Bug#646767: ca-certificates: Please, remove gouv.fr/cert_igca_rsa.crt - IGC_A.pem RSA CA now included in mozilla bundle

Michael Shuler Wed, 26 Oct 2011 16:21:19 -0700

Package: ca-certificates
Version: 20111025
Severity: normal

(and, please, research whether the DSA CA cert should also be removed)


The French government RSA/DSA CA certs were added in version 20080617
(#416470).

At some point the same RSA CA cert (IGC_A.crt, below) was included in mozilla
bundle, which was updated in version 20110421, so we now see a duplicate
warning on package upgrade and --fresh update:

$ sudo update-ca-certificates --fresh
Clearing symlinks in /etc/ssl/certs...done.
Updating certificates in /etc/ssl/certs... WARNING: Skipping duplicate 
certificate cert_igca_rsa.pem
WARNING: Skipping duplicate certificate cert_igca_rsa.pem
164 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
$

-- 
Kind regards,
Michael Shuler

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (300, 'unstable'), (100, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ca-certificates depends on:
ii  debconf [debconf-2.0]  1.5.41  
ii  openssl                1.0.0e-2

ca-certificates recommends no packages.

ca-certificates suggests no packages.

-- debconf information:
  ca-certificates/title:
* ca-certificates/enable_crts: brasil.gov.br/brasil.gov.br.crt, 
cacert.org/cacert.org.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, 
gouv.fr/cert_igca_rsa.crt, mozilla/ACEDICOM_Root.crt, 
mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/AddTrust_External_Root.crt, 
mozilla/AddTrust_Low-Value_Services_Root.crt, 
mozilla/AddTrust_Public_Services_Root.crt, 
mozilla/AddTrust_Qualified_Certificates_Root.crt, 
mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, 
mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, 
mozilla/America_Online_Root_Certification_Authority_1.crt, 
mozilla/America_Online_Root_Certification_Authority_2.crt, 
mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/A-Trust-nQual-03.crt, 
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, 
mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_CA_1.crt, 
mozilla/Buypass_Class_3_CA_1.crt, mozilla/CA_Disig.crt, 
mozilla/Camerfirma_Chambers_of_Commerce_Root
 .crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certigna.crt, 
mozilla/Certinomis_-_Autorité_Racine.crt, 
mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/certSIGN_ROOT_CA.crt, 
mozilla/Certum_Root_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, 
mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/CNNIC_ROOT.crt, 
mozilla/Comodo_AAA_Services_root.crt, 
mozilla/COMODO_Certification_Authority.crt, 
mozilla/COMODO_ECC_Certification_Authority.crt, 
mozilla/Comodo_Secure_Services_root.crt, 
mozilla/Comodo_Trusted_Services_root.crt, mozilla/ComSign_CA.crt, 
mozilla/ComSign_Secured_CA.crt, mozilla/Cybertrust_Global_Root.crt, 
mozilla/Deutsche_Telekom_Root_CA_2.crt, 
mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, 
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, 
mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, 
mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, 
mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, 
mozilla/EBG_Elektronik_Sertif
 ika_Hizmet_Sağlayıcısı.crt, 
mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, 
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, 
mozilla/Entrust.net_Secure_Server_CA.crt, 
mozilla/Entrust_Root_Certification_Authority.crt, 
mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, 
mozilla/Equifax_Secure_eBusiness_CA_1.crt, 
mozilla/Equifax_Secure_eBusiness_CA_2.crt, 
mozilla/Equifax_Secure_Global_eBusiness_CA.crt, 
mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, 
mozilla/GeoTrust_Global_CA.crt, 
mozilla/GeoTrust_Primary_Certification_Authority.crt, 
mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, 
mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, 
mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt, 
mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/GlobalSign_Root_CA.crt, 
mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, 
mozilla/Go_Daddy_Class_2_CA.crt, mo
 zilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, 
mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/Hongkong_Post_Root_CA_1.crt, 
mozilla/IGC_A.crt, mozilla/Izenpe.com.crt, mozilla/Juur-SK.crt, 
mozilla/Microsec_e-Szigno_Root_CA_2009.crt, 
mozilla/Microsec_e-Szigno_Root_CA.crt, 
mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, 
mozilla/NetLock_Business_=Class_B=_Root.crt, 
mozilla/NetLock_Express_=Class_C=_Root.crt, 
mozilla/NetLock_Notary_=Class_A=_Root.crt, 
mozilla/NetLock_Qualified_=Class_QA=_Root.crt, 
mozilla/Network_Solutions_Certificate_Authority.crt, 
mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/QuoVadis_Root_CA_2.crt, 
mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA.crt, 
mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/RSA_Root_Certificate_1.crt, 
mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt, 
mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, 
mozilla/Security_Communication_EV_RootCA1.crt, mozilla/Security_Communication_R
 oot_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, 
mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, 
mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, 
mozilla/Starfield_Class_2_CA.crt, 
mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, 
mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, 
mozilla/StartCom_Certification_Authority.crt, 
mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, 
mozilla/Swisscom_Root_CA_1.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, 
mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, 
mozilla/Taiwan_GRCA.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, 
mozilla/TC_TrustCenter_Class_3_CA_II.crt, 
mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, 
mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, 
mozilla/TC_TrustCenter_Universal_CA_I.crt, 
mozilla/TC_TrustCenter_Universal_CA_III.crt, mozilla/TDC_Internet_Root_CA.crt, 
mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozil
 la/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, 
mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Thawte_Server_CA.crt, 
mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, 
mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, 
mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, 
mozilla/TWCA_Root_Certification_Authority.crt, 
mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, 
mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, 
mozilla/ValiCert_Class_2_VA.crt, 
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, 
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, 
mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, 
mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, 
mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, 
mozilla/Verisign_Class_2_Public_Primary_Certificati
 on_Authority_-_G3.crt, 
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, 
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, 
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, 
mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, 
mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, 
mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, 
mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, 
mozilla/VeriSign_Universal_Root_Certification_Authority.crt, 
mozilla/Visa_eCommerce_Root.crt, mozilla/Wells_Fargo_Root_CA.crt, 
mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, 
mozilla/XRamp_Global_CA_Root.crt, signet.pl/signet_ca1_pem.crt, 
signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, 
signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, 
signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.
 pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, 
spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt
  ca-certificates/new_crts:
* ca-certificates/trust_new_crts: yes



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#646767: ca-certificates: Please, remove gouv.fr/cert_igca_rsa.crt - IGC_A.pem RSA CA now included in mozilla bundle

Reply via email to