Bug 1894285

Summary: ca-certificate refresh from NSS
Product: Red Hat Enterprise Linux 8 Reporter: Kristin Bracken <kristin.bracken>
Component: ca-certificatesAssignee: Bob Relyea <rrelyea>
Status: CLOSED DEFERRED QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: unspecified    
Version: 8.0   
Target Milestone: rc   
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 19:30:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kristin Bracken 2020-11-03 22:33:07 UTC 
Description of problem:

Can you please refresh the default ca-certificates package for supported Red Hat, Fedora, and CentOS versions with the latest NSS roots?

Specifically, we would like to ensure these two roots from NSS 3.54 (26 June 2020) are included in the package:

Microsoft ECC Root Certificate Authority 2017
SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02

Microsoft RSA Root Certificate Authority 2017
SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Bob Relyea 2020-11-04 19:30:44 UTC 
We generally do ca-certificate refreshes on an annual basis. The current NSS is rhel 8 is 3.53.1, and the last ca-certificate update happened last June.