Bug 727783
Summary: | VeriSign Class 3 Public Primary Certification Authority not trusted | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Juran <djuran> |
Component: | ca-certificates | Assignee: | Joe Orton <jorton> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 15 | CC: | ahughes, dbhole, jon.vanalten, jorton, jvanek, lkundrak, mjw, mmatejov, omajid, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-08-04 15:26:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Juran
2011-08-03 08:44:25 UTC
Seems the JVM gets it's certs from /etc/pki/java/cacerts Some more details on the missing cert: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Validity: [From: Fri Jul 16 03:00:00 EEST 2004, To: Wed Jul 16 02:59:59 EEST 2014] CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US SHA1 Fingerprint: 19:7A:4A:EB:DB:25:F0:17:00:79:BB:8C:73:CB:2D:65:5E:00:18:A4 Our authoritative source for trusted root CAs is Mozilla; this root is not in there, so we don't ship it. Not much more we can do about this; we don't want to start vetting individual CA roots in Fedora. Fair enough. For what it's worth, I've now filed the same question with mozilla in https://bugzilla.mozilla.org/show_bug.cgi?id=676799 |