Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


Repository files navigation

This workspace contains the crates webpki-roots and webpki-ccadb.

The webpki-roots crate contains Mozilla's root certificates for use with the webpki or rustls crates.

The webpki-ccadb crate populates the root certificates for the webpki-roots crate using the data provided by the Common CA Database (CCADB). Inspired by

webpki-roots Crate


This library is suitable for use in applications that can always be recompiled and instantly deployed. For applications that are deployed to end-users and cannot be recompiled, or which need certification before deployment, consider a library that uses the platform native certificate verifier such as rustls-platform-verifier. This has the additional benefit of supporting OS provided CA constraints and revocation data.


The underlying data is MPL-licensed, and webpki-roots/src/ is therefore a derived work.

Regenerating sources

Sources are generated in an integration test, in webpki-roots/tests/ The test will fail if the sources are out of date relative to upstream, and update webpki-roots/src/ if so. The code is generated in deterministic order so changes to the source should only result from upstream changes.