Red Hat Bugzilla – Bug 150478
Geotrust CA Certs not included in /usr/share/ssl/certs/ca-bundle.crt
Last modified: 2007-11-30 17:11:01 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031205
Description of problem:
Geotrust's CA certificate:
Equifax Secure Global eBusiness CA-1
Fingerprint = 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
Are not included in either of these versions of OpenSSL. Therefore, cURL doesn't work with our website, etc.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run curl https://test.secure.IN.gov/
Actual Results: cURL complains that it can't validate the CA certificate:
curl: (60) SSL certificate problem, verify that the CA cert is OK
Expected Results: Website should pull up.
Note: this bug impacts both FC2 and FC3.
In the future, we are keeping the OpenSSL root CA bundle in sync with
the Mozilla root CA bundle. If and when the DFN-PCA cert is accepted
by Mozilla, it will get pulled into a future version of OpenSSL
automatically. Please move this bug to ASSIGNED when the upstream
Mozilla bug is closed.
Requests for inclusion in the Mozilla CA root list can be filed here: