So I’m bored and poking around my phone and went into the security settings where I find a list of trusted certificates. A bunch are obviously foreign and not clear on who the agent is. There’s even a couple for AOL and shudder one with Government in the name. Though, again, like the rest, details are left wanting. Is there a standard list of legit agents? Should I worry about it? What happens if I deny, say, AOL? Any thoughts, or am I just so bored I’m looking for problems?
Thanks
It’s not you. Windows has billions too. Your particular list depends on your particular phone.
There’s Microsoft, Apple, and Mozilla ones that people seem to use.
Ultimately, the CA model we now have is not very safe and it just depends entirely on your device vendor to include root CAs they like or have been sufficiently bribed/intimidated by. It’s a waste of your time not because it’s not a real problem, but because there’s nothing you can do about it if you want to keep using the regular WWW. It’s one of those things that everybody knows is broken, but would take a lot of money to fix.
For your own communications, you can skip the CAs and use PGP and your own cert servers or just by giving your recipient your public key in person.
Actually, I forgot to mention this: the EFF crawls a bunch of public certificates and analyzes them:
It is a crowdsourced repository of SSL certificate problems, with real-time warnings. The EFF has made plugins for it for Chrome and Firefox android:
If you’re not familiar with the EFF, they’re basically the ACLU of the Internet, and one of the few consumer champions of online privacy
This appears to be the CA list in the AOSP source:
https://android.googlesource.com/platform/libcore/+/master/luni/src/main/files/cacerts/
But you’d have to parse each file to get the CA name.
Also, Android 4.2+ “pins” particular domains/apps to particular CAs, to limit the potential damage exposure from a rogue CA that doesn’t normally authenticate for that particular domain or app.
Sorry for the multi-post. It’s late and I wasn’t thinking clearly and posted too eagerly. I just realized you may not know what any of that means – I misread something in your OP, and might’ve misjudged your familiarity with the subject. (If you do understand all that already, feel free to skip this comment). For the below, the phrases in all caps can be looked up on Wikipedia for detailed explanations.
Basically, WWW security is based on big companies like Microsoft or Google listening to other big companies – called Certificate Authorities (CAs) – telling them who is who. CAs use Public Key Encryption to store a list of Public Keys, basically verified nametags, of their clients – hundreds of thousands of smaller businesses and individuals. These CAs are “pretty” safe, meaning they don’t catastrophically fail all the time, but they’ve been hacked into before and the NSA probably has its paws in many of them. So the system is inherently untrustworthy, but the WWW’s HTTPS security system is nonetheless built on it.
With Android’s security model, normal apps shouldn’t be able to modify your list of CAs unless it somehow exploits a serious flaw and roots (the equivalent of iPhone “jailbreaking”) your phone. There’s the chance that your vendor added or changed the default CA list, but because they’re your vendor, they could just as easily install a hacked chip with a backdoor, or special software that lets them watch you, so it’s kind of a moot point anyway.
Essentially, you the user are trusting your vendor and your carrier to play nice with Google to play nice with the CAs to play nice with each other to play nice with the NSA and other security agencies, and at any point in the process the trust can be breached. You shouldn’t worry about it because there are easier ways people can steal your information, and even if you wanted to, there isn’t much you can do to fix the situation unless you own a global tech company. If you deny, say, AOL, certain websites may break and give you a certificate error. It is a problem the industry realizes but is slow to actually try to solve.
To more directly answer the question of whether there’s a trusted list, Android is partially built on something called the Android Open Source Project, which includes the following list of CAs. I don’t know if this is the default list used by the whole phone or if there are other lists in the source code, so take this with a grain of salt (this is the same list I linked to in post #4, just parsed and consolidated for you):
00673b5b.0: Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
03e16f6c.0: Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
08aef7bb.0: Issuer: C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
0d188d89.0: Issuer: C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
10531352.0: Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
111e6273.0: Issuer: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1155c94b.0: Issuer: C=ES, L=C/ Muntaner 244 Barcelona, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress=ca@firmaprofesional.com
119afc2e.0: Issuer: emailAddress=pki@sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK
11a09b38.0: Issuer: C=DK, O=TDC, CN=TDC OCES CA
12d55845.0: Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
17b51fe6.0: Issuer: C=FR, O=Certplus, CN=Class 2 Primary CA
1920cacb.0: Issuer: C=ES, ST=Madrid, L=Madrid, O=IPS Certification Authority s.l. ipsCA, OU=ipsCA, CN=ipsCA Global CA Root/emailAddress=global01@ipsca.com
1dac3003.0: Issuer: C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
1dbdda5b.0: Issuer: C=ES, O=FNMT, OU=FNMT Clase 2 CA
1dcd6f4c.0: Issuer: C=TW, O=Government Root Certification Authority
1df5a75f.0: Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
1df5ec47.0: Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA III
1e1eab7c.0: Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
1e8e7201.0: Issuer: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1eb37bdf.0: Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
219d9499.0: Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
23f4c490.0: Issuer: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
27af790d.0: Issuer: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
2afc57aa.0: Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
2d9dafe4.0: Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
2e8714cb.0: Issuer: C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 3
2fa87019.0: Issuer: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
2fb1850a.0: Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 2
33815e15.0: Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
343eb6cb.0: Issuer: O=Cybertrust, Inc, CN=Cybertrust Global Root
399e7759.0: Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
3a3b02ce.0: Issuer: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
3ad48a91.0: Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
3c58f906.0: Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
3c860d51.0: Issuer: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
3c9a4d3b.0: Issuer: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
3d441de8.0: Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
3e7271e8.0: Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
40dc992e.0: Issuer: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
418595b9.0: Issuer: C=TR, L=Gebze - Kocaeli, O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK, OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
450c6e38.0: Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2
455f1b52.0: Issuer: C=US, O=Entrust, Inc., OU=See Legal and Compliance, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
46b2fd3b.0: Issuer: C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
48478734.0: Issuer: C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1
48a195d8.0: Issuer: C=ES, O=IZENPE S.A., CN=Izenpe.com
4d654d1d.0: Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
4e18c148.0: Issuer: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
4fbd6bfa.0: Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
5021a0a2.0: Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA I
5046c355.0: Issuer: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
524d9b43.0: Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
56b8a0b6.0: Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=Ankara, O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
57692373.0: Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
58a44af1.0: Issuer: C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
594f1775.0: Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
5a3f0ff8.0: Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
5a5372fc.0: Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Uzleti (Class B) Tanusitvanykiado
5cf9d536.0: Issuer: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
5e4e69e7.0: Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
60afe812.0: Issuer: C=HU, L=Budapest, O=NetLock Kft., OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services), CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
635ccfd5.0: Issuer: C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Expressz (Class C) Tanusitvanykiado
67495436.0: Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
69105f4f.0: Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
6adf0799.0: Issuer: C=US, O=Wells Fargo, OU=Wells Fargo Certification Authority, CN=Wells Fargo Root Certificate Authority
6e8bf996.0: Issuer: C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
6fcc125d.0: Issuer: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
72f369af.0: Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1
72fa7371.0: Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
74c26bd0.0: Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
75680d2e.0: Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
7651b327.0: Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
76579174.0: Issuer: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
7672ac4b.0: Issuer: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorit\xC3\xA9 Racine
7999be0d.0: Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
7a481e66.0: Issuer: C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
7a819ef2.0: Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
7d3cd826.0: Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
7d453d8f.0: Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
81b9768f.0: Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
82223c44.0: Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
8470719d.0: Issuer: O=RSA Security Inc, OU=RSA Security 2048 V3
84cba82f.0: Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, C=TR, L=ANKARA, O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
85cde254.0: Issuer: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
86212b19.0: Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Networking
87753b0d.0: Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
882de061.0: Issuer: C=RO, O=certSIGN, OU=certSIGN ROOT CA
895cad1a.0: Issuer: C=CN, O=CNNIC, CN=CNNIC ROOT
89c02a45.0: Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
8f7b96c4.0: Issuer: C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
9339512a.0: Issuer: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
95aff9e3.0: Issuer: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9685a493.0: Issuer: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
9772ca32.0: Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
9d6523ce.0: Issuer: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
9dbefe7b.0: Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
9f533518.0: Issuer: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
a0bc6fbb.0: Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
a15b3b6b.0: Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
a3896b44.0: Issuer: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
a7605362.0: Issuer: C=FI, O=Sonera, CN=Sonera Class2 CA
a7d2cf64.0: Issuer: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
ab5346f4.0: Issuer: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
add67345.0: Issuer: C=HU, ST=Hungary, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
aeb67534.0: Issuer: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
b0f3e76e.0: Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
b3fb433b.0: Issuer: C=US, O=Entrust, Inc., OU=See Legal and Compliance, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
b7db1890.0: Issuer: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
bc3f2570.0: Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
bcdd5959.0: Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
bda4cc84.0: Issuer: C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
bdacca6f.0: Issuer: C=US, O=SecureTrust Corporation, CN=Secure Global CA
bf64f35b.0: Issuer: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
c215bc69.0: Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
c33a80d4.0: Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
c3a6a9ad.0: Issuer: C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-nQual-03, CN=A-Trust-nQual-03
c527e4ab.0: Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
c7e2a638.0: Issuer: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
c8763593.0: Issuer: C=CO, O=Sociedad Cameral de Certificaci\xC3\xB3n Digital - Certic\xC3\xA1mara S.A., CN=AC Ra\xC3\xADz Certic\xC3\xA1mara S.A.
ccc52f49.0: Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
cdaebb72.0: Issuer: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA
cf701eeb.0: Issuer: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
d16a5865.0: Issuer: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
d537fba6.0: Issuer: C=DK, O=TDC Internet, OU=TDC Internet Root CA
d59297b8.0: Issuer: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
d64f06f3.0: Issuer: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig
d7746a63.0: Issuer: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
d777342d.0: Issuer: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA1
d8274e24.0: Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
dbc54cab.0: Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Premium
ddc328ff.0: Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com
e48193cf.0: Issuer: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
e60bf0c0.0: Issuer: C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
e775ed2d.0: Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
e7b8d656.0: Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
e8651083.0: Issuer: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu
ea169617.0: Issuer: CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES
eb375c3e.0: Issuer: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 1
ed049835.0: Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
ed524cf5.0: Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
ee7cd6fb.0: Issuer: C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
ee90b008.0: Issuer: C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
f4996e82.0: Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//emailAddress=info@valicert.com
f58a60fe.0: Issuer: CN=ComSign Secured CA, O=ComSign, C=IL
f61bff45.0: Issuer: C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
f80cc7f6.0: Issuer: CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1, O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., C=TR
fac084d7.0: Issuer: C=JP, O=Japanese Government, OU=ApplicationCA
facacbc6.0: Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
fb126c6d.0: Issuer: C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
fde84897.0: Issuer: C=FR, O=Dhimyotis, CN=Certigna
ff783690.0: Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
And the stuff about “pinning” just means that Google said “Hmm, these CAs get hacked from time to time, and they can all pretend to authenticate me… that’s a problem for my own security! So I’m not going to blindly trust them all anymore. From now on, Android will only recognize Google.com certificates from these particular CAs whom I’ve chosen to work with, and I’ll ignore certificates from the other CAs I don’t trust as much.”
Hope that helps.
Thanks for the info. I’m just gonna relax with a beer and not worry about it.
By far the better choice. Privacy is dead. It’s time to move on.
