The system SSL root certificate store was updated to Mozilla certificate
version 2.22 from January 2018. (bsc#1071152 bsc#1071390 bsc#1010996)

We removed the old 1024 bit legacy CAs that were temporary left in to allow
in-chain root certificates as openssl is now able to handle it.

Further changes coming from Mozilla:

- New Root CAs added:

* Amazon Root CA 1: (email protection, server auth)
* Amazon Root CA 2: (email protection, server auth)
* Amazon Root CA 3: (email protection, server auth)
* Amazon Root CA 4: (email protection, server auth)
* Certplus Root CA G1: (email protection, server auth)
* Certplus Root CA G2: (email protection, server auth)
* D-TRUST Root CA 3 2013: (email protection)
* GDCA TrustAUTH R5 ROOT: (server auth)
* Hellenic Academic and Research Institutions ECC RootCA 2015: (email protection, server auth)
* Hellenic Academic and Research Institutions RootCA 2015: (email protection, server auth)
* ISRG Root X1: (server auth)
* LuxTrust Global Root 2: (server auth)
* OpenTrust Root CA G1: (email protection, server auth)
* OpenTrust Root CA G2: (email protection, server auth)
* OpenTrust Root CA G3: (email protection, server auth)
* SSL.com EV Root Certification Authority ECC: (server auth)
* SSL.com EV Root Certification Authority RSA R2: (server auth)
* SSL.com Root Certification Authority ECC: (email protection, server auth)
* SSL.com Root Certification Authority RSA: (email protection, server auth)
* Symantec Class 1 Public Primary Certification Authority - G4: (email protection)
* Symantec Class 1 Public Primary Certification Authority - G6: (email protection)
* Symantec Class 2 Public Primary Certification Authority - G4: (email protection)
* Symantec Class 2 Public Primary Certification Authority - G6: (email protection)
* TrustCor ECA-1: (email protection, server auth)
* TrustCor RootCert CA-1: (email protection, server auth)
* TrustCor RootCert CA-2: (email protection, server auth)
* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1: (server auth)

- Removed root CAs:

* AddTrust Public Services Root
* AddTrust Public CA Root
* AddTrust Qualified CA Root
* ApplicationCA - Japanese Government
* Buypass Class 2 CA 1
* CA Disig Root R1
* CA WoSign ECC Root
* Certification Authority of WoSign G2
* Certinomis - Autorité Racine
* Certum Root CA
* China Internet Network Information Center EV Certificates Root
* CNNIC ROOT
* Comodo Secure Services root
* Comodo Trusted Services root
* ComSign Secured CA
* EBG Elektronik Sertifika Hizmet Sağlayıcısı
* Equifax Secure CA
* Equifax Secure eBusiness CA 1
* Equifax Secure Global eBusiness CA
* GeoTrust Global CA 2
* IGC/A
* Juur-SK
* Microsec e-Szigno Root CA
* PSCProcert
* Root CA Generalitat Valenciana
* RSA Security 2048 v3
* Security Communication EV RootCA1
* Sonera Class 1 Root CA
* StartCom Certification Authority
* StartCom Certification Authority G2
* S-TRUST Authentication and Encryption Root CA 2005 PN
* Swisscom Root CA 1
* Swisscom Root EV CA 2
* TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
* UTN USERFirst Hardware Root CA
* UTN USERFirst Object Root CA
* VeriSign Class 3 Secure Server CA - G2
* Verisign Class 1 Public Primary Certification Authority
* Verisign Class 2 Public Primary Certification Authority - G2
* Verisign Class 3 Public Primary Certification Authority
* WellsSecure Public Root Certificate Authority
* Certification Authority of WoSign
* WoSign China

- Removed Code Signing rights from a lot of CAs (not listed here).

- Removed Server Auth rights from:

* AddTrust Low-Value Services Root
* Camerfirma Chambers of Commerce Root
* Camerfirma Global Chambersign Root
* Swisscom Root CA 2

This update was imported from the SUSE:SLE-12:Update update project.