Well, openssl reads the PEM blob just fine. In fact the blob comes verbatim from the Mozilla truststore (which is exploded into various PEM files at buildtime), so obviously it's not RFC-compliant in there.
$ openssl x509 -text -noout -in /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 Validity Not Before: Jun 21 04:00:00 1999 GMT Not After : Jun 21 04:00:00 2020 GMT Subject: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ba:e7:17:90:02:65:b1:34:55:3c:49:c2:51:d5: df:a7:d1:37:8f:d1:e7:81:73:41:52:60:9b:9d:a1: 17:26:78:ad:c7:b1:e8:26:94:32:b5:de:33:8d:3a: 2f:db:f2:9a:7a:5a:73:98:a3:5c:e9:fb:8a:73:1b: 5c:e7:c3:bf:80:6c:cd:a9:f4:d6:2b:c0:f7:f9:99: aa:63:a2:b1:47:02:0f:d4:e4:51:3a:12:3c:6c:8a: 5a:54:84:70:db:c1:c5:90:cf:72:45:cb:a8:59:c0: cd:33:9d:3f:a3:96:eb:85:33:21:1c:3e:1e:3e:60: 6e:76:9c:67:85:c5:c8:c3:61 Exponent: 65537 (0x10001) X509v3 extensions: Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C X509v3 Subject Key Identifier: BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6C Signature Algorithm: md5WithRSAEncryption 30:e2:01:51:aa:c7:ea:5f:da:b9:d0:65:0f:30:d6:3e:da:0d: 14:49:6e:91:93:27:14:31:ef:c4:f7:2d:45:f8:ec:c7:bf:a2: 41:0d:23:b4:92:f9:19:00:67:bd:01:af:cd:e0:71:fc:5a:cf: 64:c4:e0:96:98:d0:a3:40:e2:01:8a:ef:27:07:f1:65:01:8a: 44:2d:06:65:75:52:c0:86:10:20:21:5f:6c:6b:0f:6c:ae:09: 1c:af:f2:a2:18:34:c4:75:a4:73:1c:f1:8d:dc:ef:ad:f9:b3: 76:b4:92:bf:dc:95:10:1e:be:cb:c8:3b:5a:84:60:19:56:94: a9:55 $ md5sum /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem cad53d7b8b6d076f95d5cd23cac6b626 /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem -- ca-certificates differ from those provided by root CA https://bugs.launchpad.net/bugs/314710 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs