Hi folks,
is there a sanity check for /etc/ssl/certs included in Bookworm?
I've got one host with some missing symlinks in this directory, eg.
root@dpcl064:/etc/ssl/certs# ls -al *SSL.com*
ls: cannot access '*SSL.com*': No such file or directory
It is hard to say what is going on.
I see them in Debian Unstable:
$ find /etc/ssl/certs -iname '*
ssl.com*'
/etc/ssl/certs/SSL.com_TLS_RSA_Root_CA_2022.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
/etc/ssl/certs/SSL.com_TLS_ECC_Root_CA_2022.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem
Other hosts show
root@dpcl082:/etc/ssl/certs# ls -al *SSL.com*
lrwxrwxrwx 1 root root 82 Jul 16 2018 SSL.com_EV_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root 85 Jul 16 2018 SSL.com_EV_Root_Certification_Authority_RSA_R2.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root 79 Jul 16 2018 SSL.com_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root 79 Jul 16 2018 SSL.com_Root_Certification_Authority_RSA.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
The files in /usr/share/ca-certificates are available, of course.
The access rights seem OK. update-ca-certificates or reinstalling
ca-certificates (with overwrite) didn't solve this problem.
Hazarding a guess... Have you upgraded that system over the years? That may explain why you are seeing old artifacts and dead symlinks.
Maybe you should run `symlinks -r / | grep dangling` to locate dead symlinks, and then run `symlink -r -d /` to delete them (once you are satisfied with the resulting list).
Jeff