CircuitPython, NINA-FW, Adafruit IO Arduino libraries, and other Adafruit software need a current set of TLS root certificates for secure web access. Microsoft, Mozilla, Android, curl, and other projects maintain lists of root and related certificates. Those lists are quite complete, and too large for some embedded firmware.
This repo includes a tool to combine local or fetched root certificate lists and filter them to the most commonly needed roots. There is also a testing tool. Projects can then use this repo as a submodule to have access to an updated list of root certificates.
Currently the certificates are filtered from the curl root
list, which is based on the
Mozilla root list, and from a local file.
tools/extra.pemis a list of certificates needed but not present in the Mozilla root list.tools/filter_certs.pydoes the filtering to the most common root cert providers.tools/filters.txtcontains regexps to match those providers or the cert namestools/test_site_coverage.pytests a givenroots.pemagainst a long list of URL's.tools/urls.txtis that list of URLs. Add to it as necessary. Some are commented out, for reasons noted.
The resulting filtered root certificate bundle is in data/.
data/roots.pemcontains the filtered list, with comments describing each certificate.