rmhrisk / webpki-ca-countries.py
Above is a script I put together that displays the total number of trusted Certificate Authorities (CAs) across all root stores, along with their respective trust statuses concerning TLS (Transport Layer Security) trust.
NOTE: It's important to understand that although some CAs may be part of root programs, they might only be trusted for purposes other than TLS, such as S/MIME (this list exclusively includes CAs trusted for TLS).
To determine the country of origin for each CA, I utilized the issuer DN in the associated root certificate, specifically examining the C RDN. However, this method has limitations because:
Despite these issues, I've decided included the country column to offer a rough overview of the geographic distribution of CAs. Should I come up with a better method in the future, I will update the script accordingly.
While there are a few takeaways from this dataset, one thing that is clear is that Microsoft is the most permissive of the root programs.
