An updated ca-certificates package that fixes several bugs and adds variousenhancements is now available for Red Hat Enterprise Linux 6.

The ca-certificates package contains a set of Certification Authority (CA)certificates chosen by the Mozilla Foundation for use with the Internet PublicKey Infrastructure (PKI).The ca-certificates package has been upgraded to upstream version 2.4, whichprovides a number of bug fixes and enhancements over the previous version.Notably, the package now contains the following modifications:Mozilla previously removed trust from several legacy CA certificates containing1024-bit RSA keys. This version of the ca-certificates package modifies theMozilla list to keep these legacy CA certificates trusted by default. Thesemodifications have been made to ensure compatibility with existing PKIdeployments and with software based on OpenSSL or GnuTLS.The ca-certificates package now also includes the “ca-legacy” command, which canbe used to disable the mentioned compatibility modifications. Refer to theca-legacy(8) manual page for more information on how to use the command.Users who intend to disable the legacy modifications are also advised to referto the following Knowledge Base article, which provides details about thesemodifications and the potential consequences of disabling them:https://access.redhat.com/articles/1413643Note that using the unified CA store is required to be able to use the”ca-legacy” command. See the update-ca-trust(8) manual page to learn how toenable the unified CA store.(BZ#1208025)This update also fixes the following bug:* Previously, the OpenJDK service and the Icedtea-Web plug-in in some casesfailed to verify a signed applet if the applet contained the “Thawte PremiumServer CA” root Certification Authority (CA) certificate. This update adds themissing version of the certificate to the set of trusted CA certificates, whichallows OpenJDK and Icedtea-Web to successfully verify the affected applets.(BZ#1211942)Users of ca-certificates are advised to upgrade to this updated package, whichfixes these bugs and adds these enhancements.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
ca-certificates-2015.2.4-65.0.1.el6_6.src.rpm
    MD5: 74a0db6360e234b7f416970c82b136bfSHA-256: b0c32aac9a75ed5477ffcbfb01384c0285fb41a3c71f383a563415c40fb3a528
 
IA-32:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
x86_64:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
ca-certificates-2015.2.4-65.0.1.el6_6.src.rpm
    MD5: 74a0db6360e234b7f416970c82b136bfSHA-256: b0c32aac9a75ed5477ffcbfb01384c0285fb41a3c71f383a563415c40fb3a528
 
x86_64:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
ca-certificates-2015.2.4-65.0.1.el6_6.src.rpm
    MD5: 74a0db6360e234b7f416970c82b136bfSHA-256: b0c32aac9a75ed5477ffcbfb01384c0285fb41a3c71f383a563415c40fb3a528
 
IA-32:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
PPC:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
s390x:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
x86_64:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
ca-certificates-2015.2.4-65.0.1.el6_6.src.rpm
    MD5: 74a0db6360e234b7f416970c82b136bfSHA-256: b0c32aac9a75ed5477ffcbfb01384c0285fb41a3c71f383a563415c40fb3a528
 
IA-32:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
PPC:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
s390x:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
x86_64:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
ca-certificates-2015.2.4-65.0.1.el6_6.src.rpm
    MD5: 74a0db6360e234b7f416970c82b136bfSHA-256: b0c32aac9a75ed5477ffcbfb01384c0285fb41a3c71f383a563415c40fb3a528
 
IA-32:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
x86_64:
ca-certificates-2015.2.4-65.0.1.el6_6.noarch.rpm
    MD5: 68977ddcd4ef29e40f4e01e370dedf4dSHA-256: d48bd40fe2fb3f884d71400838bfb40275c0b3ae30b9723fdbbacd2eab16e970
 
(The unlinked packages above are only available from the Red Hat Network)
1208025 – [RHEL6.6] ca-certificates 2.4 update required for firefox 38 ESR

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply