Closed
Conversation
Rolling trust store release at 2026-02-09T15:10:25-0500. $ cfssl-trust -d ./cert.db -b int release 0h 1265 certificates rolled 0 certificates skipped Successfully rolled new int release 2026.2.1 $ cfssl-trust -d ./cert.db -b ca release 0h 340 certificates rolled 0 certificates skipped Successfully rolled new ca release 2026.2.1 Adding new intermediates: --/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995494.crt --- CERTIFICATE Subject: /Microsoft TLS ECC Root G2/C=US/O=Microsoft Corporation Issuer: /DigiCert Global Root G3/C=US/O=DigiCert Inc/OU=www.digicert.com Signature algorithm: ECDSA / SHA384 Details: Public key: ECDSA-secp384r1 Serial number: 11733431000592060034876541703193624502 AKI: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 SKI: 6F:AB:7E:DA:FF:97:43:72:EC:3B:67:77:DE:82:61:35:88:47:42:85 Valid from: 2025-05-21T00:00:00+0000 until: 2029-06-19T23:59:59+0000 Key usages: cert sign, crl sign, digital signature Extended usages: server auth Basic constraints: valid, is a CA certificate SANs (0): 1 AIA: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt OCSP server: - http://ocsp.digicert.com --/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995495.crt --- CERTIFICATE Subject: /Microsoft TLS RSA Root G2/C=US/O=Microsoft Corporation Issuer: /DigiCert Global Root G2/C=US/O=DigiCert Inc/OU=www.digicert.com Signature algorithm: RSA / SHA384 Details: Public key: RSA-4096 Serial number: 14685989241594233654608890750483546312 AKI: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 SKI: DE:91:86:48:B7:A1:31:59:31:F1:4B:5F:07:A9:DC:88:79:DA:A8:76 Valid from: 2025-05-21T00:00:00+0000 until: 2029-06-19T23:59:59+0000 Key usages: cert sign, crl sign, digital signature Extended usages: server auth Basic constraints: valid, is a CA certificate SANs (0): 1 AIA: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt OCSP server: - http://ocsp.digicert.com selected release 2026.2.1 - importing serial 11733431000592060034876541703193624502 SKI 6fab7edaff974372ec3b6777de82613588474285 - importing serial 14685989241594233654608890750483546312 SKI de918648b7a1315931f14b5f07a9dc8879daa876 $ cfssl-trust -d ./cert.db -r 2026.2.1 -b int bundle int-bundle.crt selected release 2026.2.1 Selected 1267 certificates for this release. $ cfssl-trust -d ./cert.db -r 2026.2.1 -b ca bundle ca-bundle.crt selected release 2026.2.1 Selected 340 certificates for this release.
…y Digi G3 to int bundle
mitch292
commented
Feb 9, 2026
Contributor
Author
There was a problem hiding this comment.
Wondering why the metadata wasn't updated similar to here - https://github.com/cloudflare/cfssl_trust/pull/362/changes#diff-128e015a3b2d686b2cc929270484245c4bc4c033016fa31142da6b5eb23b33b0
Checking on that
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Generated via
NEW_INTERMEDIATES="/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995494.crt /Users/andrew/cf-notes/new-microsoft-cross-signs/18555995495.crt" ./release.shPulled certs from here
Sha1 thumbprints for cross signs obtained from here https://www.microsoft.com/pkiops/docs/repository.htm