restructured CA list, removed redundancies, indentation cleanup

hhund · hhund · commit 03626a99c3cc · 2025-10-21T17:19:00.000+02:00
diff --git a/docs/src/operations/v1.9.0/root-certificates.md b/docs/src/operations/v1.9.0/root-certificates.md
@@ -63,146 +63,132 @@ Use the following environment variable to configure non default .pem files or ov
 ## List of Default Trusted Certificate Authorities
 If not mentioned explicitly, issuing CAs listed will sign X.509 certificates with [Extended Key Usage](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12) entries `TLS WWW server authentication` and `TLS WWW client authentication`.
 
-### CAs Trusted by Common Web Browsers and Operating Systems
-
 * Root CA: **HARICA TLS ECC Root CA 2021**
   Info: https://crt.sh/?caid=202185
   X509 Certificate: https://crt.sh/?id=4147045948
   Not after: Feb 13 11:01:09 2045 GMT
-    * Issuing CA: **GEANT TLS ECC 1**
-      Info: https://crt.sh/?caid=390050
-      X509 Certificate: https://crt.sh/?id=16099180990
-      Not after: Dec 31 11:14:20 2039 GMT
-    * Issuing CA: **HARICA OV TLS ECC**
-      Info: https://crt.sh/?caid=207661
-      X509 Certificate: https://crt.sh/?id=4442848530
-      Not after: Mar 15 09:33:51 2036 GMT
+  * Issuing CA: **GEANT TLS ECC 1**
+    Info: https://crt.sh/?caid=390050
+    X509 Certificate: https://crt.sh/?id=16099180990
+    Not after: Dec 31 11:14:20 2039 GMT
+  * Issuing CA: **HARICA OV TLS ECC**
+    Info: https://crt.sh/?caid=207661
+    X509 Certificate: https://crt.sh/?id=4442848530
+    Not after: Mar 15 09:33:51 2036 GMT
 * Root CA: **HARICA TLS RSA Root CA 2021**
   Info: https://crt.sh/?caid=202184
   X509 Certificate: https://crt.sh/?id=4147041876
   Not after: Feb 13 10:55:37 2045 GMT
-    * Issuing CA: **GEANT TLS RSA 1**
-      Info: https://crt.sh/?caid=390054
-      X509 Certificate: https://crt.sh/?id=16099180997
-      Not after: Dec 31 11:14:59 2039 GMT
-    * Issuing CA: **HARICA OV TLS RSA**
-      Info: https://crt.sh/?caid=207660
-      X509 Certificate: https://crt.sh/?id=4442848529
-      Not after: Mar 15 09:34:16 2036 GMT
+  * Issuing CA: **GEANT TLS RSA 1**
+    Info: https://crt.sh/?caid=390054
+    X509 Certificate: https://crt.sh/?id=16099180997
+    Not after: Dec 31 11:14:59 2039 GMT
+  * Issuing CA: **HARICA OV TLS RSA**
+    Info: https://crt.sh/?caid=207660
+    X509 Certificate: https://crt.sh/?id=4442848529
+    Not after: Mar 15 09:34:16 2036 GMT
 * Root CA: **HARICA Client ECC Root CA 2021**
   Info: https://crt.sh/?caid=202189
   X509 Certificate: https://crt.sh/?id=4147052292
   Not after: Feb 13 11:03:33 2045 GMT
-    * Issuing CA: **GEANT S/MIME ECC 1** [client/smime certificates only]
-      Info: https://crt.sh/?caid=390048
-      X509 Certificate: https://crt.sh/?id=16099180988
-      Not after: Dec 31 11:11:39 2039 GMT
-    * Issuing CA: **HARICA S/MIME ECC** [client/smime certificates only]
-      Info: https://crt.sh/?caid=207659
-      X509 Certificate: https://crt.sh/?id=4442848523
-      Not after: Mar 15 09:36:57 2036 GMT
+  * Issuing CA: **GEANT S/MIME ECC 1** [client/smime certificates only]
+    Info: https://crt.sh/?caid=390048
+    X509 Certificate: https://crt.sh/?id=16099180988
+    Not after: Dec 31 11:11:39 2039 GMT
+  * Issuing CA: **HARICA S/MIME ECC** [client/smime certificates only]
+    Info: https://crt.sh/?caid=207659
+    X509 Certificate: https://crt.sh/?id=4442848523
+    Not after: Mar 15 09:36:57 2036 GMT
+  * Issuing CA: **HARICA Client Authentication ECC** [client certificates only]
+    Info: https://crt.sh/?caid=207671
+    X509 Certificate: https://crt.sh/?id=4442848518
+    Not after: Mar 15 09:17:38 2036 GMT
 * Root CA: **HARICA Client RSA Root CA 2021**
   Info: https://crt.sh/?caid=202188
   X509 Certificate: https://crt.sh/?id=4147049674
   Not after: Feb 13 10:58:45 2045 GMT
-    * Issuing CA: **GEANT S/MIME RSA 1** [client/smime certificates only]
-      Info: https://crt.sh/?caid=390049
-      X509 Certificate: https://crt.sh/?id=16099180989
-      Not after: Dec 31 11:13:07 2039 GMT
-    * Issuing CA: **HARICA S/MIME RSA** [client/smime certificates only]
-      Info: https://crt.sh/?caid=207658
-      X509 Certificate: https://crt.sh/?id=4442848517
-      Not after: Mar 15 09:37:37 2036 GMT
+  * Issuing CA: **GEANT S/MIME RSA 1** [client/smime certificates only]
+    Info: https://crt.sh/?caid=390049
+    X509 Certificate: https://crt.sh/?id=16099180989
+    Not after: Dec 31 11:13:07 2039 GMT
+  * Issuing CA: **HARICA S/MIME RSA** [client/smime certificates only]
+    Info: https://crt.sh/?caid=207658
+    X509 Certificate: https://crt.sh/?id=4442848517
+    Not after: Mar 15 09:37:37 2036 GMT
+  * Issuing CA: **HARICA Client Authentication RSA** [client certificates only]
+    Info: https://crt.sh/?caid=207670
+    X509 Certificate: https://crt.sh/?id=4442848531
+    Not after: Mar 15 09:19:36 2036 GMT
 * Root CA: **T-TeleSec GlobalRoot Class 2** [will be removed in a future release, incl. derived CAs]
   Info: https://crt.sh/?caid=6068
   X509 Certificate: https://crt.sh/?id=8733622
   Not after: Oct 1 23:59:59 2033 GMT
-    * Intermediate Root CA: **DFN-Verein Certification Authority 2**
-      Info: https://crt.sh/?caid=22818
-      X509 Certificate: https://crt.sh/?id=23908438
-      Not after: Feb 22 23:59:59 2031 GMT
-      * Issuing CA: **DFN-Verein Global Issuing CA** [existing, still valid client certificates, no new certificates]
-        Info: https://crt.sh/?caid=23770
-        X509 Certificate: https://crt.sh/?id=25484751
-        Not after: Feb 22 23:59:59 2031 GMT
-      * Issuing CA: **Fraunhofer User CA - G02** [existing, still valid client certificates, no new certificates]
-        Info: https://crt.sh/?caid=23772
-        X509 Certificate: https://crt.sh/?id=25484789
-        Not after: Feb 22 23:59:59 2031 GMT
+  * Intermediate Root CA: **DFN-Verein Certification Authority 2**
+    Info: https://crt.sh/?caid=22818
+    X509 Certificate: https://crt.sh/?id=23908438
+    Not after: Feb 22 23:59:59 2031 GMT
+   * Issuing CA: **DFN-Verein Global Issuing CA** [existing, still valid client certificates, no new certificates]
+     Info: https://crt.sh/?caid=23770
+     X509 Certificate: https://crt.sh/?id=25484751
+     Not after: Feb 22 23:59:59 2031 GMT
+   * Issuing CA: **Fraunhofer User CA - G02** [existing, still valid client certificates, no new certificates]
+     Info: https://crt.sh/?caid=23772
+     X509 Certificate: https://crt.sh/?id=25484789
+     Not after: Feb 22 23:59:59 2031 GMT
 * Root CA: **D-TRUST Root Class 3 CA 2 2009**
   Info: https://crt.sh/?caid=712
   X509 Certificate: https://crt.sh/?id=133226
   Not after: Nov 5 08:35:58 2029 GMT
-    * Issuing CA: **D-TRUST SSL Class 3 CA 1 2009** [server certificates via TMF e.V.]
-      Info: https://crt.sh/?caid=713
-      X509 Certificate: https://crt.sh/?id=133227
-      Not after: Nov 5 08:35:58 2029 GMT
+   * Issuing CA: **D-TRUST SSL Class 3 CA 1 2009** [server certificates via TMF e.V.]
+     Info: https://crt.sh/?caid=713
+     X509 Certificate: https://crt.sh/?id=133227
+     Not after: Nov 5 08:35:58 2029 GMT
 * Root CA: **USERTrust ECC Certification Authority** [will be removed in a future release, incl. derived CAs]
   Info: https://crt.sh/?caid=1390
   X509 Certificate: https://crt.sh/?id=2841410
   Not after: Jan 18 23:59:59 2038 GMT
-    * Issuing CA: **Sectigo ECC Organization Validation Secure Server CA**
-      Info: https://crt.sh/?caid=105483
-      X509 Certificate: https://crt.sh/?id=924467859
-      Not after: Dec 31 23:59:59 2030 GMT
-    * Issuing CA: **GEANT OV ECC CA 4**
-      Info: https://crt.sh/?caid=160140
-      X509 Certificate: https://crt.sh/?id=2475254970
-    * Issuing CA: **GEANT Personal ECC CA 4** [client/smime certificates only]
-      Info: https://crt.sh/?caid=160136
-      X509 Certificate: https://crt.sh/?id=2475254903
-      Not after: May 1 23:59:59 2033 GMT
-    * Issuing CA: **GEANT eScience Personal ECC CA 4** [client/smime certificates only]
-      Info: https://crt.sh/?caid=160138
-      X509 Certificate: https://crt.sh/?id=2475254888
-      Not after: May 1 23:59:59 2033 GMT
+  * Issuing CA: **Sectigo ECC Organization Validation Secure Server CA**
+    Info: https://crt.sh/?caid=105483
+    X509 Certificate: https://crt.sh/?id=924467859
+    Not after: Dec 31 23:59:59 2030 GMT
+  * Issuing CA: **GEANT OV ECC CA 4**
+    Info: https://crt.sh/?caid=160140
+    X509 Certificate: https://crt.sh/?id=2475254970
+  * Issuing CA: **GEANT Personal ECC CA 4** [client/smime certificates only]
+    Info: https://crt.sh/?caid=160136
+    X509 Certificate: https://crt.sh/?id=2475254903
+    Not after: May 1 23:59:59 2033 GMT
+  * Issuing CA: **GEANT eScience Personal ECC CA 4** [client/smime certificates only]
+    Info: https://crt.sh/?caid=160138
+    X509 Certificate: https://crt.sh/?id=2475254888
+    Not after: May 1 23:59:59 2033 GMT
 * Root CA: **USERTrust RSA Certification Authority** [will be removed in a future release, incl. derived CAs]
   Info: https://crt.sh/?caid=1167
   X509 Certificate: https://crt.sh/?id=1199354
   Not after: Jan 18 23:59:59 2038 GMT
-    * Issuing CA: **Sectigo RSA Organization Validation Secure Server CA**
-      Info: https://crt.sh/?caid=105487
-      X509 Certificate: https://crt.sh/?id=924467857
-      Not after: Dec 31 23:59:59 2030 GMT
-    * Issuing CA: **GEANT OV RSA CA 4**
-      Info: https://crt.sh/?caid=160137
-      X509 Certificate: https://crt.sh/?id=2475254782
-      Not after: May 1 23:59:59 2033 GMT
-    * Issuing CA: **GEANT Personal CA 4** [client/smime certificates only]
-      Info: https://crt.sh/?caid=160144
-      X509 Certificate: https://crt.sh/?id=2475255043
-      Not after: May 1 23:59:59 2033 GMT
-    * Issuing CA: **GEANT eScience Personal CA 4** [client/smime certificates only]
-      Info: https://crt.sh/?caid=160134
-      X509 Certificate: https://crt.sh/?id=2475253350
-      Not after: May 1 23:59:59 2033 GMT
-
-### Other CAs
-
-* Root CA: **HARICA Client ECC Root CA 2021**
-  Info: https://crt.sh/?caid=202189
-  X509 Certificate: https://crt.sh/?id=4147052292
-  Not after: Feb 13 11:03:33 2045 GMT
-  * Issuing CA: **HARICA Client Authentication ECC** [client certificates only]
-    Info: https://crt.sh/?caid=207671
-    X509 Certificate: https://crt.sh/?id=4442848518
-    Not after: Mar 15 09:17:38 2036 GMT
-* Root CA: **HARICA Client RSA Root CA 2021**
-  Info: https://crt.sh/?caid=202188
-  X509 Certificate: https://crt.sh/?id=4147049674
-  Not after: Feb 13 10:58:45 2045 GMT
-  * Issuing CA: **HARICA Client Authentication RSA** [client certificates only]
-    Info: https://crt.sh/?caid=207670
-    X509 Certificate: https://crt.sh/?id=4442848531
-    Not after: Mar 15 09:19:36 2036 GMT
-
+  * Issuing CA: **Sectigo RSA Organization Validation Secure Server CA**
+    Info: https://crt.sh/?caid=105487
+    X509 Certificate: https://crt.sh/?id=924467857
+    Not after: Dec 31 23:59:59 2030 GMT
+  * Issuing CA: **GEANT OV RSA CA 4**
+    Info: https://crt.sh/?caid=160137
+    X509 Certificate: https://crt.sh/?id=2475254782
+    Not after: May 1 23:59:59 2033 GMT
+  * Issuing CA: **GEANT Personal CA 4** [client/smime certificates only]
+    Info: https://crt.sh/?caid=160144
+    X509 Certificate: https://crt.sh/?id=2475255043
+    Not after: May 1 23:59:59 2033 GMT
+  * Issuing CA: **GEANT eScience Personal CA 4** [client/smime certificates only]
+    Info: https://crt.sh/?caid=160134
+    X509 Certificate: https://crt.sh/?id=2475253350
+    Not after: May 1 23:59:59 2033 GMT
 * Root CA: **D-TRUST Limited Basic Root CA 1 2019**
   X509 Certificate: https://www.d-trust.net/cgi-bin/D-TRUST_Limited_Basic_Root_CA_1_2019.crt
   Not after: Jun 19 08:15:51 2034 GMT
-    * Issuing CA: **D-TRUST Limited Basic CA 1-2 2019** [client certificates via TMF e.V.]
-      X509 Certificate: https://www.d-trust.net/cgi-bin/D-TRUST_Limited_Basic_CA_1-2_2019.crt
-      Not after: Jun 19 08:15:51 2034 GMT
-    * Issuing CA: **D-TRUST Limited Basic CA 1-3 2019** [client certificates via TMF e.V.]
-      X509 Certificate: https://www.d-trust.net/cgi-bin/D-TRUST_Limited_Basic_CA_1-3_2019.crt
-      Not after: Jun 19 08:15:51 2034 GMT
+  * Issuing CA: **D-TRUST Limited Basic CA 1-2 2019** [client certificates via TMF e.V.]
+    X509 Certificate: https://www.d-trust.net/cgi-bin/D-TRUST_Limited_Basic_CA_1-2_2019.crt
+    Not after: Jun 19 08:15:51 2034 GMT
+  * Issuing CA: **D-TRUST Limited Basic CA 1-3 2019** [client certificates via TMF e.V.]
+    X509 Certificate: https://www.d-trust.net/cgi-bin/D-TRUST_Limited_Basic_CA_1-3_2019.crt
+    Not after: Jun 19 08:15:51 2034 GMT
 
