Bug 150478 - Geotrust CA Certs not included in /usr/share/ssl/certs/ca-bundle.crt
Geotrust CA Certs not included in /usr/share/ssl/certs/ca-bundle.crt
Product: Fedora
Classification: Fedora
Component: openssl097a (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2005-03-07 10:26 EST by Greg Swallow
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: openssl-0.9.7f-5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-16 14:35:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Greg Swallow 2005-03-07 10:26:03 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031205

Description of problem:

Geotrust's CA certificate:

Equifax Secure Global eBusiness CA-1
Fingerprint =  8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC

Are not included in either of these versions of OpenSSL.  Therefore, cURL doesn't work with our website, etc.

Version-Release number of selected component (if applicable):
openssl-0.9.7a-35, openssl-0.9.7a-40

How reproducible:

Steps to Reproduce:
1. Run curl https://test.secure.IN.gov/ 

Actual Results:  cURL complains that it can't validate the CA certificate:

curl: (60) SSL certificate problem, verify that the CA cert is OK

Expected Results:  Website should pull up.

Additional info:

Note: this bug impacts both FC2 and FC3.
Comment 1 Tomas Mraz 2005-03-07 10:52:31 EST
In the future, we are keeping the OpenSSL root CA bundle in sync with
the Mozilla root CA bundle.  If and when the DFN-PCA cert is accepted
by Mozilla, it will get pulled into a future version of OpenSSL
automatically.  Please move this bug to ASSIGNED when the upstream
Mozilla bug is closed.

Requests for inclusion in the Mozilla CA root list can be filed here:


Note You need to log in before you can comment on or make changes to this bug.