I note verisign and thawte both have new root certificates,
we should pick them up before merlin ships.

Are there other root ca's we wish to pick up? For example,
netscape has a bunch that we don't...probably not very widely used,
but may be worth investigating.

ABAecom
Amex
Digital Signature Trust Co.
Entrust
Equifax
GTE CyberTrust
GlobalSign
TC TrustCenter
Valicert

Please see Comments for contact information about verisign...

brad

This also came in via the java-security alias.



To: <###@###.###>
Subject: additional Verisign root CAs for default cacerts file

Hello,

Please add the following two Verisign root certificates to the default copy
of java/lib/security/cacerts

They are not in the cacerts file in Java 1.3 but are used by Verisign to
sign some of the
certificates it issues.

The workaround is to add them manually with keytool.

thank you,



Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.",
O=VeriSign Trust Network
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Serial number: 236c971e2bc60d0bf97460def108c3c3
Valid from: Wed Apr 16 18:00:00 MDT 1997 until: Wed Jan 07 16:59:59 MST 2004
Certificate fingerprints:
MD5: 18:87:5C:CB:F8:20:5D:24:4A:BF:19:C7:13:0E:FD:B4
SHA1: 8B:24:CD:8D:8B:58:C6:DA:72:AC:E0:97:C7:B1:E3:CE:A4:DC:3D:C6

Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
Serial number: 70bae41d10d92934b638ca7b03ccbabf
Valid from: Sun Jan 28 17:00:00 MST 1996 until: Tue Aug 01 17:59:59 MDT 2028
Certificate fingerprints:
MD5: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2

=====================================================================
The bug will be used to track adding Baltimore root certificates. We'll open
new bugs to track adding other CAs' root certificates.