Description of problem: Cannot connect via SSL connection to servers which has missing CAs in ca-bundle.crt e.g. github.com signed by DigiCert CA Version-Release number of selected component (if applicable): openssl-0.9.8e-12.el5_5.7 Steps to Reproduce: 1a. curl --cacert /etc/pki/tls/certs/ca-bundle.crt https://github.com or 1b. git clone https://github.com/whatever/whatever.git Actual results: Cannot connect to many sites which are using newer e.g. "only" 5 years old CAs Expected results: RHEL5 without security issues(Some CAs are missing and others should be removed) Additional info: I see updated RHEL 5.6 provides ca-bundle.crt with content: --- # This is a bundle of X.509 certificates of public Certificate # Authorities. It was generated from the Mozilla root CA list. # # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt # # Generated from certdata.txt RCS revision 1.39 --- 1.39 has been commited 2006-06-09 14:02 -> Completely missing DigiCert CAs 1.42 has been commited 2007-06-05 12:16 -> first evidence of DigiCert CAs 1.68 has been commited 2010-11-26 14:48 -> updated DigiCert CAs To fix issue with DigiCert CA I need at least version 1.68 but definitely prefer latest 1.74 2011-04-12 17:10 What about backporting ca-certificates rpm from RHEL6.x ?