Entrust, Inc., a certificate authority in Mozilla’s root program, informed the mozilla project that that one of their subordinate CAs, the Malaysian company DigiCert Sdn. Bhd, has issued 22 certificates with weak keys. References: http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ https://bugzilla.mozilla.org/show_bug.cgi?id=698753
Created nss tracking bugs for this issue Affects: fedora-all [bug 751674]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:1444 https://rhn.redhat.com/errata/RHSA-2011-1444.html
This issue does not affect the version of ca-certificates package shipped with Red Hat Enterprise since the affected certificate is not shipped by the package. This issue does not affect the version of ca-certificates package shipped with Fedora-14, Fedora-15 and Fedora-16, since the affected certificate is not shipped by the package.