Bug 2121485

Summary: ca-certificates need to add support for signing certs for .NET [rhel-8.6.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: ca-certificatesAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: Alexander Sosedkin <asosedki>
Severity: medium Docs Contact:
Priority: medium    
Version: ---CC: asosedki, ssorce, szidek
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ca-certificates-2022.2.54-80.2.el8_6 Doc Type: Enhancement
Doc Text:
Feature: Object Signing certs have been added to ca-certificates. Reason: Application like .NET need to verify that downloaded code fragments came from some trusted source. The certificates that verify these code fragments are often different than certificates that verify TLS, and have different verification requirements. As such we need to mark those certs which have gone through some verification as valid for code signing. Result: New certs for code signing has been added. These certificates should only show up in /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem, /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt and /usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit. The latter two, the certs are marked with object signing only. Existing certs may have object signing permission addes. The new object signing certs may be expired.
 Story Points: ---
Clone Of: 2117793 Environment:
Last Closed: 2022-09-13 09:49:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2117793    
Bug Blocks:    

Comment 8 errata-xmlrpc 2022-09-13 09:49:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ca-certificates bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:6459