Warning: Verisign/Symantec Class 3 Public Primary CA root certificate being dropped from ca-bundle.crt

Message boards : BOINC client : Warning: Verisign/Symantec Class 3 Public Primary CA root certificate being dropped from ca-bundle.crt
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15477
Netherlands
Message 66114 - Posted: 14 Dec 2015, 21:08:38 UTC
Last modified: 14 Dec 2015, 21:08:51 UTC

Due to Google moving to distrust the “Class 3 Public Primary CA” root certificate operated by Symantec Corporation, we're removing the Symantec/Verisign Class 3 Public Primary CA root certificate from ca-bundle.crt, bundled with BOINC clients.

Things you can expect that will happen due to this removal:

- In the worst case ‘one additional certificate authority’ is trusted by the BOINC client that browsers do not trust. Volunteers would be more annoyed with their browser not working against a project server than with the BOINC client that is working.

- By removing the cert, we potentially can cause a problem where new clients stop working while the browser continues to work for a few weeks (until the various vendors remove the root CA certificate from their root stores).

- The more common scenario will be that new clients stop working against a project.

Making a backup copy of your old ca-bundle.crt (in the BOINC Program directory) and putting it back in place for the new certificate file may overcome this, until the project catches up.

Open discussion thread available here.
ID: 66114 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15477
Netherlands
Message 66116 - Posted: 14 Dec 2015, 23:24:35 UTC

Rom Walton wrote:
I’ve removed the old root CA from the bundle.

WCG and E@H are using certs from Thawte while R@H is using a cert from Comodo.
CERN is using self-signed certs for their HTTPS traffic.

I don’t expect that this is going to be an issue within the BOINC world.

----- Rom
ID: 66116 · Report as offensive

Message boards : BOINC client : Warning: Verisign/Symantec Class 3 Public Primary CA root certificate being dropped from ca-bundle.crt

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.