Skip to content

Instantly share code, notes, and snippets.

@javabrett

javabrett/README.md

Last active November 24, 2023 05:01
Show Gist options
  • Save javabrett/dc30f5f465c69df273f007324f98b17e to your computer and use it in GitHub Desktop.
Save javabrett/dc30f5f465c69df273f007324f98b17e to your computer and use it in GitHub Desktop.
Download ZIP
Node JS Script to decode and print all certificates in the tls.rootCertificates store
Raw
README.md

Node JS Script to decode and print all certificates in the tls.rootCertificates store

How to run against a standard Node JS Docker image:

docker run -it --rm -v "$PWD":/usr/src/app -w /usr/src/app node node-js-print-ca-certs.js

Example output:

C = RO, O = CERTSIGN SA, OU = certSIGN ROOT CA G2

C = HU, L = Budapest, O = Microsec Ltd., organizationIdentifier = VATHU-23584497, CN = e-Szigno Root CA 2017

C = US, O = Microsoft Corporation, CN = Microsoft RSA Root Certificate Authority 2017

C = US, O = Microsoft Corporation, CN = Microsoft ECC Root Certificate Authority 2017

C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4

C = HK, ST = Hong Kong, L = Hong Kong, O = Hongkong Post, CN = Hongkong Post Root CA 3

C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign ECC Root CA - C3

C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign Root CA - C1

C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign ECC Root CA - G3

C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign Root CA - G1

C = FR, O = Dhimyotis, OU = 0002 48146308100036, CN = Certigna Root CA

C = CN, O = UniTrust, CN = UCA Extended Validation Root

C = CN, O = UniTrust, CN = UCA Global G2 Root

C = US, O = Google Trust Services LLC, CN = GTS Root R4

C = US, O = Google Trust Services LLC, CN = GTS Root R3

C = US, O = Google Trust Services LLC, CN = GTS Root R2

C = US, O = Google Trust Services LLC, CN = GTS Root R1

C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GC CA

OU = GlobalSign Root CA - R6, O = GlobalSign, CN = GlobalSign

C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority ECC

C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2

C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority ECC

C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority RSA

C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor ECA-1

C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-2

C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-1

C = TR, L = Gebze - Kocaeli, O = Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU = Kamu Sertifikasyon Merkezi - Kamu SM, CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1

C = CN, O = "GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN = GDCA TrustAUTH R5 ROOT

C = US, O = Amazon, CN = Amazon Root CA 4

C = US, O = Amazon, CN = Amazon Root CA 3

C = US, O = Amazon, CN = Amazon Root CA 2

C = US, O = Amazon, CN = Amazon Root CA 1

C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM

C = US, O = Internet Security Research Group, CN = ISRG Root X1

C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions ECC RootCA 2015

C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2015

C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA 2

C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA2

C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GB CA

C = CN, O = China Financial Certification Authority, CN = CFCA EV ROOT

C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1

C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2

C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1

C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1

C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden EV Root CA

C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3

OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign

OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign

C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority

C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3

C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority

C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2

C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3

C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3

CN = Atos TrustedRoot 2011, O = Atos, C = DE

C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2

C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority

O = TeliaSonera, CN = TeliaSonera Root CA v1

C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Global Root CA

CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES

C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R2

C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009

C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009

C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee

C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3

C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA

C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA

C = GB, O = Trustis Limited, OU = Trustis FPS Root CA

C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA

C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011

C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC

C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2

C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority

C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA

C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC

C = US, O = AffirmTrust, CN = AffirmTrust Premium

C = US, O = AffirmTrust, CN = AffirmTrust Networking

C = US, O = AffirmTrust, CN = AffirmTrust Commercial

C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2

C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2

C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2

C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008

C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008

C = ES, O = IZENPE S.A., CN = Izenpe.com

C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068

OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign

C = HU, L = Budapest, O = Microsec Ltd., CN = Microsec e-Szigno Root CA 2009, emailAddress = info@e-szigno.hu

C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11

C = HK, O = Hongkong Post, CN = Hongkong Post Root CA 1

C = HU, L = Budapest, O = NetLock Kft., OU = Tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3k (Certification Services), CN = NetLock Arany (Class Gold) F\C5\91tan\C3\BAs\C3\ADtv\C3\A1ny

C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4

C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority

C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2

C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3

C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2

C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3

C = RO, O = certSIGN, OU = certSIGN ROOT CA

C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority

O = "Cybertrust, Inc", CN = Cybertrust Global Root

C = FR, O = Dhimyotis, CN = Certigna

C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority

C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA

C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority

C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO Certification Authority

C = US, O = SecureTrust Corporation, CN = Secure Global CA

C = US, O = SecureTrust Corporation, CN = SecureTrust CA

C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA

C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5

C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2

C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority

C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2

O = Digital Signature Trust Co., CN = DST Root CA X3

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA

C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA

C = TW, O = Government Root Certification Authority

C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority

C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority

C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority

C = FI, O = Sonera, CN = Sonera Class2 CA

C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1

C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3

C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2

C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority

C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services

C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2

C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA

C = US, O = GeoTrust Inc., CN = GeoTrust Global CA

C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority

O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)

C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign

C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
Raw
node-js-print-ca-certs.js
const tls = require('tls')
const { spawn } = require('child_process');
tls.rootCertificates.forEach(function(value){
const child = spawn('openssl', ['x509', '-subject', '-noout']);
child.stdin.write(value);
let data = '';
child.stdout.setEncoding('utf-8');
child.stdout.on('data', (chunk) => {
data += chunk
});
child.on('close', () => {
const subject = data.replace(/^subject=/, '');
console.log(subject);
});
child.stdin.end();
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment