On 10/06/2020 16:51, Philippe Normand wrote: > Package: ca-certificates > Version: 20200601 > Severity: normal > > Dear Maintainer, > > Since the update of ca-certificates to version 20200601 I can no longer access > webkit.org websites. >
The removed CA (GeoTrust Global CA) is used to sign the Apple intermediate certificate "Apple IST CA 2 - G1". Firefox and Chrome have some sort of hack (likely a whitelist) specifically to trust this Apple's intermediate CAs: https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec So the website still works in Firefox and Chrome on Debian, even with GeoTrust removed. But it doesn't work with GnuTLS (or the Epiphany web browser).
signature.asc
Description: OpenPGP digital signature