testssl
diff --git a/‎etc/Apple.pem‎
Lines changed: 173 additions & 304 deletions b/‎etc/Apple.pem‎
Lines changed: 173 additions & 304 deletions
diff --git a/‎etc/Java.pem‎
Lines changed: 2066 additions & 1933 deletions b/‎etc/Java.pem‎
Lines changed: 2066 additions & 1933 deletions
diff --git a/‎etc/Linux.pem‎
Lines changed: 328 additions & 357 deletions b/‎etc/Linux.pem‎
Lines changed: 328 additions & 357 deletions
diff --git a/‎etc/Microsoft.pem‎
Lines changed: 556 additions & 142 deletions b/‎etc/Microsoft.pem‎
Lines changed: 556 additions & 142 deletions
diff --git a/‎etc/Mozilla.pem‎
Lines changed: 160 additions & 191 deletions b/‎etc/Mozilla.pem‎
Lines changed: 160 additions & 191 deletions
diff --git a/‎etc/README.md‎
Lines changed: 3 additions & 2 deletions b/‎etc/README.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎etc/ca_hashes.txt‎
Lines changed: 22 additions & 4 deletions b/‎etc/ca_hashes.txt‎
Lines changed: 22 additions & 4 deletions
@@ -5,7 +5,7 @@ The certificate trust stores were retrieved from
 
 * **Linux:** Copied from an up-to-date Debian Linux machine
 * **Mozilla:** https://curl.haxx.se/docs/caextract.html
-* **Java:** extracted (``keytool -list -rfc -keystore <file> | grep -E -v '^$|^\*\*\*\*\*|^Entry |^Creation |^Alias '``) from a JRE 8 from https://jdk.java.net/ (previously JRE keystore extracted from $JAVA_HOME/jre/lib/security/cacerts using Linux)
+* **Java:** extracted (``keytool -list -rfc -keystore lib/security/cacerts | grep -E -v '^$|^\*\*\*\*\*|^Entry |^Creation |^Alias '``) from a JDK 15 from https://jdk.java.net/. (use dos2unix).
 * **Microsoft:** Following command pulls all certificates from Windows Update services: ``CertUtil -syncWithWU -f -f . `` (see also http://aka.ms/RootCertDownload, https://technet.microsoft.com/en-us/library/dn265983(v=ws.11).aspx#BKMK_CertUtilOptions).
 * **Apple:**
     1. __System:__ from Apple OS X keychain app.  Open Keychain Access utility, i.e.
@@ -14,7 +14,8 @@ The certificate trust stores were retrieved from
   --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
   --> "Category" --> "All Items"
   Select all CA certificates except for Developer ID Certification Authority,  "File" --> "Export Items"
-    2. __Internet:__ Pick the latest subdir from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension.
+    2. __Internet:__ Pick the latest subdir (=highest number) from https://opensource.apple.com/source/security_certificates/. They are in DER format despite their file extension. Download them with ``wget --level=1 --cut-dirs=5  --mirror --convert-links --adjust-extension --page-requisites  --no-parent https://opensource.apple.com/source/security_certificates/security_certificates-*/certificates/roots/``
+
 
 Google Chromium uses basically the trust stores above, see https://www.chromium.org/Home/chromium-security/root-ca-policy.