@echo off

rem
rem         !!!!!!  dont forget that there MUST be a property usage too !!!!!!
rem

set l_SAUTH=1.3.6.1.5.5.7.3.1
set l_CAUTH=1.3.6.1.5.5.7.3.2
set l_CSIGN=1.3.6.1.5.5.7.3.3
set l_EMAIL=1.3.6.1.5.5.7.3.4
set l_TSTMP=1.3.6.1.5.5.7.3.8
set l_SVRGT=1.3.6.1.4.1.311.10.3.3
set l_NETSC=2.16.840.1.113730.4.1

set l_DISABLE=1.3.6.1.4.1.311.10.4.1

set l_CMGR=certmgr -add -all -c 
set l_CMGRCRL=certmgr -add -all -crl 

set l_AUTHROOTSTOREFILE=authroots.sst
set l_UPDROOTSTOREFILE=updroots.sst
set l_ROOTSTOREFILE=roots.sst
set l_CASTOREFILE=cas.sst
set l_DISALLOWSTOREFILE=disallow.sst

rem echo .
rem echo . checking out *.sst
rem echo .

rem %out *.sst

if exist %l_AUTHROOTSTOREFILE%  del %l_AUTHROOTSTOREFILE%
if exist %l_UPDROOTSTOREFILE%   del %l_UPDROOTSTOREFILE%
if exist %l_ROOTSTOREFILE%      del %l_ROOTSTOREFILE%
if exist %l_CASTOREFILE%        del %l_CASTOREFILE%
if exist %l_DISALLOWSTOREFILE%  del %l_DISALLOWSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     DISALLOW     ***
rem --------------------------------------------------------------------------------------------------------------

rem Fraudulent Commercial Publisher Certificates issued by VeriSign
set l_NAME=Fraudulent, NOT Microsoft
%l_CMGR% -name "%l_NAME%" disallow\vs_mspub.cer %l_DISALLOWSTOREFILE%
%l_CMGR% -name "%l_NAME%" disallow\vs_mspub2.cer %l_DISALLOWSTOREFILE%



rem --------------------------------------------------------------------------------------------------------------
rem         ***     VERISIGN     ***
rem --------------------------------------------------------------------------------------------------------------

rem VeriSign certs to flush...

rem This is hash 0x4b281266, old RSA Secure Server CA, expires 12/31/99
rem set l_NAME=VeriSign/RSA Secure Server CA
rem %l_CMGR% -eku "%l_SAUTH%" -name "%l_NAME%"                                  rsa\rsa-ssca.crt            %l_AUTHROOTSTOREFILE%

rem This is hash 0x0884a5f8, old Class 1 Public PCA, expires 12/31/99
rem set l_NAME=VeriSign Class 1 Primary CA
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%" -name "%l_NAME%"                        verisign\class1-v0.509      %l_AUTHROOTSTOREFILE%

rem This is hash 0x127046ed, old Class 1 Public PCA, expires 1/7/2004
rem set l_NAME=VeriSign Class 1 Primary CA
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%" -name "%l_NAME%"                        verisign\class1-v1.509      %l_AUTHROOTSTOREFILE%

rem This is hash , old Class 4 Public PCA, expires 12/31/1999
rem set l_NAME=VeriSign Class 4 Primary CA
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\class4-v1.509      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Commercial Software Publishers CA
%l_CMGR% -eku "%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"                        verisign\mscom2004.509      %l_AUTHROOTSTOREFILE%

rem This is hash 0x0fae155f, old Commercial softpub cert, expires 12/31/99
rem We have to continue shipping this root because certs issued off
rem of it use AKI: Issuer & serial number

set l_NAME=VeriSign Commercial Software Publishers CA
%l_CMGR% -eku "%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"                        verisign\mscom1999.509      %l_AUTHROOTSTOREFILE%


rem Certificate Revocation List (CRL) for the above VeriSign CA
%l_CMGRCRL% verisign\verisignpub.crl  %l_CASTOREFILE%


set l_NAME=VeriSign Individual Software Publishers CA
%l_CMGR% -eku "%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"                        verisign\msind2004.509      %l_AUTHROOTSTOREFILE%

rem This is hash 0x438d4e9c, old Individual softpub cert, expires 12/31/99
rem We have to continue shipping this root because certs issued off
rem of it use AKI: Issuer & serial number

set l_NAME=VeriSign Individual Software Publishers CA
%l_CMGR% -eku "%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"                        verisign\msind1999.509      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 1 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%" -name "%l_NAME%"                        verisign\class1-v2.509      %l_AUTHROOTSTOREFILE%

rem This is the VS Class 2 PCA; class2-v1 and class2-v2 are duplicates, 
rem only need one of them.  Hash 0xbbfab727
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%" -name "%l_NAME%"              verisign\class2-v1.509      %l_AUTHROOTSTOREFILE%
set l_NAME=VeriSign Class 2 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%" -name "%l_NAME%"              verisign\class2-v2.509      %l_AUTHROOTSTOREFILE%

rem This is the VS Class 3 PCA; class3-v1 and class3-v2 are duplicates, 
rem only need one of them.  Hash 0x4d5f2ab4
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\class3-v1.509      %l_AUTHROOTSTOREFILE%
set l_NAME=VeriSign Class 3 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\class3-v2.509      %l_AUTHROOTSTOREFILE%

rem set l_NAME=VeriSign/RSA Commercial CA
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%" -name "%l_NAME%"              rsa\rsa-cca.crt             %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign/RSA Secure Server CA
%l_CMGR% -eku "%l_SAUTH%" -name "%l_NAME%"                                  rsa\sscav2.509              %l_AUTHROOTSTOREFILE%

rem New certs as of 5/20/98

set l_NAME=VeriSign Class 1 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%" -name "%l_NAME%"                        verisign\c1pca_g2.cer      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 2 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%" -name "%l_NAME%"              verisign\c2pca_g2.cer      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 3 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\c3pca_g2.cer      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 4 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\c4pca_g2.cer      %l_AUTHROOTSTOREFILE%

rem ------      this is the "us" cert -- we don't want to ship this!
rem ------ set l_NAME=VeriSign Online Revocation Status Service
rem ------ %l_CMGR% -name "%l_NAME%"                                        verisign\crlsign-v1.509     %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Time Stamping CA
%l_CMGR% -eku "%l_TSTMP%" -name "%l_NAME%"                                  verisign\timeroot.509       %l_ROOTSTOREFILE%

rem This is the VS Class 1 Intermediate
rem %l_CMGR%                                                                    verisign\class1iv1.509      %l_CASTOREFILE%

rem This is the VS Class 2 Intermediate
rem %l_CMGR%                                                                    verisign\class2iv1.509      %l_CASTOREFILE%

rem Replacing the VS Class 1 intermediate with one expiring on 2008
%l_CMGR%                                                                    verisign\c1i_2008.cer      %l_CASTOREFILE%

rem This is the VS Class 2 Intermediate
rem Replacing the VS Class 2 intermediate with one expiring on 2004
%l_CMGR%                                                                    verisign\c2i_2004.cer      %l_CASTOREFILE%

rem New VS certs as of 7/7/99

set l_NAME=VeriSign Class 1 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%" -name "%l_NAME%"                        verisign\C1PCAG2v2.cer      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 2 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%" -name "%l_NAME%"              verisign\C2PCAG2v2.cer      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 3 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\C3PCAG2v2.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 4 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\C4PCAG2v2.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 1 Public Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%" -name "%l_NAME%"                        verisign\PCA1_v4.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 2 Public Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%" -name "%l_NAME%"              verisign\PCA2_v4.cer      %l_AUTHROOTSTOREFILE%

set l_NAME=VeriSign Class 3 Public Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_CSIGN%,%l_SAUTH%" -name "%l_NAME%"    verisign\PCA3_v4.cer      %l_AUTHROOTSTOREFILE%

rem VS SGC x-cert to fix SP6 SGC problem
%l_CMGR%                                                                    verisign\c3i_2004.cer      %l_CASTOREFILE%



rem --------------------------------------------------------------------------------------------------------------
rem         ***     MICROSOFT     ***
rem --------------------------------------------------------------------------------------------------------------

set l_NAME=Microsoft Authenticode(tm) Root
%l_CMGR% -eku "%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"                        msft\msroot99.cer           %l_ROOTSTOREFILE%

set l_NAME=Microsoft Timestamp Root
%l_CMGR% -eku "%l_TSTMP%" -name "%l_NAME%"                                  msft\hawking.cer            %l_ROOTSTOREFILE%

rem SGC root removed (Win2k 387794 & WinSE 3715)
rem This is the MS Root for Server-Gated Crypto (SGC)
rem set l_NAME=Microsoft Root SGC Authority
rem %l_CMGR% -eku "%l_SAUTH%,%l_SVRGT%,%l_NETSC%" -name "%l_NAME%"              msft\sgcroot.crt            %l_ROOTSTOREFILE%

rem This is the SGC intermediate certificate
%l_CMGR% -eku "%l_SAUTH%,%l_SVRGT%,%l_NETSC%"                               msft\sgc_ca.crt             %l_CASTOREFILE%

rem This is the MS Root Authority (calling it the WHQL root is a misnomer).  
rem It expires in 2020
set l_NAME=Microsoft Root Authority
%l_CMGR% -name "%l_NAME%"                                                   msft\whqlroot.cer           %l_ROOTSTOREFILE%

rem This is the MS Root Authority generated in 2001 with a bit length of 4096
rem It expires in 2021
set l_NAME=Microsoft Root Certificate Authority
%l_CMGR% -name "%l_NAME%"                                                   msft\msroot01.cer           %l_ROOTSTOREFILE%

rem This is the WHQL intermediate cert (chains off the MS Root Authority),
rem used for things like Memphis driver signing, MS publishing, etc.
set l_NAME=Microsoft Windows Hardware Compatibility
%l_CMGR%                                                                    msft\whqlint.cer            %l_CASTOREFILE%

rem %l_CMGR%                                                                msft\mstemp.cer             %l_CASTOREFILE%

%l_CMGR%                                                                    test\mstest.cer             %l_CASTOREFILE%


rem --------------------------------------------------------------------------------------------------------------
rem         ***     GTE     ***
rem --------------------------------------------------------------------------------------------------------------

rem this is an old GTE root, hash 0x129c55b6, expires 12/31/99
rem we're keeping it this go-round while GTE migrates to a new key.

rem set l_NAME=GTE CyberTrust Root
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%" -name "%l_NAME%"              gte\ct_root.cer             %l_AUTHROOTSTOREFILE%

rem this is the new GTE root, hash, expires 4/4/2004
set l_NAME=GTE CyberTrust Root
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%" -name "%l_NAME%"              gte\ct200404.cer             %l_AUTHROOTSTOREFILE%

set l_NAME=GTE CyberTrust Root
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%" -name "%l_NAME%"              gte\ct200602.cer             %l_AUTHROOTSTOREFILE%

set l_NAME=GTE CyberTrust Global Root
%l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"              gte\ct201808.cer             %l_AUTHROOTSTOREFILE%

rem GTE SGC bridge cert
%l_CMGR%								    gte\gtebridge.cer		%l_CASTOREFILE%


rem --------------------------------------------------------------------------------------------------------------
rem         ***     ATT     ***
rem --------------------------------------------------------------------------------------------------------------

rem These certificates (0x7c76ed02 and 0x8dd3f0c5) expire in 1/16/01 and 12/31/99; we're not carrying any AT&T root certs any more (at least, they haven't replaced any for NT5 B2)
rem set l_NAME=ATT Certificate Services
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%" -name "%l_NAME%"              att\att.crt                 %l_AUTHROOTSTOREFILE%
rem set l_NAME=ATT Directory Services
rem %l_CMGR% -eku "%l_EMAIL%,%l_CAUTH%,%l_SAUTH%" -name "%l_NAME%"              att\attdir.crt              %l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     THAWTE     ***
rem --------------------------------------------------------------------------------------------------------------

rem this is an old Thawte premium server root, hash 0xd1dc53dc, expires 7/27/98
rem %l_CMGR% -eku "%l_SAUTH%,%l_CSIGN%"                                         thawte\spca1998.crt         %l_AUTHROOTSTOREFILE% 
rem this is an old Thawte server CA root, hash 0x9008b1f0, expires 7/27/98
rem %l_CMGR% -eku "%l_SAUTH%,%l_CSIGN%"                                         thawte\sca1998.crt          %l_AUTHROOTSTOREFILE%

set l_NAME=Thawte Personal Basic CA
%l_CMGR% -eku "%l_CAUTH%,%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"              thawte\pbca2020.crt         %l_AUTHROOTSTOREFILE%
set l_NAME=Thawte Personal Premium CA
%l_CMGR% -eku "%l_CAUTH%,%l_EMAIL%,%l_CSIGN%" -name "%l_NAME%"              thawte\ppca2020.crt         %l_AUTHROOTSTOREFILE%
set l_NAME=Thawte Personal Freemail CA
%l_CMGR% -eku "%l_CAUTH%,%l_EMAIL%" -name "%l_NAME%"                        thawte\pfca2020.crt         %l_AUTHROOTSTOREFILE%
set l_NAME=Thawte Server CA
%l_CMGR% -eku "%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"                        thawte\sca2020.crt          %l_AUTHROOTSTOREFILE%
set l_NAME=Thawte Premium Server CA
%l_CMGR% -eku "%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"                        thawte\spca2020.crt         %l_AUTHROOTSTOREFILE% 
set l_NAME=Thawte Timestamping CA
%l_CMGR% -eku "%l_TSTMP%" -name "%l_NAME%"				    thawte\ts2020.cer           %l_AUTHROOTSTOREFILE% 

rem Thawte SGC bridge cert
%l_CMGR%								    thawte\sgc1.cer		%l_CASTOREFILE%

rem Thawte SGC premium bridge cert
%l_CMGR%								    thawte\prem_sgc.cer		%l_CASTOREFILE%


rem --------------------------------------------------------------------------------------------------------------
rem         ***     KEYWITNESS     ***
rem --------------------------------------------------------------------------------------------------------------

rem Keywitness is out of business. Do not add this CA back into the product in the future.

rem *** KeyWitness removed on 7/7/99 ***

rem this is the old KeyWitness root, hash 0xBDCD5DEA, expires 5/6/99
rem %l_CMGR% -eku "%l_SAUTH%,%l_CAUTH%,%l_EMAIL%"                               other\kwitness.crt          %l_AUTHROOTSTOREFILE%

rem this is the new KeyWitness root, hash 0x06d81263, expires 5/5/2004
rem set l_NAME=KeyWitness Global 2048 Root
rem %l_CMGR% -eku "%l_SAUTH%,%l_CAUTH%,%l_EMAIL%" -name "%l_NAME%"                               other\kw2004.cer          %l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     MCI     ***
rem --------------------------------------------------------------------------------------------------------------

rem This is an old MCI root cert, hash 0x6357d33d, expires 7/16/98
rem %l_CMGR% -eku "%l_SAUTH%,%l_CAUTH%,%l_EMAIL%"                               other\mcimall.crt               %l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     CertiPoste      ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99 and will expire on 6/24/2018
set l_NAME=Certiposte Classe A Personne
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	certip\certip1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Certiposte Serveur
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	certip\certip1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Certiposte Editeur
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	certip\certip1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Certiposte Serveur
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	certip\sagemroot.crt		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Correos      ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99 and will expire on 6/24/2018
set l_NAME=SERVICIOS DE CERTIFICACION - A.N.C.
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	Correos\ca.crt			%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Digital Signature Trust     ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=DST (ANX Network) CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\ANX.cer			%l_AUTHROOTSTOREFILE%

set l_NAME=DSTCA E1
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\DSTCAE1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=DSTCA E2
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\DSTCAE2.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=DST-Entrust GTI CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\DSTEntrst.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=DST RootCA X1
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\DSTXCA1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=DST RootCA X2
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\DSTXCA2.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Xcert EZ by DST
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\X3CER.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=DST (National Retail Federation) RootCA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\NRF.cer			%l_AUTHROOTSTOREFILE%

set l_NAME=DST (United Parcel Service) RootCA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\UPS.cer			%l_AUTHROOTSTOREFILE%

rem these certs are added 7/12/99
set l_NAME=DST (ABA.ECOM) CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\ABACER.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=DST (Baltimore EZ) CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DigSigT\baltimore.cer		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Equifax     ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=Equifax Secure eBusiness CA-1
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"              	Equifax\ebus_ca1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Equifax Secure eBusiness CA-2
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"              	Equifax\ebus_ca2.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Equifax Secure Global eBusiness CA-1
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"              	Equifax\gebus_ca1.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Equifax Secure Certificate Authority
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"              	Equifax\sec_ca.cer		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     First Data Digital Certificates Inc.    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=First Data Digital Certificates Inc. Certification Authority
%l_CMGR% -name "%l_NAME%"			FDC\ca.cer			%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     FNMT     ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=Fabrica Nacional de Moneda y Timbre
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	FNMT\fnmt.cer			%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     GlobalSign    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=GlobalSign Root CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%,%l_CSIGN%,%l_TSTMP%" -name "%l_NAME%"              	GlobalS\root.cer			%l_AUTHROOTSTOREFILE%

rem GlobalSign SGC bridge cert
%l_CMGR%								GlobalS\gbridge.cer		%l_CASTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Japan Certification Services    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=Japan Certification Services, Inc. SecureSign RootCA1
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"			JCS\jcsca1.der		%l_AUTHROOTSTOREFILE%

set l_NAME=Japan Certification Services, Inc. SecureSign RootCA2
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"			JCS\jcsca2.der		%l_AUTHROOTSTOREFILE%

set l_NAME=Japan Certification Services, Inc. SecureSign RootCA3
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"			JCS\jcsca3.der		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     KeyMail    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=KeyMail PTT Post Root CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	KeyMail\PTTCA.CRT	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     National Association of Mexican Notary    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=Autoridad Certificadora de la Asociacion Nacional del Notariado 
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	NAMx\ANNM.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Autoridad Certificadora del Colegio Nacional de Correduria Publica Mexicana, A.C.
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	NAMx\CNCPM.cer		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Saunalahden Serveri    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=Saunalahden Serveri CA 
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SFS\goldnew.cer		%l_AUTHROOTSTOREFILE%

set l_NAME=Saunalahden Serveri CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SFS\silvernew.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Societa Interbancaria per l'Automazione     ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=Societa Interbancaria per l'Automazione SIA Secure Client CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SIA\seccli.der		%l_AUTHROOTSTOREFILE%

rem this cert is added 7/12/99
set l_NAME=Societa Interbancaria per l'Automazione SIA Secure Server CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SIA\secsrv.der		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Valicert    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/7/99
set l_NAME=ValiCert Class 1 Policy Validation Authority
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	ValiCert\class1.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=ValiCert Class 2 Policy Validation Authority
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	ValiCert\class2.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=ValiCert Class 3 Policy Validation Authority
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	ValiCert\class3.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Belgacom    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=Belgacom E-Trust Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	Belgacom\primary.crt	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     CertiSign    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=Certisign Autoridade Certificadora AC1S
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertiSign\AC1S.der	%l_AUTHROOTSTOREFILE%

set l_NAME=Certisign Autoridade Certificadora AC2
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertiSign\AC2.der	%l_AUTHROOTSTOREFILE%

set l_NAME=Certisign Autoridade Certificadora AC3S
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertiSign\AC3S.der	%l_AUTHROOTSTOREFILE%

set l_NAME=Certisign Autoridade Certificadora AC4
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertiSign\AC4.der	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     CertPlus    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=CertPlus Class 1 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertPlus\class1.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CertPlus Class 2 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertPlus\class2.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CertPlus Class 3 Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertPlus\class3.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CertPlus Class 3P Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertPlus\class3p.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CertPlus Class 3TS Primary CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	CertPlus\class3ts.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Deutsche Telekom    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=Deutsche Telekom Root CA 1
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DeutscheT\DTroot1.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=Deutsche Telekom Root CA 2
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	DeutscheT\DTroot2.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Entrust.net    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=Entrust.net Secure Server Certification Authority
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	Entrust\entrust.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     EUnet    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=EUnet International Root CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	EUNet\rootEUI.crt	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Feste    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=FESTE, Verified Certs
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	Feste\cacert1.der	%l_AUTHROOTSTOREFILE%

set l_NAME=FESTE, Public Notary Certs
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	Feste\cacert2.der	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     IPS    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=IPS SERVIDORES
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%,%l_CSIGN%" -name "%l_NAME%"              	IPS\root.cer		%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     SecureNet (Australia)   ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=SecureNet CA Class A
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNet\classAv1.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=SecureNet CA Class B
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNet\classBv1.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=SecureNet CA Root
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNet\Rootv3.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=SecureNet CA SGC Root
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNet\RootSGC.cer	%l_AUTHROOTSTOREFILE%

rem Rotek SGC bridge cert
%l_CMGR%								SecNet\rbridge.cer		%l_CASTOREFILE%


rem --------------------------------------------------------------------------------------------------------------
rem         ***     SecureNet (Hong Kong)   ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=CW HKT SecureNet CA Class A
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNetCW\classA.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CW HKT SecureNet CA Class B
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNetCW\classB.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CW HKT SecureNet CA Root
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNetCW\Root.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=CW HKT SecureNet CA SGC Root
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SecNetCW\RootSGC.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     SwissKey   ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=Swisskey Root CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	SwissKey\root.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     TC TrustCenter   ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=TC TrustCenter Class 1 CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	TCTrust\tc_lot_1.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=TC TrustCenter Class 2 CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	TCTrust\tc_lot_2.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=TC TrustCenter Class 3 CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	TCTrust\tc_lot_3.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=TC TrustCenter Class 4 CA
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	TCTrust\tc_lot_4.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=TC TrustCenter Time Stamping CA
%l_CMGR% -eku "%l_TSTMP%" -name "%l_NAME%"				TCTrust\tc_lot_ts.cer	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     Viacode   ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=ViaCode Certification Authority
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	Viacode\root.crt	%l_AUTHROOTSTOREFILE%

rem --------------------------------------------------------------------------------------------------------------
rem         ***     UserTrust     ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/12/99
set l_NAME=UTN - DATACorp SGC
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	UserTrust\rootsgc.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=UTN - USERFirst-Client Authentication and Email
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	UserTrust\cli_e.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=UTN - USERFirst-Hardware
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	UserTrust\hardware.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=UTN - USERFirst-Network Applications
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	UserTrust\netapp.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=UTN - USERFirst-Object
%l_CMGR% -eku "%l_CSIGN%,%l_TSTMP%" -name "%l_NAME%"			UserTrust\object.cer	%l_AUTHROOTSTOREFILE%

rem UserTrust SGC bridge cert
%l_CMGR%								UserTrust\utbridge.cer		%l_CASTOREFILE%


rem --------------------------------------------------------------------------------------------------------------
rem         ***     NetLock    ***
rem --------------------------------------------------------------------------------------------------------------

rem these certs are added 7/15/99
set l_NAME=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	NetLock\classa.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=NetLock Uzleti (Class B) Tanusitvanykiado
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	NetLock\classb.cer	%l_AUTHROOTSTOREFILE%

set l_NAME=NetLock Expressz (Class C) Tanusitvanykiado
%l_CMGR% -eku "%l_EMAIL%,%l_SAUTH%" -name "%l_NAME%"              	NetLock\classc.cer	%l_AUTHROOTSTOREFILE%


rem --------------------------------------------------------------------------------------------------------------
rem         ***     .sst file checkin      ***
rem --------------------------------------------------------------------------------------------------------------

rem echo .
rem echo . checking in *.sst
rem echo .

rem %in -c"auto create" *.sst

certmgr -v %l_AUTHROOTSTOREFILE%    > authroots.txt
certmgr -v %l_ROOTSTOREFILE%    > roots.txt
certmgr -v %l_CASTOREFILE%      > cas.txt