Re: armhf: buster: TLS / HTTPS partly broken
Hi Michael,
yes, I also tried "update-ca-certificates" and it doesn't work.
# curl https://www.google.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
# update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
# curl https://www.google.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I suspect that the certificate database looks good enough for
"update-ca-certificates" to skip over it but it is actually somehow
broken.
# ls -la /etc/ssl/certs/
total 592
drwxr-xr-x 1 root root 4096 May 5 13:57 .
drwxr-xr-x 1 root root 4096 May 1 13:06 ..
lrwxrwxrwx 1 root root 48 May 1 13:06 ACCVRAIZ1.pem ->
/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 AC_RAIZ_FNMT-RCM.pem ->
/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
Actalis_Authentication_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 AddTrust_External_Root.pem
-> /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 AffirmTrust_Commercial.pem
-> /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 AffirmTrust_Networking.pem
-> /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root root 58 May 1 13:06 AffirmTrust_Premium.pem ->
/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
AffirmTrust_Premium_ECC.pem ->
/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 Amazon_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 Amazon_Root_CA_2.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 Amazon_Root_CA_3.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 Amazon_Root_CA_4.pem ->
/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root root 60 May 1 13:06 Atos_TrustedRoot_2011.pem
-> /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root root 96 May 1 13:06
Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem ->
/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root root 64 May 1 13:06
Baltimore_CyberTrust_Root.pem ->
/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
Buypass_Class_2_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
Buypass_Class_3_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 CA_Disig_Root_R2.pem ->
/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root root 51 May 1 13:06 CFCA_EV_ROOT.pem ->
/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
COMODO_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root root 73 May 1 13:06
COMODO_ECC_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root 73 May 1 13:06
COMODO_RSA_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root 47 May 1 13:06 Certigna.pem ->
/usr/share/ca-certificates/mozilla/Certigna.crt
lrwxrwxrwx 1 root root 59 May 1 13:06 Certinomis_-_Root_CA.pem
-> /usr/share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
Certplus_Class_2_Primary_CA.pem ->
/usr/share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
lrwxrwxrwx 1 root root 64 May 1 13:06
Certum_Trusted_Network_CA.pem ->
/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
Certum_Trusted_Network_CA_2.pem ->
/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root root 71 May 1 13:06
Chambers_of_Commerce_Root_-_2008.pem ->
/usr/share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx 1 root root 63 May 1 13:06
Comodo_AAA_Services_root.pem ->
/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 Cybertrust_Global_Root.pem
-> /usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
D-TRUST_Root_Class_3_CA_2_2009.pem ->
/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root root 72 May 1 13:06
D-TRUST_Root_Class_3_CA_2_EV_2009.pem ->
/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root root 53 May 1 13:06 DST_Root_CA_X3.pem ->
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root root 65 May 1 13:06
Deutsche_Telekom_Root_CA_2.pem ->
/usr/share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
DigiCert_Assured_ID_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
DigiCert_Assured_ID_Root_G2.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
DigiCert_Assured_ID_Root_G3.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
DigiCert_Global_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
DigiCert_Global_Root_G2.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
DigiCert_Global_Root_G3.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root root 73 May 1 13:06
DigiCert_High_Assurance_EV_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root root 63 May 1 13:06
DigiCert_Trusted_Root_G4.pem ->
/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root root 70 May 1 13:06
E-Tugra_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root root 45 May 1 13:06 EC-ACC.pem ->
/usr/share/ca-certificates/mozilla/EC-ACC.crt
lrwxrwxrwx 1 root root 70 May 1 13:06
EE_Certification_Centre_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt
lrwxrwxrwx 1 root root 80 May 1 13:06
Entrust.net_Premium_2048_Secure_Server_CA.pem ->
/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root root 75 May 1 13:06
Entrust_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root 81 May 1 13:06
Entrust_Root_Certification_Authority_-_EC1.pem ->
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root root 80 May 1 13:06
Entrust_Root_Certification_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 GDCA_TrustAUTH_R5_ROOT.pem
-> /usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root root 57 May 1 13:06 GeoTrust_Global_CA.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
lrwxrwxrwx 1 root root 79 May 1 13:06
GeoTrust_Primary_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
lrwxrwxrwx 1 root root 84 May 1 13:06
GeoTrust_Primary_Certification_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root 84 May 1 13:06
GeoTrust_Primary_Certification_Authority_-_G3.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx 1 root root 60 May 1 13:06 GeoTrust_Universal_CA.pem
-> /usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
GeoTrust_Universal_CA_2.pem ->
/usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
GlobalSign_ECC_Root_CA_-_R4.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
GlobalSign_ECC_Root_CA_-_R5.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root root 57 May 1 13:06 GlobalSign_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
GlobalSign_Root_CA_-_R2.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
GlobalSign_Root_CA_-_R3.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
GlobalSign_Root_CA_-_R6.pem ->
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
Global_Chambersign_Root_-_2008.pem ->
/usr/share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx 1 root root 58 May 1 13:06 Go_Daddy_Class_2_CA.pem ->
/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root root 79 May 1 13:06
Go_Daddy_Root_Certificate_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root 98 May 1 13:06
Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem ->
/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root root 94 May 1 13:06
Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem ->
/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root root 94 May 1 13:06
Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem ->
/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root root 62 May 1 13:06
Hongkong_Post_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root root 51 May 1 13:06 ISRG_Root_X1.pem ->
/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
IdenTrust_Commercial_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root root 72 May 1 13:06
IdenTrust_Public_Sector_Root_CA_1.pem ->
/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root root 49 May 1 13:06 Izenpe.com.pem ->
/usr/share/ca-certificates/mozilla/Izenpe.com.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 LuxTrust_Global_Root_2.pem
-> /usr/share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
Microsec_e-Szigno_Root_CA_2009.pem ->
/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root root 83 May 1 13:06
'NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.pem'
-> '/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.crt'
lrwxrwxrwx 1 root root 78 May 1 13:06
Network_Solutions_Certificate_Authority.pem ->
/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root root 70 May 1 13:06
OISTE_WISeKey_Global_Root_GA_CA.pem ->
/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
lrwxrwxrwx 1 root root 70 May 1 13:06
OISTE_WISeKey_Global_Root_GB_CA.pem ->
/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root root 70 May 1 13:06
OISTE_WISeKey_Global_Root_GC_CA.pem ->
/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 QuoVadis_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
lrwxrwxrwx 1 root root 60 May 1 13:06 QuoVadis_Root_CA_1_G3.pem
-> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root root 57 May 1 13:06 QuoVadis_Root_CA_2.pem ->
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root root 60 May 1 13:06 QuoVadis_Root_CA_2_G3.pem
-> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root root 57 May 1 13:06 QuoVadis_Root_CA_3.pem ->
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root root 60 May 1 13:06 QuoVadis_Root_CA_3_G3.pem
-> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root root 82 May 1 13:06
SSL.com_EV_Root_Certification_Authority_ECC.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root 85 May 1 13:06
SSL.com_EV_Root_Certification_Authority_RSA_R2.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root 79 May 1 13:06
SSL.com_Root_Certification_Authority_ECC.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root 79 May 1 13:06
SSL.com_Root_Certification_Authority_RSA.pem ->
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root root 54 May 1 13:06 SZAFIR_ROOT_CA2.pem ->
/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root root 58 May 1 13:06 SecureSign_RootCA11.pem ->
/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root root 53 May 1 13:06 SecureTrust_CA.pem ->
/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 Secure_Global_CA.pem ->
/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
Security_Communication_RootCA2.pem ->
/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root root 69 May 1 13:06
Security_Communication_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 Sonera_Class_2_Root_CA.pem
-> /usr/share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root 71 May 1 13:06
Staat_der_Nederlanden_EV_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root root 73 May 1 13:06
Staat_der_Nederlanden_Root_CA_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
lrwxrwxrwx 1 root root 73 May 1 13:06
Staat_der_Nederlanden_Root_CA_-_G3.pem ->
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root 59 May 1 13:06 Starfield_Class_2_CA.pem
-> /usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root root 80 May 1 13:06
Starfield_Root_Certificate_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root 89 May 1 13:06
Starfield_Services_Root_Certificate_Authority_-_G2.pem ->
/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 SwissSign_Gold_CA_-_G2.pem
-> /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root root 63 May 1 13:06
SwissSign_Silver_CA_-_G2.pem ->
/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root root 67 May 1 13:06
T-TeleSec_GlobalRoot_Class_2.pem ->
/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root root 67 May 1 13:06
T-TeleSec_GlobalRoot_Class_3.pem ->
/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root root 84 May 1 13:06
TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem ->
/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root root 58 May 1 13:06 TWCA_Global_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root root 72 May 1 13:06
TWCA_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root 50 May 1 13:06 Taiwan_GRCA.pem ->
/usr/share/ca-certificates/mozilla/Taiwan_GRCA.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 TeliaSonera_Root_CA_v1.pem
-> /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root root 53 May 1 13:06 TrustCor_ECA-1.pem ->
/usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 TrustCor_RootCert_CA-1.pem
-> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 TrustCor_RootCert_CA-2.pem
-> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root root 58 May 1 13:06 Trustis_FPS_Root_CA.pem ->
/usr/share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
lrwxrwxrwx 1 root root 76 May 1 13:06
USERTrust_ECC_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root 76 May 1 13:06
USERTrust_RSA_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root 99 May 1 13:06
VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem ->
/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root root 99 May 1 13:06
VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem ->
/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
lrwxrwxrwx 1 root root 86 May 1 13:06
VeriSign_Universal_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root 99 May 1 13:06
Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem ->
/usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx 1 root root 59 May 1 13:06 XRamp_Global_CA_Root.pem
-> /usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
-rw-r--r-- 1 root root 200061 May 5 13:57 ca-certificates.crt
lrwxrwxrwx 1 root root 55 May 1 13:06 certSIGN_ROOT_CA.pem ->
/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root root 72 May 1 13:06
ePKI_Root_Certification_Authority.pem ->
/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root 61 May 1 13:06 thawte_Primary_Root_CA.pem
-> /usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
thawte_Primary_Root_CA_-_G2.pem ->
/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt
lrwxrwxrwx 1 root root 66 May 1 13:06
thawte_Primary_Root_CA_-_G3.pem ->
/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt
Greetings,
Mark
On Tue, May 5, 2020 at 9:10 AM Michael Howard <mike@dewberryfields.co.uk> wrote:
>
> On 05/05/2020 07:44, Mark Jonas wrote:
>
> Hi Reco,
>
> What now? How do I get this fixed in Debian and/ or the official
> container image?
>
> I was under the impression that you're creating your own docker
> container anyway.
> Add it to docker build file or whatever it's called.
>
> Yes, I have my own Dockerfile and I can add to it whatever I want. But
> "dpkg-reconfigure ca-certificates" asks a lot of questions. And that
> list from 1 to 128 might eventually change. So I am puzzled how to
> automate that without human intervention.
>
>
>
> Does 'update-ca-certificates' not work? Doesn't need interaction. Apologies if I missed something, haven't read the whole thread.
>
> --
> Michael Howard
Reply to: