Don O'Malley wrote:
Which certs are required? (These may have changed since the Oracle acquisition)CN=GTE CyberTrust Global Root CN=VeriSign Class 3 Secure Server CA - G2
See attached copy of getupdates.pem, in which I've included information about "Subject" and "Issuer" of each of the 5 included certificates. I used "openssl x509 -in <cert.pem> -noout -text" for that.
You'll see that nothing has changed for the Akamai cert (4), it still requires the same "GTE CyberTrust Global Root" (5).
For the Oracle cert (1), two Verisign certs a required, as it is signed by "VeriSign International Server CA - Class 3" (2) which itself is signed by "Class 3 Public Primary Certification Authority" (3).
It's kind of strange/unusual that the certs for Oracle/Akamai themselves are included in the PEM file. These are presented to the user/wget when accessing the servers, so they aren't needed in the ca-file, IMHO. Should do no harm, though, but I plan to include only 2/3/5 in PCA.
And, BTW, we wouldn't need to talk about all this if Sun/Oracle would deliver a default set of CA certificates with OpenSSL in Solaris for wget to be used, like IMO all Linux distributions do (just like webbrowsers include them). I think there's an open Feature Request on that for a loooong time. No idea why this was never implemented.
Martin.
# Subject: C=US, ST=California, L=Redwood Shores, O=Oracle Corporation, OU=Global IT, OU=Terms of use at www.verisign.com/rpa (c)10, CN=*.oracle.com # Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign #-----BEGIN CERTIFICATE----- #MIIEdzCCA+CgAwIBAgIQeFTJcTtAoD2TTksbfyZhcDANBgkqhkiG9w0BAQUFADCB #ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy #aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy #dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg #SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x #MDA0MTMwMDAwMDBaFw0xMTA1MDUyMzU5NTlaMIG4MQswCQYDVQQGEwJVUzETMBEG #A1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxQOUmVkd29vZCBTaG9yZXMxGzAZBgNV #BAoUEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxQJR2xvYmFsIElUMTMwMQYD #VQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMTAx #FTATBgNVBAMUDCoub3JhY2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC #gYEAyyu9W3Bx4qbMBnhzzOOn/fpdInlVVMf3VCXifV7YdzTExu1geurIyxAVM0c9 #s+LdRUnkH1IJAXSRgjNvXTw5b5D/BBg1yCcXzWc74yK7C2lBEAJ+c0SGzEOR/hJK #lnXSjQsVzxCP1Y/RfkD2kUUa+nkQH1gnovQJV6KbXw1cj50CAwEAAaOCAXwwggF4 #MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNp #Z24uY29tMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgG #CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDwGA1UdHwQ1 #MDMwMaAvoC2GK2h0dHA6Ly9TVlJJbnRsLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50 #bC5jcmwwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEG #CisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBY #MFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUY #MCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG #9w0BAQUFAAOBgQANTX0XzRGJD6RaE6pDkasRMP2f+vrmq9bI2RI7U3LyQEdhyNsN #GQTxC++8uQ8Cv7PN3sTXKgMXZPdK+ec1YDTiVVCyFvxSJrfYNBM4mX9qPacy7WuR #ROEuAAvrqzZP8Ztx8VhfEYlDAVLznm3+KvKpJEZErcpwLa0MYjJD40ezJg== #-----END CERTIFICATE----- # O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign # Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority -----BEGIN CERTIFICATE----- MIIDgzCCAuygAwIBAgIQRvzrurTQLw+SYJgjP5MHjzANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNOTcwNDE3MDAwMDAwWhcNMTYxMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB 4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB BQUAA4GBAECOSZeWinPdjk3vPmG3yqBirfQOCrt1PeJu2CzHv/S5jDabyqLQnHJG OfamggNlEcS8vy2m9dk7CrWY+rN4uR7yK0xi1f2yeh3fM/1z+aXYLYwq6tH8sCi2 6UlIE0uDihtIeyT3ON5vQVS4q1drBt/HotSp9vE2YoCI8ot11oBx -----END CERTIFICATE----- # Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority # Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority -----BEGIN CERTIFICATE----- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k -----END CERTIFICATE----- # Subject: C=US, O=Akamai Technologies, Inc., CN=a248.e.akamai.net # Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root #-----BEGIN CERTIFICATE----- #MIIDWjCCAsOgAwIBAgIEBydp0jANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJV #UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU #cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds #b2JhbCBSb290MB4XDTEwMTAwNjE2NDE1NloXDTExMTAwNjE2NDA0N1owTTELMAkG #A1UEBhMCVVMxIjAgBgNVBAoTGUFrYW1haSBUZWNobm9sb2dpZXMsIEluYy4xGjAY #BgNVBAMTEWEyNDguZS5ha2FtYWkubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB #iQKBgQC8PUr4BwqDRC0+yzx9NwUa7inni4h4TfzbBh13GmKyuLfSJrOi2nXevSc/ #3cSIWPK22aN8P6vyckT65mcoeIz94bAlgBgPeIHiaGq2kY6hZ9bJR2Hrn8nmBpnM #7QPuU5gtuVzFqxysXpii8ei8ToR+jZ4KMGg0wileZuFSvikHjQIDAQABo4IBHTCC #ARkwCQYDVR0TBAIwADAsBgNVHREEJTAjghFhMjQ4LmUuYWthbWFpLm5ldIIOKi5h #a2FtYWloZC5uZXQwCwYDVR0PBAQDAgUgMIGJBgNVHSMEgYEwf6F5pHcwdTELMAkG #A1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RF #IEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJU #cnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL3d3 #dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMTgvY2RwLmNybDANBgkq #hkiG9w0BAQUFAAOBgQAfZxNEBHTAdSMhq4Atk6a/HEyS6TCpul1RFGf0339yiOq5 #OkXKgsqFnUxMtVSXlpGIeCzSG9C2Q77yLarU6BeDbcfXmihktShSXvb3y/NeiyQM #ysuvupB5EZ3SLB1cZuag0TvUR2QBAvYOP0Xac+nkSQcnvblIpGLOO6w1UwpOrQ== #-----END CERTIFICATE----- # Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root # Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root -----BEGIN CERTIFICATE----- MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ -----END CERTIFICATE-----
