Lib.rs

Cryptographywebpki-roots
#ca-certificate #certificate-authorities #web-pki #self-signed #x509-certificate #certificate-validation #mozilla #webpki-roots #trusted-root-certificate

webpki-root-certs

Mozilla trusted certificate authorities in self-signed X.509 format for use with crates other than webpki

Owned by Dirkjan Ochtman, Daniel McCarney, Joe Birr-Pixton, rustls.

13 releases (5 stable)

new 1.0.4 Nov 1, 2025
1.0.2 Jul 18, 2025
0.26.11 May 6, 2025
0.26.8 Jan 31, 2025
0.26.7 Nov 21, 2024

#1699 in Cryptography

Download history 235027/week @ 2025-07-12 260670/week @ 2025-07-19 268635/week @ 2025-07-26 286312/week @ 2025-08-02 286774/week @ 2025-08-09 289868/week @ 2025-08-16 287144/week @ 2025-08-23 254051/week @ 2025-08-30 294202/week @ 2025-09-06 278722/week @ 2025-09-13 290554/week @ 2025-09-20 289915/week @ 2025-09-27 302395/week @ 2025-10-04 304819/week @ 2025-10-11 312508/week @ 2025-10-18 301123/week @ 2025-10-25

1,267,563 downloads per month
Used in 495 crates (8 directly)

CDLA-Permissive-2.0

620KB
155 lines

webpki-root-certs

This is a crate containing Mozilla's trusted root certificates in self-signed X.509 certificate format.

If you are using webpki or rustls you should prefer webpki-roots - it is more space efficient and easier to use.

This crate is inspired by certifi.io and uses the data provided by the Common CA Database (CCADB).

About

The webpki and rustls ecosystem represent trust anchors with the webpki::TrustAnchor type, containing only the data used as inputs for the RFC 5280 certificate path validation algorithm. In some instances (e.g. when interacting with native platform certificate verifiers) it may be required to provide trust anchors as full X.509 self-signed certificates.

Compared to webpki-roots this crate contains the full self-signed certificate DER data for each trust anchor is included in webpki_roots.

License

The underlying data is used via the CCADB Data Usage Terms (see LICENSE). The data in this crate is a derived work of the CCADB data.

Regenerating sources

Sources are generated in an integration test, in tests/codegen.rs. The test will fail if the sources are out of date relative to upstream, and update src/lib.rs if so. The code is generated in deterministic order so changes to the source should only result from upstream changes.

Dependencies