Conversation
Rolling trust store release at 2026-02-09T15:33:51-0500. $ cfssl-trust -d ./cert.db -b int release 0h 1265 certificates rolled 0 certificates skipped Successfully rolled new int release 2026.2.1 $ cfssl-trust -d ./cert.db -b ca release 0h 340 certificates rolled 0 certificates skipped Successfully rolled new ca release 2026.2.1 Adding new intermediates: --/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995494.crt --- CERTIFICATE Subject: /Microsoft TLS ECC Root G2/C=US/O=Microsoft Corporation Issuer: /DigiCert Global Root G3/C=US/O=DigiCert Inc/OU=www.digicert.com Signature algorithm: ECDSA / SHA384 Details: Public key: ECDSA-secp384r1 Serial number: 11733431000592060034876541703193624502 AKI: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 SKI: 6F:AB:7E:DA:FF:97:43:72:EC:3B:67:77:DE:82:61:35:88:47:42:85 Valid from: 2025-05-21T00:00:00+0000 until: 2029-06-19T23:59:59+0000 Key usages: cert sign, crl sign, digital signature Extended usages: server auth Basic constraints: valid, is a CA certificate SANs (0): 1 AIA: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt OCSP server: - http://ocsp.digicert.com --/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995495.crt --- CERTIFICATE Subject: /Microsoft TLS RSA Root G2/C=US/O=Microsoft Corporation Issuer: /DigiCert Global Root G2/C=US/O=DigiCert Inc/OU=www.digicert.com Signature algorithm: RSA / SHA384 Details: Public key: RSA-4096 Serial number: 14685989241594233654608890750483546312 AKI: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 SKI: DE:91:86:48:B7:A1:31:59:31:F1:4B:5F:07:A9:DC:88:79:DA:A8:76 Valid from: 2025-05-21T00:00:00+0000 until: 2029-06-19T23:59:59+0000 Key usages: cert sign, crl sign, digital signature Extended usages: server auth Basic constraints: valid, is a CA certificate SANs (0): 1 AIA: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt OCSP server: - http://ocsp.digicert.com selected release 2026.2.1 - importing serial 11733431000592060034876541703193624502 SKI 6fab7edaff974372ec3b6777de82613588474285 - importing serial 14685989241594233654608890750483546312 SKI de918648b7a1315931f14b5f07a9dc8879daa876 $ cfssl-trust -d ./cert.db -r 2026.2.1 -b int bundle int-bundle.crt selected release 2026.2.1 Selected 1267 certificates for this release. $ cfssl-trust -d ./cert.db -r 2026.2.1 -b ca bundle ca-bundle.crt selected release 2026.2.1 Selected 340 certificates for this release. $ certdump ca-bundle.crt > certdata/ca-bundle.txt $ certdump int-bundle.crt > certdata/int-bundle.txt $ git status --porcelain -uno M cert.db M certdata/ca-bundle.txt M certdata/int-bundle.txt M int-bundle.crt
mitch292
commented
Feb 9, 2026
| Issuer: /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification | ||
| Authority | ||
| Signature algorithm: RSA / MD2 | ||
| Signature algorithm: unknown public key algorithm / unknown hash algorithm |
Contributor
Author
There was a problem hiding this comment.
I feel like this came up previously. Why does the release script do this? Maybe the fix is running it with an older version of go or something for now?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rolling trust store release at 2026-02-09T15:33:51-0500. $ cfssl-trust -d ./cert.db -b int release 0h
1265 certificates rolled
0 certificates skipped
Successfully rolled new int release 2026.2.1
$ cfssl-trust -d ./cert.db -b ca release 0h
340 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2026.2.1
Adding new intermediates:
--/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995494.crt --- CERTIFICATE
Subject: /Microsoft TLS ECC Root G2/C=US/O=Microsoft Corporation Issuer: /DigiCert Global Root G3/C=US/O=DigiCert Inc/OU=www.digicert.com
Signature algorithm: ECDSA / SHA384
Details:
Public key: ECDSA-secp384r1
Serial number: 11733431000592060034876541703193624502
AKI: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6
SKI: 6F:AB:7E:DA:FF:97:43:72:EC:3B:67:77:DE:82:61:35:88:47:42:85
Valid from: 2025-05-21T00:00:00+0000
until: 2029-06-19T23:59:59+0000
Key usages: cert sign, crl sign, digital signature
Extended usages: server auth
Basic constraints: valid, is a CA certificate
SANs (0):
1 AIA:
http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
OCSP server:
- http://ocsp.digicert.com --/Users/andrew/cf-notes/new-microsoft-cross-signs/18555995495.crt --- CERTIFICATE
Subject: /Microsoft TLS RSA Root G2/C=US/O=Microsoft Corporation Issuer: /DigiCert Global Root G2/C=US/O=DigiCert Inc/OU=www.digicert.com
Signature algorithm: RSA / SHA384
Details:
Public key: RSA-4096
Serial number: 14685989241594233654608890750483546312
AKI: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39
SKI: DE:91:86:48:B7:A1:31:59:31:F1:4B:5F:07:A9:DC:88:79:DA:A8:76
Valid from: 2025-05-21T00:00:00+0000
until: 2029-06-19T23:59:59+0000
Key usages: cert sign, crl sign, digital signature
Extended usages: server auth
Basic constraints: valid, is a CA certificate
SANs (0):
1 AIA:
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
OCSP server:
- http://ocsp.digicert.com selected release 2026.2.1
Selected 1267 certificates for this release.
$ cfssl-trust -d ./cert.db -r 2026.2.1 -b ca bundle ca-bundle.crt selected release 2026.2.1
Selected 340 certificates for this release.
$ certdump ca-bundle.crt > certdata/ca-bundle.txt $ certdump int-bundle.crt > certdata/int-bundle.txt $ git status --porcelain -uno
M cert.db
M certdata/ca-bundle.txt
M certdata/int-bundle.txt
M int-bundle.crt