UpdateRootCertificates.ps1
|
<#PSScriptInfo
.VERSION 3.1.0 .GUID 05c58731-6a7a-4a18-9903-03530b7ec896 .AUTHOR asherto .COMPANYNAME asheroto .TAGS PowerShell Windows root certificates certificate update updater lists list certutil certutil.exe sst cab microsoft windows .PROJECTURI https://github.com/asheroto/UpdateRootCertificates .RELEASENOTES [Version 1.11.0] - Initial PowerShell Gallery release. [Version 1.11.1] - Fix URL to GUI counterpart. [Version 2.0.0] - Refactored & signed code. [Version 3.0.0] - Major rewrite. Switched from Certificate Trusts Lists to Certificates. [Version 3.1.0] - Added CheckForUpdate, UpdateSelf, Version, and Help parameters. Added test for admin privileges. Improved output formatting. #> <# .SYNOPSIS Force update the root certificate lists on your computer. .DESCRIPTION Downloads the latest root certificate lists from Microsoft and installs them on your computer. Optionally you can specify the -Force parameter to skip the 10 second wait before continuing execution. This program updates the trusted and disallowed root certificates on your system by downloading and installing the latest versions directly from Microsoft. These certificates are used by Windows to determine whether to trust or block websites, software, and other secure communications. By installing them manually, this tool ensures your system has the latest root certificates without relying on Windows Update. Its GUI counterpart is available at https://github.com/asheroto/UpdateRootCertificates .EXAMPLE Update root certificate lists normally: UpdateRootCertificates.ps1 .EXAMPLE Update root certificate lists without waiting 10 seconds to continue execution: UpdateRootCertificates.ps1 -Force .PARAMETER Force Skips the 10-second delay before certificate installation begins. .PARAMETER Verbose Displays detailed output during certificate download and installation. .PARAMETER UpdateSelf Automatically installs the latest version of this script from PowerShell Gallery. .PARAMETER CheckForUpdate Checks for a newer version of the script and displays the release date and version info. .PARAMETER Version Displays the current version of the script and exits. .PARAMETER Help Displays full help documentation for this script. .NOTES Version : 3.1.0 Created by : asheroto .LINK Project Site: https://github.com/asheroto/UpdateRootCertificates #> # Ensure script running as Administrator #Requires -RunAsAdministrator # Skip 10 second wait before continuing execution [CmdletBinding()] param ( [switch]$Force, [switch]$CheckForUpdate, [switch]$UpdateSelf, [switch]$Version, [switch]$Help ) # Script information $CurrentVersion = '3.1.0' $RepoOwner = 'asheroto' $RepoName = 'UpdateRootCertificates' $PowerShellGalleryName = 'UpdateRootCertificates' # Preferences $ProgressPreference = 'SilentlyContinue' # Suppress progress bar (makes downloading super fast) $ConfirmPreference = 'None' # Suppress confirmation prompts # Display version if -Version is specified if ($Version.IsPresent) { $CurrentVersion exit 0 } # Display full help if -Help is specified if ($Help) { Get-Help -Name $MyInvocation.MyCommand.Source -Full exit 0 } function Get-GitHubRelease { <# .SYNOPSIS Fetches the latest release information of a GitHub repository. .DESCRIPTION This function uses the GitHub API to get information about the latest release of a specified repository, including its version and the date it was published. .PARAMETER Owner The GitHub username of the repository owner. .PARAMETER Repo The name of the repository. .EXAMPLE Get-GitHubRelease -Owner "asheroto" -Repo "UpdateRootCertificates" This command retrieves the latest release version and published datetime of the UpdateRootCertificates" repository owned by asheroto. #> [CmdletBinding()] param ( [string]$Owner, [string]$Repo ) try { $url = "https://api.github.com/repos/$Owner/$Repo/releases/latest" $response = Invoke-RestMethod -Uri $url -ErrorAction Stop $latestVersion = $response.tag_name $publishedAt = $response.published_at # Convert UTC time string to local time $UtcDateTime = [DateTime]::Parse($publishedAt, [System.Globalization.CultureInfo]::InvariantCulture, [System.Globalization.DateTimeStyles]::RoundtripKind) $PublishedLocalDateTime = $UtcDateTime.ToLocalTime() [PSCustomObject]@{ LatestVersion = $latestVersion PublishedDateTime = $PublishedLocalDateTime } } catch { Write-Error "Unable to check for updates.`nError: $_" exit 1 } } function CheckForUpdate { param ( [string]$RepoOwner, [string]$RepoName, [version]$CurrentVersion, [string]$PowerShellGalleryName ) $Data = Get-GitHubRelease -Owner $RepoOwner -Repo $RepoName Write-Output "" Write-Output ("Repository: {0,-40}" -f "https://github.com/$RepoOwner/$RepoName") Write-Output ("Current Version: {0,-40}" -f $CurrentVersion) Write-Output ("Latest Version: {0,-40}" -f $Data.LatestVersion) Write-Output ("Published at: {0,-40}" -f $Data.PublishedDateTime) if ($Data.LatestVersion -gt $CurrentVersion) { Write-Output ("Status: {0,-40}" -f "A new version is available.") Write-Output "`nOptions to update:" Write-Output "- Download latest release: https://github.com/$RepoOwner/$RepoName/releases" if ($PowerShellGalleryName) { Write-Output "- Run: $RepoName -UpdateSelf" Write-Output "- Run: Install-Script $PowerShellGalleryName -Force" } } else { Write-Output ("Status: {0,-40}" -f "Up to date.") } exit 0 } function UpdateSelf { try { # Get PSGallery version of script $psGalleryScriptVersion = (Find-Script -Name $PowerShellGalleryName).Version # If the current version is less than the PSGallery version, update the script if ($CurrentVersion -lt $psGalleryScriptVersion) { Write-Output "Updating script to version $psGalleryScriptVersion..." # Check if running in PowerShell 7 or greater Write-Debug "Checking if NuGet PackageProvider is already installed..." Install-NuGetIfRequired # Trust the PSGallery if not already trusted $psRepoInstallationPolicy = (Get-PSRepository -Name 'PSGallery').InstallationPolicy if ($psRepoInstallationPolicy -ne 'Trusted') { Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted | Out-Null } # Update the script Install-Script $PowerShellGalleryName -Force # If PSGallery was not trusted, reset it to its original state if ($psRepoInstallationPolicy -ne 'Trusted') { Set-PSRepository -Name 'PSGallery' -InstallationPolicy $psRepoInstallationPolicy | Out-Null } Write-Output "Script updated to version $psGalleryScriptVersion." exit 0 } else { Write-Output "Script is already up to date." exit 0 } } catch { Write-Output "An error occurred: $_" exit 1 } } function Test-AdminPrivileges { <# .SYNOPSIS Checks if the script is running with Administrator privileges. Returns $true if running with Administrator privileges, $false otherwise. .DESCRIPTION This function checks if the current PowerShell session is running with Administrator privileges by examining the role of the current user. It returns $true if the current user is an Administrator, $false otherwise. .EXAMPLE Test-AdminPrivileges .NOTES This function is particularly useful for scripts that require elevated permissions to run correctly. #> if (([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { return $true } return $false } function Write-Section($text) { <# .SYNOPSIS Prints a text block surrounded by a section divider for enhanced output readability. .DESCRIPTION This function takes a string input and prints it to the console, surrounded by a section divider made of hash characters. It is designed to enhance the readability of console output. .PARAMETER text The text to be printed within the section divider. .EXAMPLE Write-Section "Downloading Files..." This command prints the text "Downloading Files..." surrounded by a section divider. #> Write-Output "" Write-Output ("#" * ($text.Length + 4)) Write-Output "# $text #" Write-Output ("#" * ($text.Length + 4)) Write-Output "" } function Fail { param([string]$Message) Write-Warning $Message Write-Warning "The process failed. Make sure you're connected to the internet, running PowerShell as Administrator, and have the latest version installed." Write-Output "" Write-Output "For help, visit: https://github.com/asheroto/UpdateRootCertificates under the 'Issues' tab." Pop-Location Break } Clear-Host # First heading Write-Output "UpdateRootCertificates $CurrentVersion" # Check for updates if -CheckForUpdate is specified if ($CheckForUpdate) { CheckForUpdate -RepoOwner $RepoOwner -RepoName $RepoName -CurrentVersion $CurrentVersion -PowerShellGalleryName $PowerShellGalleryName } # Update the script if -UpdateSelf is specified if ($UpdateSelf) { UpdateSelf } # Heading Write-Output "To check for updates, run UpdateRootCertificates -CheckForUpdate" # Check if the current user is an administrator if (-not (Test-AdminPrivileges)) { Write-Warning "UpdateRootCertificates requires Administrator privileges to install. Please run the script as an Administrator and try again." ExitWithDelay 1 } Write-Output "" Write-Output "This script downloads and installs updated root and disallowed certificates from Microsoft." Write-Output "" Write-Output "These are used by Windows to determine whether to trust or reject connections, software, and other services." Write-Output "" Write-Output "Reference: https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/certificate-trust" Write-Output "" Write-Output ("-" * 50) if (-not $Force) { Write-Output "Updated root and disallowed certificates will be installed in 10 seconds. Press CTRL+C to cancel." Start-Sleep -Seconds 10 Write-Output ("-" * 50) } Write-Section "Windows Update Certificate Settings" Write-Output "Checking if Windows Update is allowed to install trusted root certificates..." $ShowAUMessage = $true $val = Get-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\SystemCertificates\AuthRoot' -Name 'DisableRootAutoUpdate' -ErrorAction Ignore if ($val.DisableRootAutoUpdate -eq 1) { Write-Warning "Your system is configured to block automatic updates of trusted root certificates." Write-Output "To change this setting, check: HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate" $ShowAUMessage = $false } if ($ShowAUMessage) { Write-Output "Trusted root certificates are allowed to be updated automatically by Windows Update." } Write-Output "" Write-Output "Checking if Windows Update is allowed to install disallowed certificates..." $ShowAUMessageD = $true $val = Get-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\SystemCertificates\AuthRoot' -Name 'EnableDisallowedCertAutoUpdate' -ErrorAction Ignore if ($val.EnableDisallowedCertAutoUpdate -eq 0) { Write-Warning "Your system is configured to block automatic updates of disallowed certificates." Write-Output "To change this setting, check: HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot\EnableDisallowedCertAutoUpdate" $ShowAUMessageD = $false } if ($ShowAUMessageD) { Write-Output "Disallowed certificates are allowed to be updated automatically by Windows Update." } Write-Output ("-" * 50) Push-Location $pwd $TempDir = [System.IO.Path]::GetTempPath() Set-Location $TempDir Write-Section "Downloading Certificates" $ProgressPreference = "SilentlyContinue" $baseUrl = "http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/" $trustedFiles = @("authroots.sst", "updroots.sst", "roots.sst") $disallowedFile = "disallowedcert.sst" foreach ($file in $trustedFiles + $disallowedFile) { Invoke-WebRequest -Uri ($baseUrl + $file) -OutFile $file if (-not (Test-Path $file)) { Fail -Message "$file was not downloaded. Check your Internet connection and try again." } Write-Output "$file downloaded." } Write-Section "Installing Certificates" foreach ($file in $trustedFiles) { if ($PSCmdlet.MyInvocation.BoundParameters["Verbose"]) { certutil -f -addstore root $file } else { certutil -f -addstore root $file > $null 2>&1 } Write-Output "$file installed to Root store." } if ($PSCmdlet.MyInvocation.BoundParameters["Verbose"]) { certutil -f -addstore disallowed $disallowedFile } else { certutil -f -addstore disallowed $disallowedFile > $null 2>&1 } Write-Output "$disallowedFile installed to Disallowed store." Write-Section "Cleanup" Remove-Item authroots.sst, updroots.sst, roots.sst, disallowedcert.sst Write-Output "Temporary files removed." Write-Section "Completed" Write-Output "Certificates were successfully downloaded and installed." Write-Output "Please restart the computer for changes to fully take effect." Pop-Location # SIG # Begin signature block # MIIhEgYJKoZIhvcNAQcCoIIhAzCCIP8CAQExDzANBglghkgBZQMEAgIFADCBiQYK # KwYBBAGCNwIBBKB7MHkwNAYKKwYBBAGCNwIBHjAmAgMBAAAEEB/MO2BZSwhOtyTS # xil+81ECAQACAQACAQACAQACAQAwQTANBglghkgBZQMEAgIFAAQwAShalaMsLuHP # ID9iZzWGNrZ0eMmBCBVGPo314bOgoaTewITIV1ZlSQHfJP2CT9ssoIIHZDCCA1kw # ggLfoAMCAQICEA+4p0C5FY0DUUO8WdnwQCkwCgYIKoZIzj0EAwMwYTELMAkGA1UE # BhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj # ZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgRzMwHhcNMjEw # NDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBkMQswCQYDVQQGEwJVUzEXMBUGA1UE # ChMORGlnaUNlcnQsIEluYy4xPDA6BgNVBAMTM0RpZ2lDZXJ0IEdsb2JhbCBHMyBD # b2RlIFNpZ25pbmcgRUNDIFNIQTM4NCAyMDIxIENBMTB2MBAGByqGSM49AgEGBSuB # BAAiA2IABLu0rCelSA2iU1+PLoE+L1N2uAiUopqqiouYtbHw/CoVu7mzpSIv/WrA # veJVaGBrlzTBZlNxI/wa1cogDwJAoqNKWkajkVMrlfID6aum04d2L+dkn541UfzD # YzV4duT4d6OCAVcwggFTMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJtf # sDa6nQauGSe9wKAiwIuLOHftMB8GA1UdIwQYMBaAFLPbSKT5ocXYrjZBzBFjaWIp # vEvGMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDAzB2BggrBgEF # BQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBA # BggrBgEFBQcwAoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0 # R2xvYmFsUm9vdEczLmNydDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5k # aWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290RzMuY3JsMBwGA1UdIAQVMBMw # BwYFZ4EMAQMwCAYGZ4EMAQQBMAoGCCqGSM49BAMDA2gAMGUCMHi9SZVlcQHQRldo # ZQ5oqdw2CMHu/dSO20BlPw3/k6/CrmOGo37LtJFaeOwHA2cHfAIxAOefH/EHW6w0 # xji8taVQzubqOH4+eZDkpFurAg3oB/xWplqK3bNQst3y+mZ0ntAWYzCCBAMwggOJ # oAMCAQICEAkAe9UAG/CXy7mNMUr+/SEwCgYIKoZIzj0EAwMwZDELMAkGA1UEBhMC # VVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTwwOgYDVQQDEzNEaWdpQ2VydCBH # bG9iYWwgRzMgQ29kZSBTaWduaW5nIEVDQyBTSEEzODQgMjAyMSBDQTEwHhcNMjUw # MzA1MDAwMDAwWhcNMjYwMjI3MjM1OTU5WjBvMQswCQYDVQQGEwJVUzERMA8GA1UE # CBMIT2tsYWhvbWExETAPBgNVBAcTCE11c2tvZ2VlMRwwGgYDVQQKExNBc2hlciBT # b2x1dGlvbnMgSW5jMRwwGgYDVQQDExNBc2hlciBTb2x1dGlvbnMgSW5jMHYwEAYH # KoZIzj0CAQYFK4EEACIDYgAEmevbTWb0zuVss/9+daSUJmD8+BKATaBBDwxRRzeS # +f1Ei0I2C4J3wnbvOb+F2IwC5UaT0zRtd2UjDHXsZL7D/UOzzdJsKsw/wlgzHLFA # niRAroqYu6EVD7S2rU01IIsOo4IB8zCCAe8wHwYDVR0jBBgwFoAUm1+wNrqdBq4Z # J73AoCLAi4s4d+0wHQYDVR0OBBYEFP9/yLOLv2UR/KR8/6aiVJDAzVxaMD4GA1Ud # IAQ3MDUwMwYGZ4EMAQQBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMw # gasGA1UdHwSBozCBoDBOoEygSoZIaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0R2xvYmFsRzNDb2RlU2lnbmluZ0VDQ1NIQTM4NDIwMjFDQTEuY3JsME6g # TKBKhkhodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxHM0Nv # ZGVTaWduaW5nRUNDU0hBMzg0MjAyMUNBMS5jcmwwgY4GCCsGAQUFBwEBBIGBMH8w # JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBXBggrBgEFBQcw # AoZLaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzND # b2RlU2lnbmluZ0VDQ1NIQTM4NDIwMjFDQTEuY3J0MAkGA1UdEwQCMAAwCgYIKoZI # zj0EAwMDaAAwZQIxAN0k7IUNEhkylBNbbGRsntiXD3g+f6TVX62R67EBAQk+jnEx # 1fMxxijQUxpFUCYkVQIwHowDYbY+F+h7JwLzd9iQE/Y1RShInWrRVoSRBM25EBGk # G7LH7NtQKN9zRhAFRBWoMYIY8zCCGO8CAQEweDBkMQswCQYDVQQGEwJVUzEXMBUG # A1UEChMORGlnaUNlcnQsIEluYy4xPDA6BgNVBAMTM0RpZ2lDZXJ0IEdsb2JhbCBH # MyBDb2RlIFNpZ25pbmcgRUNDIFNIQTM4NCAyMDIxIENBMQIQCQB71QAb8JfLuY0x # Sv79ITANBglghkgBZQMEAgIFAKCBjDAQBgorBgEEAYI3AgEMMQIwADAZBgkqhkiG # 9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIB # FTA/BgkqhkiG9w0BCQQxMgQwuUKoEwgzcHKONiidLoH6BTM9xH0bEoRSgXlhp5Ec # LI9/KMzWbtSdsYkLDT/A2xC5MAsGByqGSM49AgEFAARnMGUCMFdvoh0ufqzAFyQa # LOkXVUjhZGsLMz5kWC15vOHCMlp11IK0IwNWRUekV2JSLlgXwwIxAKd1sPAfPbXU # jqkajLHWIggsaDkCz+kOkHsHRUNhBo4E4Gl3fzs3OUAwYGL7m3BtxaGCF1owghdW # BgorBgEEAYI3AwMBMYIXRjCCF0IGCSqGSIb3DQEHAqCCFzMwghcvAgEDMQ8wDQYJ # YIZIAWUDBAICBQAwgYcGCyqGSIb3DQEJEAEEoHgEdjB0AgEBBglghkgBhv1sBwEw # QTANBglghkgBZQMEAgIFAAQwY0bTyQYPgl3PcToy6iAkI5zZ1zCnkihM26GQe20z # +ovcyUeFo4cjfTOpEuLbLgs7AhAAmEGoQhO86aJWBeD9Z5BEGA8yMDI1MDMzMTIy # MjgxNVqgghMDMIIGvDCCBKSgAwIBAgIQC65mvFq6f5WHxvnpBOMzBDANBgkqhkiG # 9w0BAQsFADBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x # OzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGlt # ZVN0YW1waW5nIENBMB4XDTI0MDkyNjAwMDAwMFoXDTM1MTEyNTIzNTk1OVowQjEL # MAkGA1UEBhMCVVMxETAPBgNVBAoTCERpZ2lDZXJ0MSAwHgYDVQQDExdEaWdpQ2Vy # dCBUaW1lc3RhbXAgMjAyNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL5qc5/2lSGrljC6W23mWaO16P2RHxjEiDtqmeOlwf0KMCBDEr4IxHRGd7+L660x # 5XltSVhhK64zi9CeC9B6lUdXM0s71EOcRe8+CEJp+3R2O8oo76EO7o5tLuslxdr9 # Qq82aKcpA9O//X6QE+AcaU/byaCagLD/GLoUb35SfWHh43rOH3bpLEx7pZ7avVnp # UVmPvkxT8c2a2yC0WMp8hMu60tZR0ChaV76Nhnj37DEYTX9ReNZ8hIOYe4jl7/r4 # 19CvEYVIrH6sN00yx49boUuumF9i2T8UuKGn9966fR5X6kgXj3o5WHhHVO+NBikD # O0mlUh902wS/Eeh8F/UFaRp1z5SnROHwSJ+QQRZ1fisD8UTVDSupWJNstVkiqLq+ # ISTdEjJKGjVfIcsgA4l9cbk8Smlzddh4EfvFrpVNnes4c16Jidj5XiPVdsn5n10j # xmGpxoMc6iPkoaDhi6JjHd5ibfdp5uzIXp4P0wXkgNs+CO/CacBqU0R4k+8h6gYl # dp4FCMgrXdKWfM4N0u25OEAuEa3JyidxW48jwBqIJqImd93NRxvd1aepSeNeREXA # u2xUDEW8aqzFQDYmr9ZONuc2MhTMizchNULpUEoA6Vva7b1XCB+1rxvbKmLqfY/M # /SdV6mwWTyeVy5Z/JkvMFpnQy5wR14GJcv6dQ4aEKOX5AgMBAAGjggGLMIIBhzAO # BgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEF # BQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwHwYDVR0jBBgw # FoAUuhbZbU2FL3MpdpovdYxqII+eyG8wHQYDVR0OBBYEFJ9XLAN3DigVkGalY17u # T5IfdqBbMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5j # cmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k # aWdpY2VydC5jb20wWAYIKwYBBQUHMAKGTGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0 # LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdD # QS5jcnQwDQYJKoZIhvcNAQELBQADggIBAD2tHh92mVvjOIQSR9lDkfYR25tOCB3R # KE/P09x7gUsmXqt40ouRl3lj+8QioVYq3igpwrPvBmZdrlWBb0HvqT00nFSXgmUr # DKNSQqGTdpjHsPy+LaalTW0qVjvUBhcHzBMutB6HzeledbDCzFzUy34VarPnvIWr # qVogK0qM8gJhh/+qDEAIdO/KkYesLyTVOoJ4eTq7gj9UFAL1UruJKlTnCVaM2UeU # UW/8z3fvjxhN6hdT98Vr2FYlCS7Mbb4Hv5swO+aAXxWUm3WpByXtgVQxiBlTVYzq # fLDbe9PpBKDBfk+rabTFDZXoUke7zPgtd7/fvWTlCs30VAGEsshJmLbJ6ZbQ/xll # /HjO9JbNVekBv2Tgem+mLptR7yIrpaidRJXrI+UzB6vAlk/8a1u7cIqV0yef4uaZ # FORNekUgQHTqddmsPCEIYQP7xGxZBIhdmm4bhYsVA6G2WgNFYagLDBzpmk9104WQ # zYuVNsxyoVLObhx3RugaEGru+SojW4dHPoWrUhftNpFC5H7QEY7MhKRyrBe7ucyk # W7eaCuWBsBb4HOKRFVDcrZgdwaSIqMDiCLg4D+TPVgKx2EgEdeoHNHT9l3ZDBD+X # gbF+23/zBjeCtxz+dL/9NWR6P2eZRi7zcEO1xwcdcqJsyz/JceENc2Sg8h3KeFUC # S7tpFk7CrDqkMIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG # 9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw # FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVz # dGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQsw # CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRp # Z2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENB # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUD # xPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1AT # CyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW # 1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS # 8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jB # ZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCY # Jn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucf # WmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLc # GEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNF # YLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI # +RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjAS # vUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8C # AQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX # 44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggr # BgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw # LmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNl # cnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDag # NIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RH # NC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3 # DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJL # Kftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgW # valWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2M # vGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSu # mScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJ # xLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un # 8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SV # e+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4 # k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJ # Dwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr # 5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBY0w # ggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJKoZIhvcNAQEMBQAwZTELMAkG # A1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp # Z2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENB # MB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1OVowYjELMAkGA1UEBhMCVVMx # FTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNv # bTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orY # WcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8ae # FaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckg # HWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwr # t0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y # 1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzUvK4bA3VdeGbZOjFEmjNAvwjX # WkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9WV1CdoeJl2l6SPDgohIb # Zpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz2cXfSwQAzH0c # lcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOkGLim # dwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIW # IgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZ # qbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOzX # 44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3z # bcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGG # GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2Nh # Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDBF # BgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNl # cnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG # 9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3v1cHvZqsoYcs7IVeqRq7IviH # GmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy3iS8UgPITtAq3votVs/59Pes # MHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cnRNTnf+hZqPC/Lwum6fI0POz3 # A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3WlxUjG/voVA9/HYJaISfb8rb # II01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2zm8jLfR+cWojayL/ErhULSd+ # 2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDGCA4YwggOCAgEBMHcwYzELMAkG # A1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdp # Q2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQQIQ # C65mvFq6f5WHxvnpBOMzBDANBglghkgBZQMEAgIFAKCB4TAaBgkqhkiG9w0BCQMx # DQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MDMzMTIyMjgxNVowKwYL # KoZIhvcNAQkQAgwxHDAaMBgwFgQU29OF7mLb0j575PZxSFCHJNWGW0UwNwYLKoZI # hvcNAQkQAi8xKDAmMCQwIgQgdnafqPJjLx9DCzojMK7WVnX+13PbBdZluQWTmEOP # mtswPwYJKoZIhvcNAQkEMTIEMESJuuOpOYS1OqKoIMmNIstski3j/lSxWMGoUP8K # dbifowkV8julJ5QBDW1uXkcTxzANBgkqhkiG9w0BAQEFAASCAgBm16TjIQanYNXd # COoo9UVC2p47QZwS+TLgDGOG3duqHMC3K6APE0VpM/qR0WPMlpZK6hr2+MqhfzA6 # 4AQ0wOOKN5W2jw5/tPNrcrYK3zFGiVdUQvBxOuTa0U20wq04hRD1Hb+RW5fmJMFk # MaYoOzQ6NXct4O5rvDR3gAspVCgJ2WrVaAQbk5gn2/HiVd8Q2v8+BP25sVUsbwpp # 2PLNK+SSjtlYR0B/ZJfOa0sa+kSlBZwc7x7IDkuA2bCc9s8Q6Xgm2mNpIPJNpVYz # WwrWOYeRl6ivmeji8WyV2y4ZWRwUHSDKBEQMmLt5CB+xQRhZ0qhnxZhbHkN4Gdso # xDZPUUeCN7uQs07qznjCGpNSiMEeYeiLqhrK+jKpwDkETI2DC0XkQdg7e3HbkZbB # Wnd72HYYdr3HzUEUHPAveTUn2VZV51fiaM98YGXblKLIOslL5HM5sDM+/NrsrYFd # AsbcUwa6IjmGNZ4UFUkrI6nf7dU6HjGV9SrcTQWrTZGHaK0vzB0bNL7ilCATJv2e # GlouywdgbnpfTazbH+LKkPlAvo2amxev9yBpx8jNER5WKO2UNITNkuSrM6l26SGz # 9iTWeqTyZgXMkhWFfIdp5bXdi/jGtoIM19ODK1AwtidJ5AYVsLoqp8SGxxsAdR4y # HC68FmHEVqPhea9SUC6qKfvI4Pcx2Q== # SIG # End signature block |