What were you trying to do that didn't work?

We now have 3 customers getting a certificate issue when connecting to their internal services after they updated ca-certificates to ca-certificates-2025.2.80_v9.0.304-80.2.el8_10.

Rollbacking to ca-certificates-2024.2.69_v8.0.303-80.0.el8_10.noarch fixes the issue.

Diff'ing the PEMs, we can see that a few Root CAs disappeared from the new bundle (see attached for 303 and 304 PEMs):

• Baltimore CyberTrust Root
• Comodo AAA Services root
• Entrust.net Premium 2048 Secure Server CA
• Entrust Root Certification Authority - G4
• GlobalSign Root CA
• Go Daddy Class 2 CA
• Security Communication RootCA3
• Starfield Class 2 CA
• XRamp Global CA Root

"Comodo AAA Services root" is used by one of the customers (no feedback from other customers yet).

What is the impact of this issue to you?

Customers cannot run their applications

Please provide the package NVR for which the bug is seen:

ca-certificates-2025.2.80_v9.0.304-80.2.el8_10

How reproducible is this bug?

Always on customers sites.