Bug 736309

Summary: DigiCert certificates missing in /etc/pki/tls/certs/ca-bundle.crt
Product: Red Hat Enterprise Linux 5 Reporter: Petr Ruzicka <pruzicka>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.7CC: lkoranda, mhomolov
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-07 11:27:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Ruzicka 2011-09-07 11:06:39 UTC 
Description of problem:
There are missing DigiCert certificates in /etc/pki/tls/certs/ca-bundle.crt

Version-Release number of selected component (if applicable):
openssl-0.9.8e-20.el5
/etc/pki/tls/certs/ca-bundle.crt (Generated from certdata.txt RCS revision 1.39)

How reproducible:
# grep -B 3 'Issuer: C=US, O=DigiCert'  /etc/pki/tls/certs/ca-bundle.crt
#

Steps to Reproduce:
# grep -B 3 'Issuer: C=US, O=DigiCert'  /etc/pki/tls/certs/ca-bundle.crt
#
  
Actual results:

# grep -B 3 'Issuer: C=US, O=DigiCert'  /etc/pki/tls/certs/ca-bundle.crt
#


Expected results:
*** Executed on RHEL 6.x

# grep -B 3 'Issuer: C=US, O=DigiCert'  /etc/pki/tls/certs/ca-bundle.crt
        Serial Number:
            0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
--
        Serial Number:
            08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
--
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA

Additional info:
The "DigiCert Inc" certificates are in the latest RHEL 6.x versions (/etc/pki/tls/certs/ca-bundle.crt), but they are not in RHEL5.x
There is a request from the customer to "backport" the certificates form RHEL 6.x to RHEL5.x.
Comment 1 Tomas Mraz 2011-09-07 11:27:21 UTC 

*** This bug has been marked as a duplicate of bug 735819 ***