Block two retired DigiCert intermediates

Add two retired DigiCert intermediates to the certificate blacklist.

BUG=none
R=davidben@chromium.org

Review URL: https://codereview.chromium.org/1639613002

Cr-Commit-Position: refs/heads/master@{#371435}

net/cert/cert_verify_proc_blacklist.inc

@@ -5,7 +5,7 @@
 // The certificate(s) that were misissued, and which represent these SPKIs,
 // are stored within net/data/ssl/blacklist. Further details about the
 // rationale is documented in net/data/ssl/blacklist/README.md
-static const size_t kNumBlacklistedSPKIs = 32u;
+static const size_t kNumBlacklistedSPKIs = 34u;
 static const uint8_t
     kBlacklistedSPKIs[kNumBlacklistedSPKIs][crypto::kSHA256Length] = {
         // ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem
@@ -24,6 +24,10 @@ static const uint8_t
         {0x1a, 0xf5, 0x6c, 0x98, 0xff, 0x04, 0x3e, 0xf9, 0x2b, 0xeb, 0xff,
          0x54, 0xce, 0xbb, 0x4d, 0xd6, 0x7a, 0x25, 0xba, 0x95, 0x6c, 0x81,
          0x7f, 0x3e, 0x6d, 0xd3, 0xc1, 0xe5, 0x2e, 0xb5, 0x84, 0xc1},
+        // 2c998e761160c3b06d82faa9fdc7545d9bda9eb60310f992aa510a6280b74245.pem
+        {0x2c, 0x99, 0x8e, 0x76, 0x11, 0x60, 0xc3, 0xb0, 0x6d, 0x82, 0xfa,
+         0xa9, 0xfd, 0xc7, 0x54, 0x5d, 0x9b, 0xda, 0x9e, 0xb6, 0x03, 0x10,
+         0xf9, 0x92, 0xaa, 0x51, 0x0a, 0x62, 0x80, 0xb7, 0x42, 0x45},
         // 32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key
         {0x32, 0xec, 0xc9, 0x6f, 0x91, 0x2f, 0x96, 0xd8, 0x89, 0xe7, 0x30,
          0x88, 0xcd, 0x03, 0x1c, 0x7d, 0xed, 0x2c, 0x65, 0x1c, 0x80, 0x50,
@@ -80,6 +84,10 @@ static const uint8_t
         {0xa9, 0x03, 0xaf, 0x8c, 0x07, 0xbb, 0x91, 0xb0, 0xd9, 0xe3, 0xf3,
          0xa3, 0x0c, 0x6d, 0x53, 0x33, 0x9f, 0xc5, 0xbd, 0x47, 0xe5, 0xd6,
          0xbd, 0xb4, 0x76, 0x59, 0x88, 0x60, 0xc0, 0x68, 0xa0, 0x24},
+        // b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem
+        {0xb3, 0x18, 0x2e, 0x28, 0x9a, 0xe3, 0x4d, 0xdf, 0x2b, 0xe6, 0x43,
+         0xab, 0x79, 0xc2, 0x44, 0x30, 0x16, 0x05, 0xfa, 0x0f, 0x1e, 0xaa,
+         0xe6, 0xd1, 0x0f, 0xb9, 0x29, 0x60, 0x0a, 0xf8, 0x4d, 0xf0},
         // be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem
         {0xb4, 0xd5, 0xc9, 0x20, 0x41, 0x5e, 0xd0, 0xcc, 0x4f, 0x5d, 0xbc,
          0x7f, 0x54, 0x26, 0x36, 0x76, 0x2e, 0x80, 0xda, 0x66, 0x25, 0xf3,

net/data/ssl/blacklist/159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem

+-----BEGIN CERTIFICATE-----
+MIIEazCCA1OgAwIBAgIEBydxojANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTEyMDYyMDE4MzUxM1oX
+DTE5MDkxNDE4MzQwMFowQDELMAkGA1UEBhMCSlAxGDAWBgNVBAoTD0tlaW8gVW5p
+dmVyc2l0eTEXMBUGA1UEAxMOS0VJTyBVTklWLkNBIDIwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC29SQ+EENagPIalA0bYSZQe1gm2reJtuL/VggiVvut
+DXhlbQ8TwJaJpwikGRHPlqdUG5zEPIR4O9PLeiu6tswFmA22a2eKqHd5RFl1k13W
+gc+I+ovpKS1dFNCr/WxdqBSwQdwrMGacWYtVc8wcWZAyBqPHWNOvgbi6ikeDPdA9
+AjwD553WXZU1zh84Sgz3h/NR1yCGrX39qW8p7mlib4Qg8CWntye97Ni3Ohlqm/m6
+thfpIptjwr8xq6/LJjOcB/f9a0CqNuiZBVMyIp9m3tNlSifCneWX2X/+G1GdOK80
+plltHay6W029QQV67PbW4lqymn5cjtSunMJLbOt6Nhv/AgMBAAGjggFRMIIBTTAS
+BgNVHRMBAf8ECDAGAQH/AgEAMFMGA1UdIARMMEowSAYJKwYBBAGxPgEAMDswOQYI
+KwYBBQUHAgEWLWh0dHA6Ly9jeWJlcnRydXN0Lm9tbmlyb290LmNvbS9yZXBvc2l0
+b3J5LmNmbTAOBgNVHQ8BAf8EBAMCAQYwbwYDVR0jBGgwZqFepFwwWjELMAkGA1UE
+BhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEi
+MCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdIIEAgAAuTBCBgNVHR8E
+OzA5MDegNaAzhjFodHRwOi8vY2RwMS5wdWJsaWMtdHJ1c3QuY29tL0NSTC9PbW5p
+cm9vdDIwMjUuY3JsMB0GA1UdDgQWBBSkzpUuB63HsFQ6Ooir648h34D1qzANBgkq
+hkiG9w0BAQUFAAOCAQEAKcQLLMDFhnoR13BZM/8zbQXO2gTrjOWXiz1u0typn8G+
+wI6nzb7xoqNEUsHLqHzMzDLwc7FYQ+PLoRLiKKYcQx2faxfsmOAnkgdA9zr3jczC
+Ek10mEI/iXi/7ilrh5qRxI/SarXqLlLv5LFHCtHg5JGa/74ktsEa8SeUllKE2tTX
+nsfcl3gSY5H9c3duSZDLRSVrlasar6C7TJOZFWhUD616jcsMyTcpHvS6uedf0bGP
+lmVcwmRn5SbZQ4vE+6UPLO5npv+QGmmYJJirJmdHIHoekIAGK19E1Q5edb7duOxa
+9s/9NjVxhWsKNTcVh1UiB91lOcxnJrS1GJmvT0gIpg==
+-----END CERTIFICATE-----

net/data/ssl/blacklist/README.md

@@ -10,108 +10,108 @@ are included.
 
 ### Comodo
 
-For details, see [https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html],
-[https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/],
-and [https://technet.microsoft.com/en-us/library/security/2524375.aspx].
+For details, see <https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html>,
+<https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up/>,
+and <https://technet.microsoft.com/en-us/library/security/2524375.aspx>.
 
 As the result of a compromise of a partner RA of Comodo, nine certificates were
 misissued, for a variety of online services.
 
-  * [2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem]
-  * [4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem]
-  * [79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem]
-  * [8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem]
-  * [933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem]
-  * [9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem]
-  * [be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem]
-  * [ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem]
-  * [f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem]
+  * <2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem>
+  * <4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem>
+  * <79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem>
+  * <8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem>
+  * <933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem>
+  * <9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem>
+  * <be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem>
+  * <ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem>
+  * <f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem>
 
 ### DigiNotar
 
-For details, see [https://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html]
-and [https://en.wikipedia.org/wiki/DigiNotar].
+For details, see <https://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html>
+and <https://en.wikipedia.org/wiki/DigiNotar>.
 
 As a result of a complete CA compromise, the following certificates (and
 their associated public keypairs) are revoked.
 
-  * [0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem]
-  * [294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem]
-  * [31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem]
-  * [3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem]
-  * [450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem]
-  * [4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem]
-  * [8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem]
-  * [9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem]
-  * [a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem]
-  * [b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem]
-  * [fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem]
+  * <0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem>
+  * <294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem>
+  * <31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem>
+  * <3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem>
+  * <450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem>
+  * <4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem>
+  * <8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem>
+  * <9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem>
+  * <a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem>
+  * <b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem>
+  * <fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem>
 
 ### India CCA
 
-For details, see [https://googleonlinesecurity.blogspot.com/2014/07/maintaining-digital-certificate-security.html]
-and [https://technet.microsoft.com/en-us/library/security/2982792.aspx]
+For details, see <https://googleonlinesecurity.blogspot.com/2014/07/maintaining-digital-certificate-security.html>
+and <https://technet.microsoft.com/en-us/library/security/2982792.aspx>
 
 An unknown number of misissued certificates were issued by a sub-CA of
 India CCA, the India NIC. Due to the scope of the misissuance, the sub-CA
 was wholly revoked, and India CCA was constrained to a subset of India's
 ccTLD namespace.
 
-  * [67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem]
-  * [a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem]
-  * [e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem]
+  * <67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem>
+  * <a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem>
+  * <e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem>
 
 ### Trustwave
 
-For details, see [https://www.trustwave.com/Resources/SpiderLabs-Blog/Clarifying-The-Trustwave-CA-Policy-Update/]
-and [https://bugzilla.mozilla.org/show_bug.cgi?id=724929]
+For details, see <https://www.trustwave.com/Resources/SpiderLabs-Blog/Clarifying-The-Trustwave-CA-Policy-Update/>
+and <https://bugzilla.mozilla.org/show_bug.cgi?id=724929>
 
 Two certificates were issued by Trustwave for use in enterprise
 Man-in-the-Middle. The following public key was used for both certificates,
 and is revoked.
 
-  * [32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key]
+  * <32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key>
 
 ### TurkTrust
 
-For details, see [https://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html]
-and [https://web.archive.org/web/20130326152502/http://turktrust.com.tr/kamuoyu-aciklamasi.2.html]
+For details, see <https://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html>
+and <https://web.archive.org/web/20130326152502/http://turktrust.com.tr/kamuoyu-aciklamasi.2.html>
 
 As a result of a software configuration issue, two certificates were misissued
 by Turktrust that failed to properly set the basicConstraints extension.
 Because these certificates can be used to issue additional certificates, they
 have been revoked.
 
-  * [372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem]
-  * [42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem]
+  * <372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem>
+  * <42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem>
 
 ## Private Key Leakages
 
 ### Cyberoam
 
-For details, see [https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372]
+For details, see <https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372>
 
 Device manufacturer Cyberoam used the same private key for all devices by
 default, which subsequently leaked and is included below. The associated
 public key is blacklisted.
 
-  * [1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key]
+  * <1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key>
 
 ### Dell
 
-For details, see [http://www.dell.com/support/article/us/en/19/SLN300321]
-and [http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate]
+For details, see <http://www.dell.com/support/article/us/en/19/SLN300321>
+and <http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate>
 
 The private keys for both the eDellRoot and DSDTestProvider certificates were
 trivially extracted, and thus their associated public keys are
 blacklisted.
 
-  * [0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem]
-  * [ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem]
+  * <0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem>
+  * <ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem>
 
 ### sslip.io
 
-For details, see [https://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address]
+For details, see <https://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certificate-for-every-ip-address>
 
 A subscriber of Comodo's acquired a wildcard certificate for sslip.io, and
 then subsequently published the private key, as a means for developers
@@ -120,31 +120,42 @@ to avoid having to acquire certificates.
 As the private key could be used to intercept all communications to this
 domain, the associated public key was blacklisted.
 
-  * [f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem]
+  * <f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem>
 
 ### xs4all.nl
 
-For details, see [https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_for_my_ISPs_main_website.html]
+For details, see <https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_for_my_ISPs_main_website.html>
 
 A user of xs4all was able to register a reserved email address that can be
 used to cause certificate issuance, as described in the CA/Browser Forum's
 Baseline Requirements, and then subsequently published the private key.
 
-  * [83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem]
+  * <83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem>
 
 ## Miscellaneous
 
+### DigiCert
+
+For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1242758> and
+<https://bugzilla.mozilla.org/show_bug.cgi?id=1224104>
+
+These two intermediates were retired by DigiCert, and blacklisted for
+robustness at their request.
+
+  * <159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem>
+  * <b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem>
+
 ### Hacking Team
 
 The following keys were reported as used by Hacking Team to compromise users,
 and are blacklisted for robustness.
 
-  * [c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key]
-  * [ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key]
+  * <c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key>
+  * <ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key>
 
 ### live.fi
 
-For details, see [https://technet.microsoft.com/en-us/library/security/3046310.aspx]
+For details, see <https://technet.microsoft.com/en-us/library/security/3046310.aspx>
 
 A user of live.fi was able to register a reserved email address that can be
 used to cause certificate issuance, as described in the CA/Browser Forum's
@@ -152,33 +163,33 @@ Baseline Requirements. This was not intended by Microsoft, the operators of
 live.fi, but conformed to the Baseline Requirements. It was blacklisted for
 robustness.
 
-  * [c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem]
+  * <c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem>
 
 ### SECOM
 
-For details, see [https://bugzilla.mozilla.org/show_bug.cgi?id=1188582]
+For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1188582>
 
 This intermediate certificate was retired by SECOM, and blacklisted for
 robustness at their request.
 
-  * [817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem]
+  * <817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem>
 
 ### Symantec
 
-For details, see [https://bugzilla.mozilla.org/show_bug.cgi?id=966060] 
+For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=966060> 
 
 These three intermediate certificates were retired by Symantec, and
 blacklisted for robustness at their request.
 
-  * [1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem]
-  * [3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem]
-  * [7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem]
+  * <1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem>
+  * <3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem>
+  * <7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem>
 
 ### T-Systems
 
-For details, see [https://bugzilla.mozilla.org/show_bug.cgi?id=1076940]
+For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1076940>
 
 This intermediate certificate was retired by T-Systems, and blacklisted
 for robustness at their request.
 
-  * [f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem]
+  * <f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem>

net/data/ssl/blacklist/b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem

+-----BEGIN CERTIFICATE-----
+MIIEKDCCAxCgAwIBAgIEBydr0TANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTEyMDExMTIyMTE1MFoX
+DTIyMDExMTIyMTEzMVowXTELMAkGA1UEBhMCQkUxHDAaBgNVBAoTE0NlcnRpcG9z
+dCBzLmEuL24udi4xMDAuBgNVBAMTJ0NlcnRpcG9zdCBFLVRydXN0IFByaW1hcnkg
+Tm9ybWFsaXNlZCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANWz
+qlKEeheTIg+4BBjKyfKCKqwVC6dQcbZMJWv3/wGqV1p3Tl4TFA1V8h7xhc2F14Ic
+DNoJK739vJ7+bYlNogIk5lHqN38xRlp7mnazLqBdX+T4mQoHvu6SJhLJe+ddbNCD
+Rw7AjKfReVfACxmcm55DxU6RJc6IK2152XmK1mZOIsMaRU7vyLBiJk4mVFCfDG+z
+a8x8n3/eDw21j8Nr1OHC+7tWUKqMPY8Aizz8SBdq0lrzdW1lgb1GXZ+iYlOuzvOp
+5JErWibDeWbRplNmNRwGcbHumQ7E+1gSrCJGLeIiktvhPL+7/obnkzRzz3hp08ve
++QyyaNrJigpgVMTzVmMCAwEAAaOB8jCB7zASBgNVHRMBAf8ECDAGAQH/AgEBMEUG
+A1UdIAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5jZXJ0
+aXBvc3QuY29tL3Nob3dwb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaA
+FOWdWTCCR1jMrPoIVDaGezq1BE3wMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9j
+ZHAxLnB1YmxpYy10cnVzdC5jb20vQ1JML09tbmlyb290MjAyNS5jcmwwHQYDVR0O
+BBYEFBHyC5bSMziBV1gT/UCkEW9OmfpnMA0GCSqGSIb3DQEBBQUAA4IBAQCDTfzh
+Nhln+aiZBvdDKvxd+/MR+HofOwAlvvV9VDNUH5B8fR+vFME4PgDg60zntgZEYg4F
+U13K53/2U9m4vvBiLpRLBWIxyXaZ8hwsx8rRcKZvORai3BMDOUxqK0XAl5evbxzc
+drpn1ao/fJURK6IBa8jblBrhNynpXChj5+dnNSheflN0mph3QXqNs8jAFxmw45Oq
+guO8tEfGpgvGo4hntsA8lWsxerSrtQlJnV3acoauXRProOdTU2+uLD5dJUHEW2QB
+/4um+9xTBDtyZ55YgTg2aalnbPet0lUjW3SRNYBEaEWDNsH0vToW7sjTSY0gEWrv
+BOUM95u+bb7mIp88
+-----END CERTIFICATE-----