0017829: ca-certificate refresh from NSS

ID	Project	Category	View Status	Date Submitted	Last Update

0017829	CentOS-8	ca-certificates	public	2020-11-03 17:25	2020-11-03 22:33

Reporter	quentinb	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open

Summary	0017829: ca-certificate refresh from NSS
Description	Is it possible to refresh the default ca-certificates package for supported CentOS versions with the latest NSS roots? Specifically, we would like to ensure these two roots from NSS 3.54 (26 June 2020) are included in the package: Microsoft ECC Root Certificate Authority 2017 SHA-256 Fingerprint: 358DF39D764AF9E1B766E9C972DF352EE15CFAC227AF6AD1D70E8E4A6EDCBA02 Microsoft RSA Root Certificate Authority 2017 SHA-256 Fingerprint: C741F70F4B2A8D88BF2E71C14122EF53EF10EBA0CFA5E64CFA20F418853073E0
Tags	No tags attached.

tigalch 2020-11-03 20:48 manager ~0037842	If RH refreshes that package - CentOS will automatically inherit the fix/update. You have to raise this request at RHs bugzilla. Or you could wait for 8.3 to show up (which shouldn't be to long) and see if it is updated. In the mean time you can read the beta RN for 8.3 to see all changes.

quentinb 2020-11-03 22:18 reporter ~0037844	Will do!

quentinb 2020-11-03 22:33 reporter ~0037845	Bug created here: https://bugzilla.redhat.com/show_bug.cgi?id=1894285

Date Modified	Username	Field
2020-11-03 17:25	quentinb	New Issue
2020-11-03 20:48	tigalch	Note Added: 0037842
2020-11-03 22:18	quentinb	Note Added: 0037844
2020-11-03 22:33	quentinb	Note Added: 0037845