Re: armhf: buster: TLS / HTTPS partly broken

To: Michael Howard <mike@dewberryfields.co.uk>
Cc: debian-user@lists.debian.org
Subject: Re: armhf: buster: TLS / HTTPS partly broken
From: Mark Jonas <toertel@gmail.com>
Date: Tue, 5 May 2020 16:04:16 +0200
Message-id: <[🔎] CAEE5dN3fg8LsbWrxG3pPtV6KEhc02UYwrxqoDzNC-K6YEwPp2g@mail.gmail.com>
In-reply-to: <[🔎] f7131a80-82e0-9be1-4cd9-eff2a568adc5@dewberryfields.co.uk>
References: <[🔎] E1jVIq6-0001iW-HI@enotuniq.net> <[🔎] CAEE5dN2UPJVPd=sponpjVPNE-0JVUryR3sp5kAJXEHn33c3RBw@mail.gmail.com> <[🔎] E1jVVxh-00059Q-Lw@enotuniq.net> <[🔎] CAEE5dN14fdrwhgjEVTdM=j-kUyAaMUa3WZYmmgKcoMvRgNwXiQ@mail.gmail.com> <[🔎] E1jVa1K-0005W2-02@enotuniq.net> <[🔎] CAEE5dN2bJaCkkxJrcESCx6RMgQq4iGvB0FN9S=kDk+C-99UFYg@mail.gmail.com> <[🔎] E1jVpbI-0000pb-At@enotuniq.net> <[🔎] CAEE5dN0xoeUztD69G1tGB1G-3qPXuAJE5RJSv0G37tSzNXrpjQ@mail.gmail.com> <[🔎] E1jVqzp-0000rj-I0@enotuniq.net> <[🔎] CAEE5dN3v6pgbP6xmaFppxuU2VCt=5Q0Hs82jKHMJdJknz7noSA@mail.gmail.com> <[🔎] f7131a80-82e0-9be1-4cd9-eff2a568adc5@dewberryfields.co.uk>

Hi Michael,

yes, I also tried "update-ca-certificates" and it doesn't work.

# curl https://www.google.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

# curl https://www.google.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I suspect that the certificate database looks good enough for
"update-ca-certificates" to skip over it but it is actually somehow
broken.

# ls -la /etc/ssl/certs/
total 592
drwxr-xr-x 1 root root   4096 May  5 13:57  .
drwxr-xr-x 1 root root   4096 May  1 13:06  ..
lrwxrwxrwx 1 root root     48 May  1 13:06  ACCVRAIZ1.pem ->
/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  AC_RAIZ_FNMT-RCM.pem ->
/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
Actalis_Authentication_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  AddTrust_External_Root.pem
-> /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  AffirmTrust_Commercial.pem
-> /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  AffirmTrust_Networking.pem
-> /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root root     58 May  1 13:06  AffirmTrust_Premium.pem ->
/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
AffirmTrust_Premium_ECC.pem ->
/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  Amazon_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  Amazon_Root_CA_2.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  Amazon_Root_CA_3.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  Amazon_Root_CA_4.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root root     60 May  1 13:06  Atos_TrustedRoot_2011.pem
-> /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root root     96 May  1 13:06
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem ->
/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root root     64 May  1 13:06
Baltimore_CyberTrust_Root.pem ->
/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
Buypass_Class_2_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
Buypass_Class_3_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  CA_Disig_Root_R2.pem ->
/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root root     51 May  1 13:06  CFCA_EV_ROOT.pem ->
/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
COMODO_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 May  1 13:06
COMODO_ECC_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 May  1 13:06
COMODO_RSA_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     47 May  1 13:06  Certigna.pem ->
/usr/share/ca-certificates/mozilla/Certigna.crt
lrwxrwxrwx 1 root root     59 May  1 13:06  Certinomis_-_Root_CA.pem
-> /usr/share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
Certplus_Class_2_Primary_CA.pem ->
/usr/share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
lrwxrwxrwx 1 root root     64 May  1 13:06
Certum_Trusted_Network_CA.pem ->
/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
Certum_Trusted_Network_CA_2.pem ->
/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root root     71 May  1 13:06
Chambers_of_Commerce_Root_-_2008.pem ->
/usr/share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx 1 root root     63 May  1 13:06
Comodo_AAA_Services_root.pem ->
/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  Cybertrust_Global_Root.pem
-> /usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
D-TRUST_Root_Class_3_CA_2_2009.pem ->
/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root root     72 May  1 13:06
D-TRUST_Root_Class_3_CA_2_EV_2009.pem ->
/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root root     53 May  1 13:06  DST_Root_CA_X3.pem ->
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root root     65 May  1 13:06
Deutsche_Telekom_Root_CA_2.pem ->
/usr/share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
DigiCert_Assured_ID_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
DigiCert_Assured_ID_Root_G2.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
DigiCert_Assured_ID_Root_G3.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
DigiCert_Global_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
DigiCert_Global_Root_G2.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
DigiCert_Global_Root_G3.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root root     73 May  1 13:06
DigiCert_High_Assurance_EV_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root root     63 May  1 13:06
DigiCert_Trusted_Root_G4.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root root     70 May  1 13:06
E-Tugra_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root root     45 May  1 13:06  EC-ACC.pem ->
/usr/share/ca-certificates/mozilla/EC-ACC.crt
lrwxrwxrwx 1 root root     70 May  1 13:06
EE_Certification_Centre_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt
lrwxrwxrwx 1 root root     80 May  1 13:06
Entrust.net_Premium_2048_Secure_Server_CA.pem ->
/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root root     75 May  1 13:06
Entrust_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     81 May  1 13:06
Entrust_Root_Certification_Authority_-_EC1.pem ->
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root root     80 May  1 13:06
Entrust_Root_Certification_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  GDCA_TrustAUTH_R5_ROOT.pem
-> /usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root root     57 May  1 13:06  GeoTrust_Global_CA.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
lrwxrwxrwx 1 root root     79 May  1 13:06
GeoTrust_Primary_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
lrwxrwxrwx 1 root root     84 May  1 13:06
GeoTrust_Primary_Certification_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root     84 May  1 13:06
GeoTrust_Primary_Certification_Authority_-_G3.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx 1 root root     60 May  1 13:06  GeoTrust_Universal_CA.pem
-> /usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
GeoTrust_Universal_CA_2.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
GlobalSign_ECC_Root_CA_-_R4.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
GlobalSign_ECC_Root_CA_-_R5.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root root     57 May  1 13:06  GlobalSign_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
GlobalSign_Root_CA_-_R2.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
GlobalSign_Root_CA_-_R3.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
GlobalSign_Root_CA_-_R6.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
Global_Chambersign_Root_-_2008.pem ->
/usr/share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx 1 root root     58 May  1 13:06  Go_Daddy_Class_2_CA.pem ->
/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root root     79 May  1 13:06
Go_Daddy_Root_Certificate_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     98 May  1 13:06
Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem ->
/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root root     94 May  1 13:06
Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem ->
/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root root     94 May  1 13:06
Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem ->
/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root root     62 May  1 13:06
Hongkong_Post_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root root     51 May  1 13:06  ISRG_Root_X1.pem ->
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
IdenTrust_Commercial_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root root     72 May  1 13:06
IdenTrust_Public_Sector_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root root     49 May  1 13:06  Izenpe.com.pem ->
/usr/share/ca-certificates/mozilla/Izenpe.com.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  LuxTrust_Global_Root_2.pem
-> /usr/share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
Microsec_e-Szigno_Root_CA_2009.pem ->
/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root root     83 May  1 13:06
'NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.pem'
-> '/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.crt'
lrwxrwxrwx 1 root root     78 May  1 13:06
Network_Solutions_Certificate_Authority.pem ->
/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root root     70 May  1 13:06
OISTE_WISeKey_Global_Root_GA_CA.pem ->
/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
lrwxrwxrwx 1 root root     70 May  1 13:06
OISTE_WISeKey_Global_Root_GB_CA.pem ->
/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root root     70 May  1 13:06
OISTE_WISeKey_Global_Root_GC_CA.pem ->
/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  QuoVadis_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
lrwxrwxrwx 1 root root     60 May  1 13:06  QuoVadis_Root_CA_1_G3.pem
-> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root root     57 May  1 13:06  QuoVadis_Root_CA_2.pem ->
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root root     60 May  1 13:06  QuoVadis_Root_CA_2_G3.pem
-> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root root     57 May  1 13:06  QuoVadis_Root_CA_3.pem ->
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root root     60 May  1 13:06  QuoVadis_Root_CA_3_G3.pem
-> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root root     82 May  1 13:06
SSL.com_EV_Root_Certification_Authority_ECC.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     85 May  1 13:06
SSL.com_EV_Root_Certification_Authority_RSA_R2.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root     79 May  1 13:06
SSL.com_Root_Certification_Authority_ECC.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     79 May  1 13:06
SSL.com_Root_Certification_Authority_RSA.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root root     54 May  1 13:06  SZAFIR_ROOT_CA2.pem ->
/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root root     58 May  1 13:06  SecureSign_RootCA11.pem ->
/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root root     53 May  1 13:06  SecureTrust_CA.pem ->
/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  Secure_Global_CA.pem ->
/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
Security_Communication_RootCA2.pem ->
/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root root     69 May  1 13:06
Security_Communication_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  Sonera_Class_2_Root_CA.pem
-> /usr/share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     71 May  1 13:06
Staat_der_Nederlanden_EV_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root root     73 May  1 13:06
Staat_der_Nederlanden_Root_CA_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
lrwxrwxrwx 1 root root     73 May  1 13:06
Staat_der_Nederlanden_Root_CA_-_G3.pem ->
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root     59 May  1 13:06  Starfield_Class_2_CA.pem
-> /usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root root     80 May  1 13:06
Starfield_Root_Certificate_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     89 May  1 13:06
Starfield_Services_Root_Certificate_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  SwissSign_Gold_CA_-_G2.pem
-> /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root root     63 May  1 13:06
SwissSign_Silver_CA_-_G2.pem ->
/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root root     67 May  1 13:06
T-TeleSec_GlobalRoot_Class_2.pem ->
/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root root     67 May  1 13:06
T-TeleSec_GlobalRoot_Class_3.pem ->
/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root root     84 May  1 13:06
TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem ->
/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root root     58 May  1 13:06  TWCA_Global_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root root     72 May  1 13:06
TWCA_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     50 May  1 13:06  Taiwan_GRCA.pem ->
/usr/share/ca-certificates/mozilla/Taiwan_GRCA.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  TeliaSonera_Root_CA_v1.pem
-> /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root root     53 May  1 13:06  TrustCor_ECA-1.pem ->
/usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  TrustCor_RootCert_CA-1.pem
-> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  TrustCor_RootCert_CA-2.pem
-> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root root     58 May  1 13:06  Trustis_FPS_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
lrwxrwxrwx 1 root root     76 May  1 13:06
USERTrust_ECC_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     76 May  1 13:06
USERTrust_RSA_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     99 May  1 13:06
VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem ->
/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root root     99 May  1 13:06
VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem ->
/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
lrwxrwxrwx 1 root root     86 May  1 13:06
VeriSign_Universal_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     99 May  1 13:06
Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem ->
/usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx 1 root root     59 May  1 13:06  XRamp_Global_CA_Root.pem
-> /usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
-rw-r--r-- 1 root root 200061 May  5 13:57  ca-certificates.crt
lrwxrwxrwx 1 root root     55 May  1 13:06  certSIGN_ROOT_CA.pem ->
/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root root     72 May  1 13:06
ePKI_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     61 May  1 13:06  thawte_Primary_Root_CA.pem
-> /usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
thawte_Primary_Root_CA_-_G2.pem ->
/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt
lrwxrwxrwx 1 root root     66 May  1 13:06
thawte_Primary_Root_CA_-_G3.pem ->
/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt

Greetings,
Mark

On Tue, May 5, 2020 at 9:10 AM Michael Howard <mike@dewberryfields.co.uk> wrote:
>
> On 05/05/2020 07:44, Mark Jonas wrote:
>
> Hi Reco,
>
> What now? How do I get this fixed in Debian and/ or the official
> container image?
>
> I was under the impression that you're creating your own docker
> container anyway.
> Add it to docker build file or whatever it's called.
>
> Yes, I have my own Dockerfile and I can add to it whatever I want. But
> "dpkg-reconfigure ca-certificates" asks a lot of questions. And that
> list from 1 to 128 might eventually change. So I am puzzled how to
> automate that without human intervention.
>
>
>
> Does 'update-ca-certificates' not work? Doesn't need interaction. Apologies if I missed something, haven't read the whole thread.
>
> --
> Michael Howard

Reply to:

References:
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Reco <recoverym4n@enotuniq.net>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Mark Jonas <toertel@gmail.com>
- Re: armhf: buster: TLS / HTTPS partly broken
  - From: Michael Howard <mike@dewberryfields.co.uk>

Prev by Date: Re: Custom application icon do not appear in Gnome and LXQT
Next by Date: Re: How to start offlineimap systemd
Previous by thread: Re: armhf: buster: TLS / HTTPS partly broken
Next by thread: Re: armhf: buster: TLS / HTTPS partly broken
Index(es):
- Date
- Thread