From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031205 Description of problem: Hi, Geotrust's CA certificate: Equifax Secure Global eBusiness CA-1 Fingerprint = 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC Are not included in either of these versions of OpenSSL. Therefore, cURL doesn't work with our website, etc. Version-Release number of selected component (if applicable): openssl-0.9.7a-35, openssl-0.9.7a-40 How reproducible: Always Steps to Reproduce: 1. Run curl https://test.secure.IN.gov/ Actual Results: cURL complains that it can't validate the CA certificate: curl: (60) SSL certificate problem, verify that the CA cert is OK Expected Results: Website should pull up. Additional info: Note: this bug impacts both FC2 and FC3.
In the future, we are keeping the OpenSSL root CA bundle in sync with the Mozilla root CA bundle. If and when the DFN-PCA cert is accepted by Mozilla, it will get pulled into a future version of OpenSSL automatically. Please move this bug to ASSIGNED when the upstream Mozilla bug is closed. Requests for inclusion in the Mozilla CA root list can be filed here: https://bugzilla.mozilla.org/enter_bug.cgi?product=mozilla.org&component=CA%20Certificates