Red Hat Bugzilla – Bug 171149
Missing CA certificates in ca-bundle.crt
Last modified: 2007-11-30 17:07:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5
Description of problem:
Because wget now enforces ssl cert validity, I discovered that the ca-bundle.crt is missing several common certs. This is quite inconvient, and I think ca-bundle.crt should include them.
It seems to be missing most of the Equifax certs, which are now sold by geotrust. The one my certs are signed with is:
# cat Equifax_Secure_Global_eBusiness_CA.pem
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. use any ssl based tool
Are these certificates contained in recent Mozilla/Firefox releases? We are
keeping certificates in ca-bundle.crt in sync with Mozilla.
They've been in firefox as long as I've been using it.
This problem will be resolved in the next release of Red Hat Enterprise Linux.
Red Hat does not currently plan to provide a resolution for this in a Red Hat
Enterprise Linux update for currently deployed systems.
With the goal of minimizing risk of change for deployed systems, and in response
to customer and partner requirements, Red Hat takes a conservative approach when
evaluating changes for inclusion in maintenance updates for currently deployed
products. The primary objectives of update releases are to enable new hardware
platform support and to resolve critical defects.