1

It seems GlobalSign's R1 root certificate is not in the default trust CA in CentOS 7.3.

I check the list of Trusted CA's like this:

awk -v cmd='openssl x509 -noout -subject' '
    /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt

Here is the list of GlobalSign's root certificates: https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates

Is there a reason why the R1 is not in that list?

Improve this question

1 Answer 1

Reset to default
2

The R1 root wasn't actually named "R1" at the time it was generated. Its actual subject name is:

CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

It is common for old roots to lack the numbering, because at that time nobody thought they would need more than one root ~20 years in the future.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .