|Summary:||Request for inclusion of ca certificate into ca-bundle.crt|
|Product:||[Fedora] Fedora||Reporter:||Daniel Vollbrecht <d+redhat>|
|Component:||openssl||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED DEFERRED||QA Contact:||Brian Brock <bbrock>|
|Version:||2||CC:||bernie+fedora, dwmw2, eric.eisenhart, greg.martyn, jorton, mjc, niv, petri.koistinen, russell, scottainslie, tim|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-09-08 15:58:35 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Daniel Vollbrecht 2004-04-07 15:37:44 UTC
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux) Description of problem: I would apply for the addition of the DFN-PCA SSL certificate. The cert is available at http://www.dfn-pca.de/certification/x509/g1/data/html/cacert.html As far as I know, the requirements are fulfilled: (a) The DFN-PCA is root CA in the DFN association (b) certification is offered to the public, for non-commercial organizations without fee (c) info about DFN-PCA authority http://www.dfn-cert.de/eng/dfncert/ (d) policy http://www.dfn-pca.de/certification/policies/ssl-tls/cp-1.4/wwwpolicy.html --- http://www.dfn.de/content/welcometodfn/aboutdfn/ --- "The DFN-Verein is a non-profit association of the research, development and education sector in Germany to promote computer-based communication and information services." Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.cert not present 2. 3. Additional info:
Comment 1 Petri Koistinen 2004-10-15 22:11:21 UTC
Root Certificate from https://www.cacert.org/ would be great.
Comment 2 Joe Orton 2005-01-27 09:53:10 UTC
In the future, we are keeping the OpenSSL root CA bundle in sync with the Mozilla root CA bundle. If and when the DFN-PCA cert is accepted by Mozilla, it will get pulled into a future version of OpenSSL automatically. Please move this bug to ASSIGNED when the upstream Mozilla bug is closed.
Comment 3 Nicolas Vilz 'niv' 2005-07-22 12:17:56 UTC
other distros have outsourced ca-certs for console progs. the package is called ca-certificates. On these distros you refer on /etc/ssl/certs/ and can easily add some for your own ... would that be a big problem for you guys?
Comment 4 Tomas Mraz 2005-09-08 15:58:35 UTC
This problem will be resolved in a future release of Fedora Core if the certificate is included in the Mozilla root CA bundle. See comment #2.
Comment 5 Bernie Innocenti 2006-08-03 23:37:19 UTC
Please don't wait for Mozilla to catch up, it won't be soon enough for FC6. Missing support out of the box in Fedora is preventing us to switch to CaCert for SSL.