An updated ca-certificates package that fixes several bugs and adds variousenhancements is now available for Red Hat Enterprise Linux 7.

The ca-certificates package contains a set of Certification Authority (CA)certificates chosen by the Mozilla Foundation for use with the Internet PublicKey Infrastructure (PKI).The ca-certificates package has been upgraded to upstream version 2.4, whichprovides a number of bug fixes and enhancements over the previous version.Notably, the package now contains the following modifications:Mozilla previously removed trust from several legacy CA certificates containing1024-bit RSA keys. This version of the ca-certificates package modifies theMozilla list to keep these legacy CA certificates trusted by default. Thesemodifications have been made to ensure compatibility with existing PKIdeployments and with software based on OpenSSL or GnuTLS.The ca-certificates package now also includes the “ca-legacy” command, which canbe used to disable the mentioned compatibility modifications. Refer to theca-legacy(8) manual page for more information on how to use the command.Users who intend to disable the legacy modifications are also advised to referto the following Knowledge Base article, which provides details about thesemodifications and the potential consequences of disabling them:https://access.redhat.com/articles/1413643Note that using the unified CA store is required to be able to use the”ca-legacy” command. See the update-ca-trust(8) manual page to learn how toenable the unified CA store.(BZ#1211980)This update also fixes the following bug:* Previously, the OpenJDK service and the Icedtea-Web plug-in in some casesfailed to verify a signed applet if the applet contained the “Thawte PremiumServer CA” root Certification Authority (CA) certificate. This update adds themissing version of the certificate to the set of trusted CA certificates, whichallows OpenJDK and Icedtea-Web to successfully verify the affected applets.(BZ#1211998)Users of ca-certificates are advised to upgrade to this updated package, whichfixes these bugs and adds these enhancements.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
ca-certificates-2015.2.4-70.0.el7_1.src.rpm
    MD5: 9a7a2a8a1a463634eac978d3dc2a28c6SHA-256: a7f50020b97dd4bba1349c503f07f1878ce0ab73493b09648e57dfeadf190bdb
 
x86_64:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
    MD5: 1a63315315fb20b758ec585523dac062SHA-256: 2472e009d61af893c09ccfec431771ff382e04881392859d1b5a079067546d56
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
ca-certificates-2015.2.4-70.0.el7_1.src.rpm
    MD5: 9a7a2a8a1a463634eac978d3dc2a28c6SHA-256: a7f50020b97dd4bba1349c503f07f1878ce0ab73493b09648e57dfeadf190bdb
 
x86_64:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
    MD5: 1a63315315fb20b758ec585523dac062SHA-256: 2472e009d61af893c09ccfec431771ff382e04881392859d1b5a079067546d56
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
ca-certificates-2015.2.4-70.0.el7_1.src.rpm
    MD5: 9a7a2a8a1a463634eac978d3dc2a28c6SHA-256: a7f50020b97dd4bba1349c503f07f1878ce0ab73493b09648e57dfeadf190bdb
 
PPC:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
    MD5: 1a63315315fb20b758ec585523dac062SHA-256: 2472e009d61af893c09ccfec431771ff382e04881392859d1b5a079067546d56
 
s390x:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
    MD5: 1a63315315fb20b758ec585523dac062SHA-256: 2472e009d61af893c09ccfec431771ff382e04881392859d1b5a079067546d56
 
x86_64:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
    MD5: 1a63315315fb20b758ec585523dac062SHA-256: 2472e009d61af893c09ccfec431771ff382e04881392859d1b5a079067546d56
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
ca-certificates-2015.2.4-70.0.el7_1.src.rpm
    MD5: 9a7a2a8a1a463634eac978d3dc2a28c6SHA-256: a7f50020b97dd4bba1349c503f07f1878ce0ab73493b09648e57dfeadf190bdb
 
x86_64:
ca-certificates-2015.2.4-70.0.el7_1.noarch.rpm
    MD5: 1a63315315fb20b758ec585523dac062SHA-256: 2472e009d61af893c09ccfec431771ff382e04881392859d1b5a079067546d56
 
(The unlinked packages above are only available from the Red Hat Network)
1211980 – [RHEL7.1] ca-certificates 2.4 update required for firefox 38 ESR

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply