You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.4 KiB
32 lines
1.4 KiB
3 years ago
|
The CA-Certificates package is based on the list provided
|
||
|
by the Mozilla Foundation.
|
||
|
|
||
|
This version of the package contains the following adjustments:
|
||
|
|
||
|
(a)
|
||
|
The following root CA certificate is included in Mozilla's list:
|
||
|
Subject/Issuer: "E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"
|
||
|
Serial Number: 1 (0x1)
|
||
|
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
|
||
|
Fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
|
||
|
|
||
|
For compatibility with signed applets and OpenJDK, this package includes
|
||
|
an additional version of the root CA certificate, which contains the
|
||
|
same issuer/subject names and the same public key, but which contains a
|
||
|
different signature algorithm, serial number and validity dates:
|
||
|
Serial Number:36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
|
||
|
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
|
||
|
Fingerprint (SHA1): E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66
|
||
|
|
||
|
Thawte/Symantec have confirmed that the certificate is authentic at:
|
||
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1100532#c9
|
||
|
|
||
|
(b)
|
||
|
Mozilla has removed several CA certificates that use 1024 bit keys.
|
||
|
|
||
|
For compatibility reasons, this package keeps several of those removed
|
||
|
CA certificates still trusted by default.
|
||
|
|
||
|
Please refer to the ca-legacy(8) man page and the ca-legacy utility
|
||
|
to learn how to disable them, if desired.
|