New versions of OMD include /opt/omd/versions/ 1.2.6b12.mk/lib/perl5/lib/perl5/Mozilla/CA/cacert.pem which is missing one or more valid verisign roots. Perl scripts (at least the ones using lwp) will use that CA Cert file instead of the system ca directory. One of the verisign root / int certs is missing; "Class 3 Public Primary Certification Authority" or "VeriSign Class 3 Public Primary Certification Authority - G5" or "Symantec Class 3 Secure Server CA - G4" (don't know which one).
Using centos 6, I could work around the issue by specifying the system store with HTTPS_CA_DIR=/etc/pki/tls/certs/ca-bundle.crt or by replacing cacert.pem with the system file (or a symlink to the system file). I can't see an upside including a CA with OMD, esp one that differs with the OS install. Is this an intentional change? Or an oversight? Patrick -- * Patrick **Flaherty *| * w:* *e:* [email protected]
_______________________________________________ omd-users mailing list [email protected] http://lists.mathias-kettner.de/mailman/listinfo/omd-users
