|
 |
d77b68 |
The CA-Certificates package is based on the list provided
|
|
|
d77b68 |
by the Mozilla Foundation.
|
|
|
d77b68 |
|
|
|
d77b68 |
This version of the package contains the following adjustments:
|
|
|
d77b68 |
|
|
|
d77b68 |
(a)
|
|
|
d77b68 |
The following root CA certificate is included in Mozilla's list:
|
|
|
d77b68 |
Subject/Issuer: "E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA"
|
|
|
d77b68 |
Serial Number: 1 (0x1)
|
|
|
d77b68 |
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
|
|
|
d77b68 |
Fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
|
|
|
d77b68 |
|
|
|
d77b68 |
For compatibility with signed applets and OpenJDK, this package includes
|
|
|
d77b68 |
an additional version of the root CA certificate, which contains the
|
|
|
d77b68 |
same issuer/subject names and the same public key, but which contains a
|
|
|
d77b68 |
different signature algorithm, serial number and validity dates:
|
|
|
d77b68 |
Serial Number:36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
|
|
|
d77b68 |
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
|
|
|
d77b68 |
Fingerprint (SHA1): E0:AB:05:94:20:72:54:93:05:60:62:02:36:70:F7:CD:2E:FC:66:66
|
|
|
d77b68 |
|
|
|
d77b68 |
Thawte/Symantec have confirmed that the certificate is authentic at:
|
|
|
d77b68 |
https://bugzilla.mozilla.org/show_bug.cgi?id=1100532#c9
|
|
|
d77b68 |
|
|
|
d77b68 |
(b)
|
|
|
d77b68 |
Mozilla has removed several CA certificates that use 1024 bit keys.
|
|
|
d77b68 |
|
|
|
d77b68 |
For compatibility reasons, this package keeps several of those removed
|
|
|
d77b68 |
CA certificates still trusted by default.
|
|
|
d77b68 |
|
|
|
d77b68 |
Please refer to the ca-legacy(8) man page and the ca-legacy utility
|
|
|
d77b68 |
to learn how to disable them, if desired.
|