1#!/bin/sh 2 3# Print out a list of information to use when verifying that new roots are in the new System roots keychain 4# You must manually input the files now; easiest way to get the list is when doing svk add 5 6# set -x 7 8NEW_ROOTS="\ 9 COMODOCertificationAuthority.crt \ 10 DigiNotarRootCA2007.crt \ 11 EntrustEVRoot.crt \ 12 EntrustRootCA1024.crt \ 13 GlobalSignRootCA-R2.cer \ 14 NetworkSolutionsEVRoot.crt \ 15 Trustwave-SGCA.pem.crt \ 16 Trustwave-STCA.pem.crt \ 17 VASLatvijasPasts-SSI-RCA.crt \ 18 VASLatvijasPasts-SSI-RCA_subject \ 19 VeriSignC3PublicPrimaryCA-G5.cer \ 20 geotrust-primary-ca.crt \ 21 thawte-primary-root-ca.crt" 22 23for root in ${NEW_ROOTS} ; do 24 printf "====================\n" 25 printf " $root \n" 26 openssl x509 -inform DER -in roots/$root -noout -fingerprint -subject -nameopt oneline -dates 27done 28 29 30