Trust store release 2026.2.1 by jvaughan-cloudflare · Pull Request #368 · cloudflare/cfssl_trust

jvaughan-cloudflare · 2026-02-09T20:58:37Z

❯ ALLOW_SKIP_PR=false NOPUSH=1 NOGIT=1 NEW_INTERMEDIATES=./new-ints.crt ./release.sh                 
+ CONFIG_PATH=
+ [ -n  ]
+ DATABASE_PATH=./cert.db
+ [ -n ./cert.db ]
+ DATABASE_PATH=-d ./cert.db
+ EXPIRATION_WINDOW=0h
+ prologue
+ check_for_tool cfssl-trust
+ command -v cfssl-trust
+ [ 0 -ne 0 ]
+ check_for_tool certdump
+ command -v certdump
+ [ 0 -ne 0 ]
+ check_for_tool mktemp
+ command -v mktemp
+ [ 0 -ne 0 ]
+ git rev-parse --show-toplevel
+ cd /home/jvaughan/cf-repos/cfssl_trust
+ execute
+ mktemp
+ TEMPFILE=/tmp/tmp.XdUXcYfmM9
+ release
+ tee /tmp/tmp.XdUXcYfmM9
+ pwd
+ basename /home/jvaughan/cf-repos/cfssl_trust
+ [ cfssl_trust != cfssl_trust ]
+ pwd
+ git rev-parse --show-toplevel
+ [ /home/jvaughan/cf-repos/cfssl_trust != /home/jvaughan/cf-repos/cfssl_trust ]
+ date +%FT%T%z
+ echo Rolling trust store release at 2026-02-09T15:57:08-0500.
+ echo $ cfssl-trust -d ./cert.db  -b int release 0hRolling trust store release at 2026-02-09T15:57:08-0500.

+ cfssl-trust -d ./cert.db -b int release 0h
$ cfssl-trust -d ./cert.db  -b int release 0h
1265 certificates rolled
0 certificates skipped
Successfully rolled new int release 2026.2.1
+ cfssl-trust -d ./cert.db releases
+ awk  NR==1 { print $2 }
+ LATEST_RELEASE=2026.2.1
+ echo $ cfssl-trust -d ./cert.db  -b ca release 0h
+ cfssl-trust -d ./cert.db -b ca release$ cfssl-trust -d ./cert.db  -b ca release 0h
 0h
340 certificates rolled
0 certificates skipped
Successfully rolled new ca release 2026.2.1
+ [ -n  ]
+ [ -n ./new-ints.crt ]
+ echo Adding new intermediates:
+ certdump ./new-ints.crtAdding new intermediates:

--./new-ints.crt ---
CERTIFICATE
Subject: /Microsoft TLS ECC Root G2/C=US/O=Microsoft Corporation
Issuer: /DigiCert Global Root G3/C=US/O=DigiCert Inc/OU=www.digicert.com
	Signature algorithm: ECDSA / SHA384
Details:
	Public key: ECDSA-secp384r1
	Serial number: 11733431000592060034876541703193624502
	AKI: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6
	SKI: 6F:AB:7E:DA:FF:97:43:72:EC:3B:67:77:DE:82:61:35:88:47:42:85
	Valid from: 2025-05-21T00:00:00+0000
	     until: 2029-06-19T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Extended usages: server auth
	Basic constraints: valid, is a CA certificate
	SANs (0):
	1 AIA:
		http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
	OCSP server:
		- http://ocsp.digicert.com
CERTIFICATE
Subject: /Microsoft TLS RSA Root G2/C=US/O=Microsoft Corporation
Issuer: /DigiCert Global Root G2/C=US/O=DigiCert Inc/OU=www.digicert.com
	Signature algorithm: RSA / SHA384
Details:
	Public key: RSA-4096
	Serial number: 14685989241594233654608890750483546312
	AKI: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39
	SKI: DE:91:86:48:B7:A1:31:59:31:F1:4B:5F:07:A9:DC:88:79:DA:A8:76
	Valid from: 2025-05-21T00:00:00+0000
	     until: 2029-06-19T23:59:59+0000
	Key usages: cert sign, crl sign, digital signature
	Extended usages: server auth
	Basic constraints: valid, is a CA certificate
	SANs (0):
	1 AIA:
		http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
	OCSP server:
		- http://ocsp.digicert.com
+ cfssl-trust -d ./cert.db -b int -r 2026.2.1 import ./new-ints.crt
selected release 2026.2.1
- importing serial 11733431000592060034876541703193624502 SKI 6fab7edaff974372ec3b6777de82613588474285
- importing serial 14685989241594233654608890750483546312 SKI de918648b7a1315931f14b5f07a9dc8879daa876
+ [ -z 1 ]
+ echo $ cfssl-trust -d ./cert.db  -r 2026.2.1 -b int bundle int-bundle.crt
+ cfssl-trust -d ./cert.db -r$ cfssl-trust -d ./cert.db  -r 2026.2.1 -b int bundle int-bundle.crt
 2026.2.1 -b int bundle int-bundle.crt
selected release 2026.2.1
Selected 1267 certificates for this release.
+ echo $ cfssl-trust -d ./cert.db  -r 2026.2.1 -b ca bundle ca-bundle.crt
+ cfssl-trust -d ./cert.db -r 2026.2.1 -b ca$ cfssl-trust -d ./cert.db  -r 2026.2.1 -b ca bundle ca-bundle.crt
 bundle ca-bundle.crt
selected release 2026.2.1
Selected 340 certificates for this release.
+ [ false = true ]
+ [ -z 1 ]
+ echo $ certdump ca-bundle.crt  > certdata/ca-bundle.txt
$ certdump ca-bundle.crt  > certdata/ca-bundle.txt
+ certdump ca-bundle.crt
+ echo $ certdump int-bundle.crt > certdata/int-bundle.txt
$ certdump int-bundle.crt > certdata/int-bundle.txt
+ certdump int-bundle.crt
+ [ -z 1 ]
+ grep -q No_Changes /tmp/tmp.XdUXcYfmM9
+ cfssl-trust -d ./cert.db releases
+ awk  NR==1 { print $2 }
+ LATEST_RELEASE=2026.2.1
+ [ -n 1 ]
+ echo NOGIT set, skipping git operations.
NOGIT set, skipping git operations.
+ rm /tmp/tmp.XdUXcYfmM9
+ exit 0

Trust store release 2026.2.1

ef952d7

mitch292 self-requested a review February 9, 2026 21:01

mitch292 approved these changes Feb 9, 2026

View reviewed changes

mitch292 merged commit 67231c6 into master Feb 9, 2026
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trust store release 2026.2.1#368

Trust store release 2026.2.1#368
mitch292 merged 1 commit intomasterfrom
release/2026.2.1

jvaughan-cloudflare commented Feb 9, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

jvaughan-cloudflare commented Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

jvaughan-cloudflare commented Feb 9, 2026 •

edited

Loading