208.crt
D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt		D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt		D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt
DigiCert_Assured_ID_Root_CA:2.16.12.231.224.229.23.216.70.254.143.229.96.252.27.240.48.57.crt		DigiCert_Assured_ID_Root_CA:2.16.12.231.224.229.23.216.70.254.143.229.96.252.27.240.48.57.crt
DigiCert_Assured_ID_Root_G2:2.16.11.147.28.58.214.57.103.234.103.35.191.195.175.154.244.75.crt		DigiCert_Assured_ID_Root_G2:2.16.11.147.28.58.214.57.103.234.103.35.191.195.175.154.244.75.crt
DigiCert_Assured_ID_Root_G3:2.16.11.161.90.250.29.223.160.181.73.68.175.205.36.160.108.236.crt		DigiCert_Assured_ID_Root_G3:2.16.11.161.90.250.29.223.160.181.73.68.175.205.36.160.108.236.crt
DigiCert_Global_Root_CA:2.16.8.59.224.86.144.66.70.177.161.117.106.201.89.145.199.74.crt		DigiCert_Global_Root_CA:2.16.8.59.224.86.144.66.70.177.161.117.106.201.89.145.199.74.crt
DigiCert_Global_Root_G2:2.16.3.58.241.230.167.17.169.160.187.40.100.177.29.9.250.229.crt		DigiCert_Global_Root_G2:2.16.3.58.241.230.167.17.169.160.187.40.100.177.29.9.250.229.crt
DigiCert_Global_Root_G3:2.16.5.85.86.188.242.94.164.53.53.195.164.15.213.171.69.114.crt		DigiCert_Global_Root_G3:2.16.5.85.86.188.242.94.164.53.53.195.164.15.213.171.69.114.crt
DigiCert_High_Assurance_EV_Root_CA:2.16.2.172.92.38.106.11.64.155.143.11.121.242.174.70.37.119.crt		DigiCert_High_Assurance_EV_Root_CA:2.16.2.172.92.38.106.11.64.155.143.11.121.242.174.70.37.119.crt
DigiCert_TLS_ECC_P384_Root_G5:2.16.9.224.147.101.172.247.217.200.185.62.28.11.4.42.46.243.crt		DigiCert_TLS_ECC_P384_Root_G5:2.16.9.224.147.101.172.247.217.200.185.62.28.11.4.42.46.243.crt
DigiCert_TLS_RSA4096_Root_G5:2.16.8.249.180.120.168.250.126.218.106.51.55.137.222.124.207.138.crt		DigiCert_TLS_RSA4096_Root_G5:2.16.8.249.180.120.168.250.126.218.106.51.55.137.222.124.207.138.crt
DigiCert_Trusted_Root_G4:2.16.5.155.27.87.158.142.33.50.226.57.7.189.167.119.117.92.crt		DigiCert_Trusted_Root_G4:2.16.5.155.27.87.158.142.33.50.226.57.7.189.167.119.117.92.crt
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt		Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.crt
Entrust_Root_Certification_Authority:2.4.69.107.80.84.crt		Entrust_Root_Certification_Authority:2.4.69.107.80.84.crt
Entrust_Root_Certification_Authority_-_EC1:2.13.0.166.139.121.41.0.0.0.0.80.208.145.249.crt		Entrust_Root_Certification_Authority_-_EC1:2.13.0.166.139.121.41.0.0.0.0.80.208.145.249.crt
Entrust_Root_Certification_Authority_-_G2:2.4.74.83.140.40.crt		Entrust_Root_Certification_Authority_-_G2:2.4.74.83.140.40.crt
Entrust_Root_Certification_Authority_-_G4:2.17.0.217.181.67.127.175.169.57.15.0.0.0.0.85.101.173.88.crt		Entrust_Root_Certification_Authority_-_G4:2.17.0.217.181.67.127.175.169.57.15.0.0.0.0.85.101.173.88.crt
GDCA_TrustAUTH_R5_ROOT:2.8.125.9.151.254.240.71.234.122.crt		GDCA_TrustAUTH_R5_ROOT:2.8.125.9.151.254.240.71.234.122.crt
GLOBALTRUST_2020:2.11.90.75.189.90.251.79.138.91.250.101.229.crt		GLOBALTRUST_2020:2.11.90.75.189.90.251.79.138.91.250.101.229.crt
GTS_Root_R1:2.13.2.3.229.147.111.49.176.19.73.136.107.162.23.crt		GTS_Root_R1:2.13.2.3.229.147.111.49.176.19.73.136.107.162.23.crt
GTS_Root_R2:2.13.2.3.229.174.197.141.4.37.26.171.17.37.170.crt		GTS_Root_R2:2.13.2.3.229.174.197.141.4.37.26.171.17.37.170.crt
GTS_Root_R3:2.13.2.3.229.184.130.235.32.248.37.39.109.61.102.crt		GTS_Root_R3:2.13.2.3.229.184.130.235.32.248.37.39.109.61.102.crt
GTS_Root_R4:2.13.2.3.229.192.104.239.99.26.156.114.144.80.82.crt		GTS_Root_R4:2.13.2.3.229.192.104.239.99.26.156.114.144.80.82.crt
GlobalSign_ECC_Root_CA_-_R4:2.13.2.3.229.126.245.63.147.253.165.9.33.178.166.crt		GlobalSign_ECC_Root_CA_-_R4:2.13.2.3.229.126.245.63.147.253.165.9.33.178.166.crt
GlobalSign_ECC_Root_CA_-_R5:2.17.96.89.73.224.38.46.187.85.249.10.119.138.113.249.74.216.108.crt		GlobalSign_ECC_Root_CA_-_R5:2.17.96.89.73.224.38.46.187.85.249.10.119.138.113.249.74.216.108.crt
GlobalSign_Root_CA:2.11.4.0.0.0.0.1.21.75.90.195.148.crt		GlobalSign_Root_CA:2.11.4.0.0.0.0.1.21.75.90.195.148.crt
GlobalSign_Root_CA_-_R3:2.11.4.0.0.0.0.1.33.88.83.8.162.crt		GlobalSign_Root_CA_-_R3:2.11.4.0.0.0.0.1.33.88.83.8.162.crt
GlobalSign_Root_CA_-_R6:2.14.69.230.187.3.131.51.195.133.101.72.230.255.69.81.crt		GlobalSign_Root_CA_-_R6:2.14.69.230.187.3.131.51.195.133.101.72.230.255.69.81.crt
GlobalSign_Root_E46:2.18.17.210.187.186.51.110.212.188.230.36.104.197.13.132.29.152.232.67.crt		GlobalSign_Root_E46:2.18.17.210.187.186.51.110.212.188.230.36.104.197.13.132.29.152.232.67.crt
GlobalSign_Root_R46:2.18.17.210.187.185.215.35.24.158.64.95.10.157.45.208.223.37.103.209.crt		GlobalSign_Root_R46:2.18.17.210.187.185.215.35.24.158.64.95.10.157.45.208.223.37.103.209.crt
Go_Daddy_Class_2_CA:2.1.0.crt		Go_Daddy_Class_2_CA:2.1.0.crt
Go_Daddy_Root_Certificate_Authority_-_G2:2.1.0.crt		Go_Daddy_Root_Certificate_Authority_-_G2:2.1.0.crt
HARICA_TLS_ECC_Root_CA_2021:2.16.103.116.157.141.119.216.59.106.219.34.244.255.89.226.191.206.crt		HARICA_TLS_ECC_Root_CA_2021:2.16.103.116.157.141.119.216.59.106.219.34.244.255.89.226.191.206.crt
HARICA_TLS_RSA_Root_CA_2021:2.16.57.202.147.28.239.67.243.198.142.147.199.244.100.137.56.126.crt		HARICA_TLS_RSA_Root_CA_2021:2.16.57.202.147.28.239.67.243.198.142.147.199.244.100.137.56.126.crt
Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt		Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt		Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
HiPKI_Root_CA_-_G1:2.16.45.221.172.206.98.151.148.161.67.232.176.205.118.106.94.96.crt		HiPKI_Root_CA_-_G1:2.16.45.221.172.206.98.151.148.161.67.232.176.205.118.106.94.96.crt
Hongkong_Post_Root_CA_3:2.20.8.22.95.138.76.165.236.0.201.147.64.223.196.198.174.35.184.28.90.164.crt		Hongkong_Post_Root_CA_3:2.20.8.22.95.138.76.165.236.0.201.147.64.223.196.198.174.35.184.28.90.164.crt
ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt		ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt
ISRG_Root_X2:2.16.65.210.157.209.114.234.238.167.128.193.44.108.233.47.135.82.crt		ISRG_Root_X2:2.16.65.210.157.209.114.234.238.167.128.193.44.108.233.47.135.82.crt
IdenTrust_Commercial_Root_CA_1:2.16.10.1.66.128.0.0.1.69.35.200.68.181.0.0.0.2.crt		IdenTrust_Commercial_Root_CA_1:2.16.10.1.66.128.0.0.1.69.35.200.68.181.0.0.0.2.crt
IdenTrust_Public_Sector_Root_CA_1:2.16.10.1.66.128.0.0.1.69.35.207.70.124.0.0.0.2.crt		IdenTrust_Public_Sector_Root_CA_1:2.16.10.1.66.128.0.0.1.69.35.207.70.124.0.0.0.2.crt
Izenpe.com:2.16.0.176.183.90.22.72.95.191.225.203.245.139.215.25.230.125.crt		Izenpe.com:2.16.0.176.183.90.22.72.95.191.225.203.245.139.215.25.230.125.crt
LICENSE		LICENSE
Makefile		Makefile
Microsec_e-Szigno_Root_CA_2009:2.9.0.194.126.67.4.78.71.63.25.crt		Microsec_e-Szigno_Root_CA_2009:2.9.0.194.126.67.4.78.71.63.25.crt
Microsoft_ECC_Root_Certificate_Authority_2017:2.16.102.242.61.175.135.222.139.177.74.234.12.87.49.1.194.236.crt		Microsoft_ECC_Root_Certificate_Authority_2017:2.16.102.242.61.175.135.222.139.177.74.234.12.87.49.1.194.236.crt
Microsoft_RSA_Root_Certificate_Authority_2017:2.16.30.211.151.9.95.216.180.179.71.112.30.170.190.127.69.179.crt		Microsoft_RSA_Root_Certificate_Authority_2017:2.16.30.211.151.9.95.216.180.179.71.112.30.170.190.127.69.179.crt
NAVER_Global_Root_Certification_Authority:2.20.1.148.48.30.162.11.221.245.197.51.42.177.67.68.113.248.214.80.77.13.crt		NAVER_Global_Root_Certification_Authority:2.20.1.148.48.30.162.11.221.245.197.51.42.177.67.68.113.248.214.80.77.13.crt
NetLock_Arany_=Class_Gold=_Főtanúsítvány:2.6.73.65.44.228.0.16.crt		NetLock_Arany_=Class_Gold=_Főtanúsítvány:2.6.73.65.44.228.0.16.crt
OISTE_WISeKey_Global_Root_GB_CA:2.16.118.177.32.82.116.240.133.135.70.179.248.35.26.246.194.192.crt		OISTE_WISeKey_Global_Root_GB_CA:2.16.118.177.32.82.116.240.133.135.70.179.248.35.26.246.194.192.crt
OISTE_WISeKey_Global_Root_GC_CA:2.16.33.42.86.12.174.218.12.171.64.69.191.43.162.45.58.234.crt		OISTE_WISeKey_Global_Root_GC_CA:2.16.33.42.86.12.174.218.12.171.64.69.191.43.162.45.58.234.crt
QuoVadis_Root_CA_1_G3:2.20.120.88.95.46.173.44.25.75.227.55.7.53.52.19.40.181.150.212.101.147.crt		QuoVadis_Root_CA_1_G3:2.20.120.88.95.46.173.44.25.75.227.55.7.53.52.19.40.181.150.212.101.147.crt
QuoVadis_Root_CA_2:2.2.5.9.crt		QuoVadis_Root_CA_2:2.2.5.9.crt
QuoVadis_Root_CA_2_G3:2.20.68.87.52.36.91.129.137.155.53.242.206.184.43.59.91.167.38.240.117.40.crt		QuoVadis_Root_CA_2_G3:2.20.68.87.52.36.91.129.137.155.53.242.206.184.43.59.91.167.38.240.117.40.crt
QuoVadis_Root_CA_3:2.2.5.198.crt		QuoVadis_Root_CA_3:2.2.5.198.crt
QuoVadis_Root_CA_3_G3:2.20.46.245.155.2.40.167.219.122.255.213.163.169.238.189.3.160.207.18.106.29.crt		QuoVadis_Root_CA_3_G3:2.20.46.245.155.2.40.167.219.122.255.213.163.169.238.189.3.160.207.18.106.29.crt
README.md		README.md
SSL.com_EV_Root_Certification_Authority_ECC:2.8.44.41.156.91.22.237.5.149.crt		SSL.com_EV_Root_Certification_Authority_ECC:2.8.44.41.156.91.22.237.5.149.crt
SSL.com_EV_Root_Certification_Authority_RSA_R2:2.8.86.182.41.205.52.188.120.246.crt		SSL.com_EV_Root_Certification_Authority_RSA_R2:2.8.86.182.41.205.52.188.120.246.crt

License

puppetlabs/puppet-ca-bundle

Folders and files

Latest commit

History

Repository files navigation

Puppet is now shipping a CA cert bundle!

Build Instructions

Install Instructions

Release

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Contributors 14

Languages

Packages