Re: gnome-keyring DigiCert SSL Certificates in GNOME

[Stef <stef-list memberwebs com>]

Christopher Skarda wrote:
> I am pleased to contact you on behalf of DigiCert, Inc.  We have three
> updated root authority SSL certificates including our new EV root that
> we would like to ensure are included/trusted in GNOME projects including
> Epiphany and Balsa. I was told that you might be able to help me.
>  
> Our new root certificates have already been accepted/included in many
> browsers/suites including the following:

<snip>

> We value our GNOME users and would like to ensure that our certificates
> are trusted on GNOME projects as well.  It is likely that our new root
> certificates are already being included in GNOME projects.  Would you
> please confirm whether or not this is the case?    

Hi! Thanks for getting in touch.

At this point in time the GNOME project does not distribute any root CA
certificates. The gnome-keyring component of GNOME has facilities to
facilitate use of the root CA certificates installed on the machine.

Ultimately the Linux Distro and to some extent the administrator of a
system controls the CA certificates installed and trusted.

Projects like Debian and Ubuntu distribute certificates in their
'ca-certificates' package.

In addition GNOME projects like Evolution and Epiphany use the CA
certificates included in Mozilla's NSS security library. These are hard
coded into each NSS release.

I cannot vouch for every distribution of GNOME out there, however I
verified that your up to date certificates are included with at least
the latest Ubuntu, and are available in epiphany, evolution. They are
also present in the 'ca-certificates' package, which balsa seems to use.

Let me know if you have any further questions. I hope it's okay that I
CC'd this to the gnome-keyring mailing list so that others can
contribute any relevant information.

Cheers,

Stef Walter