Correctly specify where CA store comes from

syvb · syvb · commit 1ab3740cac33 · 2024-02-18T18:33:12.000-05:00
CAcert.org does not make a collection of trusted root CAs. GitLab Omnibus uses Curl's version of Mozilla's trust store: https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/e20cbf834fbc3d0ec6e07c9f6c107f5df8a3eb87/config/software/cacerts.rb#L35 I think this error resulted from confusing the `cacert.pem` file (which is the name for any file that contains a collection of CAs), and the `CAcert.org` non-profit (which is a non-profit CA). Signed-off-by: syvb <me@iter.ca>
diff --git a/doc/settings/ssl/index.md b/doc/settings/ssl/index.md
@@ -593,9 +593,9 @@ individual custom certs in the `/etc/gitlab/trusted-certs` directory. They then
 get added to the bundle. They are added using openssl's `c_rehash` method, which
 only works on a [single certificate](#using-a-custom-certificate-chain).
 
-GitLab ships with the official [CAcert.org](http://www.cacert.org/)
-collection of trusted root certification authorities which are used to verify
-certificate authenticity.
+The Linux package ships with the official
+[Mozilla](https://wiki.mozilla.org/CA/Included_Certificates) collection of trusted root
+certification authorities which are used to verify certificate authenticity.
 
 NOTE:
 For installations that use self-signed certificates, the Linux package
