| # Copyright 2016 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| # List of SPKI hashes of certificates that are treated as captive portal |
| # certificates. See chrome/browser/ssl/ssl_error_assistant.proto for the full |
| # format. |
| |
| version_id: 4 |
| |
| # https://captive-portal.badssl.com leaf. |
| # This is a test certificate, always keep it at the top. |
| captive_portal_cert { |
| sha256_hash: "sha256/fjZPHewEHTrMDX3I1ecEIeoy3WFxHyGplOLv28kIbtI=" |
| } |
| |
| ################################################################################ |
| # The rest of the certificates are case-insensitive sorted by the first line of |
| # their comments. |
| # See http://go/chrome-captive-portal-list for instructions to update this list. |
| |
| # Always On |
| # Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, |
| # CN=COMODO High-Assurance Secure Server CA |
| # Subject: C=ZA/postalCode=0157, ST=Gauteng, |
| # L=CENTURION/street=1020 SASBY AVENUE ELDORAIGNE, |
| # O=Always On Broadband Wireless Solutions, OU=InstantSSL, |
| # CN=gateway.alwayson.co.za |
| captive_portal_cert { |
| sha256_hash: "sha256/m/nBiLhStttu1YmOz7Y3D2u1iB1dV2CbIfFa3R2YW5M=" |
| } |
| |
| # auth.impulse.com |
| # https://crt.sh/?q=d92d97e4d17ce28a7c844f58b0d1cda44e604b959cff998435e01777777ce715 |
| captive_portal_cert { |
| sha256_hash: "sha256/8Iuf4xRbVCmCMQTJn3rxlglIO1IOKoyuSUgmXyfaIKs=" |
| } |
| |
| # beeline.ru |
| # https://crt.sh/?q=e64aa319a108ce49931ac19bf32f838f8db7427150cf7a781af7d9ff76f75cac |
| captive_portal_cert { |
| sha256_hash: "sha256/k/2eeJTznE32mblA/du19wpVDSIReFX44M8wXa2JY30=" |
| } |
| |
| # BT Wi-fi |
| # https://crt.sh/?q=9e6bc5f9ecc52460e8edc02c644d1be1cb9f2316f41daf3b616a0b2058294b31 |
| captive_portal_cert { |
| sha256_hash: "sha256/urWd7jMwR6DJgvWhp6xfRHF5b/cba3iG0ggXtTR6AfM=" |
| } |
| |
| # controller.access.network |
| # https://crt.sh/?q=1544e807f17771b98a382b6b7faf2f2faf45eda44f460c4f8054b9eab845b860 |
| captive_portal_cert { |
| sha256_hash: "sha256/IJPCDSE5tM9H3nuD5m6RU2i9KDdPXVn4qmC/ULlcZzc=" |
| } |
| |
| # hotelwifi.com |
| # https://crt.sh/?q=f9dca04c4ac67f346c505c6a9bdc931c5272547dbb512a138c4459a903b023c7 |
| captive_portal_cert { |
| sha256_hash: "sha256/0Gy8RMdbxHNWR2GQJ62QKDXORYf5JmMmnr1FJFPYpzM=" |
| } |
| |
| # Innflux |
| # Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., |
| # OU=http://certs.godaddy.com/repository/, |
| # CN=Go Daddy Secure Certificate Authority - G2 |
| # Subject: OU=Domain Control Validated, CN=gateway.innflux.com |
| captive_portal_cert { |
| sha256_hash: "sha256/8tTICtyaxIQrdbYYDdgZhTN0OpM9kYndvoImtw1Ys5E=" |
| } |
| |
| # kewiko.mn |
| # Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., |
| # OU=http://certs.godaddy.com/repository/, |
| # CN=Go Daddy Secure Certificate Authority - G2 |
| # Subject: OU=Domain Control Validated, CN=wireless.kewiko.mn |
| captive_portal_cert { |
| sha256_hash: "sha256/F7HIlsaG0bpJW8CzYekRbtFqLVTTGqwvuwPDqnlLct0=" |
| } |
| |
| # login.globalsuite.net |
| # https://crt.sh/?q=ed4119e407aa22f507617226bbf2009fdbca55079a2c2f8eebda84e3173006a6 |
| captive_portal_cert { |
| sha256_hash: "sha256/zaV2Aw1A742R1+WpXWvL5atsJbGmeSS6dzZOfe6f1Yw=" |
| } |
| |
| # login.netinary.net |
| # Issuer: C=US, O=thawte, Inc., CN=thawte SSL CA - G2 |
| # Subject: C=FR, ST=Bouches-du-Rh\xC3\xB4ne, L=MARSEILLE, O=NETINARY, |
| # OU=Security, CN=login.netinary.net |
| captive_portal_cert { |
| sha256_hash: "sha256/UwOkRGMlP0K/mKNJdpQ0sTg2ean9Tje8UTOvFYzt1GE=" |
| } |
| |
| # mobicare.com.br |
| # https://crt.sh/?q=bf9a13fc64b18221a6f0360e95ba54714d8ebf70a0291b7ea5f357be30436a7a |
| captive_portal_cert { |
| sha256_hash: "sha256/w7KUXE4/BAo1YVZdO3mBsrMpu4IQuN0mhUXUI//agVU=" |
| } |
| |
| # ombord.info |
| # https://crt.sh/?q=f849586eedb4c754fc53e4352948d36097ae7fec50abc5f93c08239719c8184a |
| captive_portal_cert { |
| sha256_hash: "sha256/JnPvGqEn36FjHQlBXtG1uWwNtdMj1o2ojR/asqyypNk=" |
| } |
| |
| # Orange France |
| # Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, |
| # CN=Symantec Class 3 Secure Server CA - G4 |
| # Subject: C=FR, ST=Paris, L=Paris, O=Orange, OU=Orange France, |
| # CN=hautdebitmobile.orange.fr |
| captive_portal_cert { |
| sha256_hash: "sha256/AUSXlKDCf1X30WhWeAWbjToABfBkJrKWPL6KwEi5VH0=" |
| } |
| |
| # virginwifi.io |
| # Issuer: O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G2, C=US |
| # Subject: CN=*.virginwifi.io |
| captive_portal_cert { |
| sha256_hash: "sha256/zSyVjjFJMIeXK0ktVTIjewwr6U5OePRqyY/nEXTI4P8=" |
| } |
| |
| # wifipass.org |
| # https://crt.sh/?q=1cce212718a7cf65ce33acde91b5bc66863d14ae259fbaf841f83bf89748f5fd |
| captive_portal_cert { |
| sha256_hash: "sha256/9dcHlrXN2WV/ehbEdMxMZ8IV4qvGejCtNC5r6nfTviM=" |
| } |
| |
| # wifisignon.shaw.ca |
| # Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, |
| # CN=Symantec Class 3 Secure Server CA - G4 |
| # Subject: C=CA, ST=Alberta, L=Calgary, O=Shaw Cablesystems G.P., OU=TNO, |
| # CN=wifisignon.shaw.ca |
| captive_portal_cert { |
| sha256_hash: "sha256/E+0WZLGSIe5nddlVKZ5fYzaNHHCE3hNqi/OWZD3iKgA=" |
| } |
| |
| # wifree.voo.be |
| # Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, |
| # CN=DigiCert SHA2 High Assurance Server CA |
| # Subject: C=BE, ST=Liege, L=Liege, O=Tecteo Group, CN=wifree.voo.be |
| captive_portal_cert { |
| sha256_hash: "sha256/QJ/69CTHYPRa0I3UVlwD6N4MtToxpQ1+0izyGnqEHQo=" |
| } |
| |
| # wireless.wifirst.net |
| # Issuer: C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2 |
| # Subject: OU=Domain Control Validated, OU=Gandi Standard SSL, |
| # CN=wireless.wifirst.net |
| captive_portal_cert { |
| sha256_hash: "sha256/LKtpdq9q7F7msGK0w1+b/gKoDHaQcZKTHIf9PTz2u+U=" |
| } |
| |
| # https://mitm-software.badssl.com leaf. |
| # This is a test certificate, keep it at the top of the MITM software list. |
| mitm_software { |
| name: "BadSSL Antivirus", |
| issuer_common_name_regex: "BadSSL MITM Software Test" |
| } |
| |
| ################################################################################ |
| # The rest of the MITM software certificates are sorted alphabetically by name. |
| |
| mitm_software { |
| name: "Avast Antivirus", |
| issuer_common_name_regex: "avast! Web/Mail Shield Root", |
| issuer_organization_regex: "avast! Web/Mail Shield" |
| } |
| |
| mitm_software { |
| name: "Bitdefender Antivirus", |
| issuer_common_name_regex: "Bitdefender Personal CA\.Net-Defender", |
| issuer_organization_regex: "Bitdefender" |
| } |
| |
| mitm_software { |
| name: "Cisco Umbrella", |
| issuer_common_name_regex: "Cisco Umbrella Root CA", |
| issuer_organization_regex: "Cisco" |
| } |
| |
| mitm_software { |
| name: "Cisco Umbrella", |
| issuer_common_name_regex: "Cisco Umbrella Primary SubCA", |
| issuer_organization_regex: "Cisco" |
| } |
| |
| mitm_software { |
| name: "ContentKeeper", |
| issuer_common_name_regex: "ContentKeeper Appliance CA \(\d+\)", |
| issuer_organization_regex: "ContentKeeper Technologies" |
| } |
| |
| mitm_software { |
| name: "Cyberoam Firewall", |
| issuer_organization_regex: "Cyberoam Certificate Authority" |
| } |
| |
| mitm_software { |
| name: "ForcePoint", |
| issuer_common_name_regex: "Forcepoint Cloud CA", |
| issuer_organization_regex: "Forcepoint LLC" |
| } |
| |
| mitm_software { |
| name: "Fortigate", |
| issuer_common_name_regex: "FortiGate CA", |
| issuer_organization_regex: "Fortinet" |
| } |
| |
| mitm_software { |
| name: "Fortinet", |
| issuer_organization_regex: "Fortinet( Ltd\.)?" |
| } |
| |
| mitm_software { |
| name: "Kaspersky Internet Security", |
| issuer_common_name_regex: "Kaspersky Anti-Virus Personal Root Certificate" |
| } |
| |
| mitm_software { |
| name: "McAfee Web Gateway", |
| issuer_common_name_regex: "McAfee Web Gateway" |
| } |
| |
| mitm_software { |
| name: "NetSpark", |
| issuer_common_name_regex: "www\.netspark\.com", |
| issuer_organization_regex: "NetSpark" |
| } |
| |
| mitm_software { |
| name: "SmoothWall Firewall", |
| issuer_common_name_regex: "Smoothwall-default-root-certificate-authority" |
| } |
| |
| mitm_software { |
| name: "SonicWall Firewall", |
| issuer_organization_regex: "HTTPS Management Certificate for SonicWALL" |
| } |
| |
| mitm_software { |
| name: "Sophos", |
| issuer_common_name_regex: "Sophos SSL CA_[A-Z0-9\-]+", |
| issuer_organization_regex: "Sophos" |
| } |
| |
| mitm_software { |
| name: "Sophos", |
| issuer_common_name_regex: "Sophos_CA_[A-Z0-9]+" |
| } |
| |
| mitm_software { |
| name: "Sophos UTM", |
| issuer_common_name_regex: "sophosutm Proxy CA", |
| issuer_organization_regex: "sophosutm" |
| } |
| |
| mitm_software { |
| name: "Sophos Web Appliance", |
| issuer_common_name_regex: "Sophos Web Appliance", |
| issuer_organization_regex: "Sophos Plc" |
| } |
| |
| mitm_software { |
| name: "Symantec Blue Coat", |
| issuer_organization_regex: "Blue Coat.*" |
| } |
| |
| mitm_software { |
| name: "Trend Micro InterScan Web Security Suite (IWSS)", |
| issuer_common_name_regex: "IWSS\.TREND" |
| } |
| |
| mitm_software { |
| name: "Zscaler", |
| issuer_organization_regex: "Zscaler Inc\." |
| } |