Bug 727783
| Summary: | VeriSign Class 3 Public Primary Certification Authority not trusted | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | David Juran <djuran> |
| Component: | ca-certificates | Assignee: | Joe Orton <jorton> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 15 | CC: | ahughes, dbhole, jon.vanalten, jorton, jvanek, lkundrak, mjw, mmatejov, omajid, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-04 15:26:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
David Juran
2011-08-03 08:44:25 UTC
Seems the JVM gets it's certs from /etc/pki/java/cacerts Some more details on the missing cert:
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Validity: [From: Fri Jul 16 03:00:00 EEST 2004,
To: Wed Jul 16 02:59:59 EEST 2014]
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
SHA1 Fingerprint: 19:7A:4A:EB:DB:25:F0:17:00:79:BB:8C:73:CB:2D:65:5E:00:18:A4
Our authoritative source for trusted root CAs is Mozilla; this root is not in there, so we don't ship it. Not much more we can do about this; we don't want to start vetting individual CA roots in Fedora. Fair enough. For what it's worth, I've now filed the same question with mozilla in https://bugzilla.mozilla.org/show_bug.cgi?id=676799 |