robstradling · May 1, 2020 21:03
diff --git a/how_many_cas_are_there.txt b/how_many_cas_are_there.txt
 AC Camerfirma, S.A.
 Actalis
 ADACOM S.A.
 Agencia Notarial de Certificación (ANCERT)
 Amazon Trust Services
 AOL
 Apple Inc.
 Asseco Data Systems S.A. (previously Unizeto Certum)
 Athens Exchange S.A. (Athex)
 Atos
 A-Trust
 Austrian Society for Data Protection (Arge Daten) (GlobalTrust)
 Autoridad de Certificación (ANF AC)
 Autoridad de Certificacion Firmaprofesional
 British Telecommunications plc
 Buypass
 Byte Computer S.A.
 Carillon Information Security Inc.
 CertEurope France
 Certicámara
 Certigna Root CA
 Certinomis / Docapost
 Certipost NV/SA, Verizon Terremark NV/SA, Zetes NV/SA, the Belgian Federal Public Service Policy and Support and the Belgian Home Affairs Federal Public Service
 Certipost s.a./n.v.
 CERTISIGN CERTIFICADORA DIGITAL
 certSIGN
 China Financial Certification Authority (CFCA)
 China Internet Network Information Center (CNNIC)
 Chunghwa Telecom
 CIBG, Uitvoeringsorganisatie van het\r\nMinisterie van Volksgezondheid, Welzijn\r\nen Sport
 Cisco
 Cleverbase ID B.V.
 Collegio de Registradores Mercantile (Spanish Property & Commerce Registry)
 ComSign
 CONSEJO GENERAL DE COLEGIOS\r\nOFICIALES DE MEDICOS
 Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert)
 CrossTrust
 Cybertrust Japan / JCSI
 DarkMatter
 DATEV eG
 Department of Defence Australia
 Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe)
 Deutsche Telekom
 DFN-Verein
 Dhimyotis / Certigna
 DigiCert
 Digidentity B.V.
 DigitalSign
 Digital Signature Trust Co.
 DigitalSign – Certificadora Digital, SA
 Disig, a.s.
 DocuSign (OpenTrust/Keynectis)
 D-TRUST GmbH
 Echoworx
 EDICOM
 EINS/PKI
 eMudhra Technologies Limited
 Entrust
 e-tugra
 Financijska agencija (Fina)
 FujiSSL
 Global Digital Cybersecurity Authority Co., Ltd.
 GlobalSign
 GoDaddy
 Google Trust Services LLC (GTS)
 Government of Brazil, Instituto Nacional de Tecnologia da Informação (ITI)
 Government of Finland, Population Register Centre’s (Väestörekisterikeskus, VRK)
 Government of France (ANSSI, DCSSI)
 Government of Hong Kong (SAR), Hongkong Post, Certizen
 Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)
 Government of Japan, Ministry of Internal Affairs and Communications
 Government of Korea, KLID
 Government of Latvia, Latvian State Radio & Television Centre (LVRTC)
 Government of Lithuania, Registru Centras
 Government of Mexico, Autoridad Certificadora Raiz de la Secretaria de Economia
 Government of Portugal, Sistema de Certificação Electrónica do Estado (SCEE) / Electronic Certification System of the State
 Government of Saudi Arabia, NCDC
 Government of South Africa, Post Office Trust Centre
 Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)
 Government of Spain, Dirección General de la Policía – Ministerio del Interior – España.
 Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)
 Government of Sweden (Försäkringskassan)
 Government of Taiwan, Government Root Certification Authority (GRCA)
 Government of The Netherlands, PKIoverheid (Logius)
 Government of Tunisia, Agence National de Certification Electronique / National Digital Certification Agency (ANCE/NDCA)
 Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)
 Government of Uruguay, Agency for E-Government and Information Society (AGESIC)
 Government of Venezuela, Superintendencia de Servicios de Certificación Electrónica (SUSCERTE)
 Halcom D.D.
 HARICA
 IdenTrust Services, LLC
 Inera AB (SITHS)
 INFOCERT Spa
 Internet Security Research Group (ISRG)
 Intesa Sanpaolo S.p.A.
 iTrusChina Co., Ltd.
 IVNOSYS SOLUCIONES S.L.
 Izenpe S.A.
 Japan Local Authority Information Systems (J-LIS)
 JPRS
 KDDI
 Korea Electronic Certification Authority, Inc. (“CrossCert”)
 Korea Information Security Agency (KISA)
 KPN B.V.
 Krajowa Izba Rozliczeniowa S.A. (KIR)
 LAWtrust
 LAW Trusted Third Party (Pty) Ltd
 LuxTrust
 Microsec
 Microsoft Corporation
 Ministerie van Defensie
 Ministry of Economic Affairs
 Ministry of Health and Welfare
 Ministry of Interior Affairs
 MSC Trustgate.com Sdn. Bhd.
 MULTICERT
 National Development Council
 NAVER Business Platform, Corp. (NBP)
 NetLock Ltd.
 Netrust Ptd Ltd
 Nets DanID
 NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.
 NLB Nova Ljubljanska Banka d.d. Ljubljana
 Notarius
 OISTE
 Open Access Technology International, Inc. (OATI)
 Orange Polska S.A.
 Personal I.D. LTD
 Pos Digicert Sdn. Bhd (Malaysia)
 Post of Serbia
 Post of Slovenia
 PostSignum operated by Ceska posta s.p. (Czech Post)
 PROCERT
 První certifikační autorita, a.s.
 QuoVadis
 Red Abogacía
 SECOM
 Sectigo
 SecureTrust
 Shanghai Electronic Certification Authority Co., Ltd. (SHECA)
 Siemens
 SIGNE, S.A.
 SI-TRUST
 Skaitmeninio sertifikavimo centras (SSC)
 SK ID Solutions AS
 SSL.com
 Start Commercial (StartCom) Ltd.
 Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)
 Swisscom (Switzerland) Ltd
 SwissSign AG
 Taiwan-CA Inc. (TWCA)
 Telekom Applied Business Malaysia (TMCA)
 Telia Company (formerly TeliaSonera)
 Thailand National Root Certificate Authority (Electronic Transactions Development Agency)
 The Uruguayan Post, “El Correo Uruguayo”
 TrustCor Systems
 TrustFactory(Pty)Ltd
 Trustis
 TRUST ITALIA S.p.A.
 T-Systems International GmbH (Deutsche Telekom)
 TurkTrust
 Unisys Corporation
 U.S. Federal Public Key Infrastructure (US FPKI)
 Verizon Terremark NV
 Visa
 Web.com
 Wells Fargo Bank N.A.
 WISeKey
 WoSign CA Limited
 Zetes

 NOTES:
 The list above of currently trusted Certification Authority organizations was generated by running the SQL query below on crt.sh, then by manually removing likely duplicates.  SUBORDINATE_CA_OWNER is self-reported by a "parent" CA organization in the CCADB when the "child" CA is self-operated rather than fully managed by the "parent" CA.  INCLUDED_CERTIFICATE_OWNER is defined by the CCADB administrators (i.e., the browser/OS root program managers) for each trusted root, and crt.sh flows this information down to the subordinate CAs.  ISSUER_O, which is the organizationName from the CA certificate's Issuer DN, is a fallback for a handful of cases where the CCADB doesn't currently list an INCLUDED_CERTIFICATE_OWNER.

 SELECT coalesce(coalesce(nullif(trim(cc.SUBORDINATE_CA_OWNER), ''), trim(cc.INCLUDED_CERTIFICATE_OWNER)), cc.ISSUER_O)
  FROM ccadb_certificate cc, certificate c
  WHERE cc.CERTIFICATE_ID = c.ID
    AND EXISTS (
      SELECT 1
        FROM ca_trust_purpose ctp
        WHERE ctp.TRUST_CONTEXT_ID IN (1,5,12,23,25)  -- Microsoft, Mozilla, Apple, Java, 360 Browser.
          AND ctp.TRUST_PURPOSE_ID IN (1,3,4)         -- Server Authentication, Secure Email, Code Signing.
          AND ctp.CA_ID = c.ISSUER_CA_ID
          AND ctp.IS_TIME_VALID
          AND NOT (ctp.ALL_CHAINS_REVOKED_VIA_ONECRL AND ctp.ALL_CHAINS_REVOKED_VIA_CRLSET AND ctp.ALL_CHAINS_REVOKED_VIA_DISALLOWEDSTL)
    )
  GROUP BY coalesce(coalesce(nullif(trim(cc.SUBORDINATE_CA_OWNER), ''), trim(cc.INCLUDED_CERTIFICATE_OWNER)), cc.ISSUER_O);
	AC Camerfirma, S.A.
	Actalis
	ADACOM S.A.
	Agencia Notarial de Certificación (ANCERT)
	Amazon Trust Services
	AOL
	Apple Inc.
	Asseco Data Systems S.A. (previously Unizeto Certum)
	Athens Exchange S.A. (Athex)
	Atos
	A-Trust
	Austrian Society for Data Protection (Arge Daten) (GlobalTrust)
	Autoridad de Certificación (ANF AC)
	Autoridad de Certificacion Firmaprofesional
	British Telecommunications plc
	Buypass
	Byte Computer S.A.
	Carillon Information Security Inc.
	CertEurope France
	Certicámara
	Certigna Root CA
	Certinomis / Docapost
	Certipost NV/SA, Verizon Terremark NV/SA, Zetes NV/SA, the Belgian Federal Public Service Policy and Support and the Belgian Home Affairs Federal Public Service
	Certipost s.a./n.v.
	CERTISIGN CERTIFICADORA DIGITAL
	certSIGN
	China Financial Certification Authority (CFCA)
	China Internet Network Information Center (CNNIC)
	Chunghwa Telecom
	CIBG, Uitvoeringsorganisatie van het\r\nMinisterie van Volksgezondheid, Welzijn\r\nen Sport
	Cisco
	Cleverbase ID B.V.
	Collegio de Registradores Mercantile (Spanish Property & Commerce Registry)
	ComSign
	CONSEJO GENERAL DE COLEGIOS\r\nOFICIALES DE MEDICOS
	Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert)
	CrossTrust
	Cybertrust Japan / JCSI
	DarkMatter
	DATEV eG
	Department of Defence Australia
	Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe)
	Deutsche Telekom
	DFN-Verein
	Dhimyotis / Certigna
	DigiCert
	Digidentity B.V.
	DigitalSign
	Digital Signature Trust Co.
	DigitalSign – Certificadora Digital, SA
	Disig, a.s.
	DocuSign (OpenTrust/Keynectis)
	D-TRUST GmbH
	Echoworx
	EDICOM
	EINS/PKI
	eMudhra Technologies Limited
	Entrust
	e-tugra
	Financijska agencija (Fina)
	FujiSSL
	Global Digital Cybersecurity Authority Co., Ltd.
	GlobalSign
	GoDaddy
	Google Trust Services LLC (GTS)
	Government of Brazil, Instituto Nacional de Tecnologia da Informação (ITI)
	Government of Finland, Population Register Centre’s (Väestörekisterikeskus, VRK)
	Government of France (ANSSI, DCSSI)
	Government of Hong Kong (SAR), Hongkong Post, Certizen
	Government of India, Ministry of Communications & Information Technology, Controller of Certifying Authorities (CCA)
	Government of Japan, Ministry of Internal Affairs and Communications
	Government of Korea, KLID
	Government of Latvia, Latvian State Radio & Television Centre (LVRTC)
	Government of Lithuania, Registru Centras
	Government of Mexico, Autoridad Certificadora Raiz de la Secretaria de Economia
	Government of Portugal, Sistema de Certificação Electrónica do Estado (SCEE) / Electronic Certification System of the State
	Government of Saudi Arabia, NCDC
	Government of South Africa, Post Office Trust Centre
	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)
	Government of Spain, Dirección General de la Policía – Ministerio del Interior – España.
	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)
	Government of Sweden (Försäkringskassan)
	Government of Taiwan, Government Root Certification Authority (GRCA)
	Government of The Netherlands, PKIoverheid (Logius)
	Government of Tunisia, Agence National de Certification Electronique / National Digital Certification Agency (ANCE/NDCA)
	Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM)
	Government of Uruguay, Agency for E-Government and Information Society (AGESIC)
	Government of Venezuela, Superintendencia de Servicios de Certificación Electrónica (SUSCERTE)
	Halcom D.D.
	HARICA
	IdenTrust Services, LLC
	Inera AB (SITHS)
	INFOCERT Spa
	Internet Security Research Group (ISRG)
	Intesa Sanpaolo S.p.A.
	iTrusChina Co., Ltd.
	IVNOSYS SOLUCIONES S.L.
	Izenpe S.A.
	Japan Local Authority Information Systems (J-LIS)
	JPRS
	KDDI
	Korea Electronic Certification Authority, Inc. (“CrossCert”)
	Korea Information Security Agency (KISA)
	KPN B.V.
	Krajowa Izba Rozliczeniowa S.A. (KIR)
	LAWtrust
	LAW Trusted Third Party (Pty) Ltd
	LuxTrust
	Microsec
	Microsoft Corporation
	Ministerie van Defensie
	Ministry of Economic Affairs
	Ministry of Health and Welfare
	Ministry of Interior Affairs
	MSC Trustgate.com Sdn. Bhd.
	MULTICERT
	National Development Council
	NAVER Business Platform, Corp. (NBP)
	NetLock Ltd.
	Netrust Ptd Ltd
	Nets DanID
	NISZ Nemzeti Infokommunikációs Szolgáltató Zrt.
	NLB Nova Ljubljanska Banka d.d. Ljubljana
	Notarius
	OISTE
	Open Access Technology International, Inc. (OATI)
	Orange Polska S.A.
	Personal I.D. LTD
	Pos Digicert Sdn. Bhd (Malaysia)
	Post of Serbia
	Post of Slovenia
	PostSignum operated by Ceska posta s.p. (Czech Post)
	PROCERT
	První certifikační autorita, a.s.
	QuoVadis
	Red Abogacía
	SECOM
	Sectigo
	SecureTrust
	Shanghai Electronic Certification Authority Co., Ltd. (SHECA)
	Siemens
	SIGNE, S.A.
	SI-TRUST
	Skaitmeninio sertifikavimo centras (SSC)
	SK ID Solutions AS
	SSL.com
	Start Commercial (StartCom) Ltd.
	Swiss BIT, Swiss Federal Office of Information Technology, Systems and Telecommunication (FOITT)
	Swisscom (Switzerland) Ltd
	SwissSign AG
	Taiwan-CA Inc. (TWCA)
	Telekom Applied Business Malaysia (TMCA)
	Telia Company (formerly TeliaSonera)
	Thailand National Root Certificate Authority (Electronic Transactions Development Agency)
	The Uruguayan Post, “El Correo Uruguayo”
	TrustCor Systems
	TrustFactory(Pty)Ltd
	Trustis
	TRUST ITALIA S.p.A.
	T-Systems International GmbH (Deutsche Telekom)
	TurkTrust
	Unisys Corporation
	U.S. Federal Public Key Infrastructure (US FPKI)
	Verizon Terremark NV
	Visa
	Web.com
	Wells Fargo Bank N.A.
	WISeKey
	WoSign CA Limited
	Zetes

	NOTES:
	The list above of currently trusted Certification Authority organizations was generated by running the SQL query below on crt.sh, then by manually removing likely duplicates. SUBORDINATE_CA_OWNER is self-reported by a "parent" CA organization in the CCADB when the "child" CA is self-operated rather than fully managed by the "parent" CA. INCLUDED_CERTIFICATE_OWNER is defined by the CCADB administrators (i.e., the browser/OS root program managers) for each trusted root, and crt.sh flows this information down to the subordinate CAs. ISSUER_O, which is the organizationName from the CA certificate's Issuer DN, is a fallback for a handful of cases where the CCADB doesn't currently list an INCLUDED_CERTIFICATE_OWNER.

	SELECT coalesce(coalesce(nullif(trim(cc.SUBORDINATE_CA_OWNER), ''), trim(cc.INCLUDED_CERTIFICATE_OWNER)), cc.ISSUER_O)
	FROM ccadb_certificate cc, certificate c
	WHERE cc.CERTIFICATE_ID = c.ID
	AND EXISTS (
	SELECT 1
	FROM ca_trust_purpose ctp
	WHERE ctp.TRUST_CONTEXT_ID IN (1,5,12,23,25) -- Microsoft, Mozilla, Apple, Java, 360 Browser.
	AND ctp.TRUST_PURPOSE_ID IN (1,3,4) -- Server Authentication, Secure Email, Code Signing.
	AND ctp.CA_ID = c.ISSUER_CA_ID
	AND ctp.IS_TIME_VALID
	AND NOT (ctp.ALL_CHAINS_REVOKED_VIA_ONECRL AND ctp.ALL_CHAINS_REVOKED_VIA_CRLSET AND ctp.ALL_CHAINS_REVOKED_VIA_DISALLOWEDSTL)
	)
	GROUP BY coalesce(coalesce(nullif(trim(cc.SUBORDINATE_CA_OWNER), ''), trim(cc.INCLUDED_CERTIFICATE_OWNER)), cc.ISSUER_O);