Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-84108

ca-certificates: directory-hash format is not in "--BEGIN TRUSTED CERT--" format as expected

XMLWordPrintable

    • No
    • Important
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 0.5
    • False
    • Hide

      None

      Show
      None
    • None
    • Crypto25Q2
    • Hide

      1. Putting a cert into

      • anchors: results in cert being trusted (with the flags specified)
      • sources: same
      • blocklist: the cert is still present in the directory-hash, but the trust flags are removed (exclusive to RHEL-10)
      • a subdirectory of some other name: ignored

      2. directory-hash output directory certificates change to BEGIN TRUSTED CERT format [modify /CoreOS//ca-certificates/Sanity/directory-hash]

      Show
      1. Putting a cert into anchors: results in cert being trusted (with the flags specified) sources: same blocklist: the cert is still present in the directory-hash, but the trust flags are removed (exclusive to RHEL-10) a subdirectory of some other name: ignored 2. directory-hash output directory certificates change to BEGIN TRUSTED CERT format [modify /CoreOS//ca-certificates/Sanity/directory-hash]
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      As ca-certificated moved from using the openssl pem bundle to directory-hash format the certificates are now not available in the "-- BEGIN TRUSTED CERT  --" format.
      Additionally the certificates from /etc/pki/ca-trust/sources/ are not imported.

              fkrenzel František Krenželok
              fkrenzel František Krenželok
              František Krenželok František Krenželok
              Alexander Sosedkin Alexander Sosedkin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: