@@ -1,6 +1,6 @@
-all: cert-1.crt CPCA_TRCA.crt
+all: cert-1.crt CPCA_TRCA.crt CommonPolicy.crt
 	grep -l 'Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA' *.crt | xargs rm -f
 	grep -l 'Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA' *.crt  | xargs grep -H 'Issuer:' | grep -v 'Issuer: C=us, O=U.S. Government, OU=FBCA, CN=Common Policy' | cut -f 1 -d : | xargs rm -f
 
 CPCA_TRCA.crt:
 	wget -O - --no-check-certificate https://pki.treas.gov/CPCA_TRCA.cer | openssl x509 -text > "$@.new"
@@ -11,10 +11,14 @@
 	mv "$@.new" "$@"
 
 root_sia.p7b:
 	wget -O "$@.new" --no-check-certificate https://pki.treas.gov/root_sia.p7b
 	mv "$@.new" "$@"
+
+CommonPolicy.crt:
+	wget -O - http://fpkia.gsa.gov/CommonPolicy/CommonPolicy.crt | openssl x509 -inform der -text > "$@.new"
+	mv "$@.new" "$@"
 
 cert-%.crt: root_sia.p7b caCertsIssuedTofcpca.p7c
 	idx=0; \
 	( \
 		openssl pkcs7 -in root_sia.p7b -inform DER -print_certs -text; \
@@ -29,9 +33,9 @@
 		fi; \
 	done
 
 clean:
 	rm -f cert-*.crt
-	rm -f CPCA_TRCA.crt.new root_sia.p7b.new caCertsIssuedTofcpca.p7c.new
+	rm -f CPCA_TRCA.crt.new root_sia.p7b.new caCertsIssuedTofcpca.p7c.new CommonPolicy.crt.new
 
 distclean: clean
-	rm -f CPCA_TRCA.crt root_sia.p7b caCertsIssuedTofcpca.p7c
+	rm -f CPCA_TRCA.crt root_sia.p7b caCertsIssuedTofcpca.p7c CommonPolicy.crt