Re: Jessie iceweasel: This Connection is Untrusted
Hi,
tomas@tuxteam.de wrote:
> I assume Thomas knows pretty well what he's doing. He'd know much
> better than me, in any case :-)
Regrettably my sysadmin skills are severely underdeveloped.
I am qualified for the task only by being the guy who has Linux at home
and by having made fun of upgrade woes with other kinds of system.
> If I've understood you correctly, you only have to do with a limited
> set of sites.
I would prefer not to rely on an allow-list.
So i currently ponder how to transplant the certificates from a Debian 10
machine.
man update-ca-certificates talks of
/etc/ssl/certs
/etc/ca-certificates.conf
/usr/share/ca-certificates
In the latter i see on Debian 10:
./mozilla
with 126 .crt files.
The Debian 8 machine has 172 files in there.
The ca-certificates.conf files seem just to list those files on both
machines.
So a brute force attempt would be to rename the two directories and
the file to other names and to then copy the Debian 10 stuff to the
original names. The new /etc/ssl/certs would start empty and be
populated by update-ca-certificates(8).
Well, same old question: How bad an idea is this ?
What should i read before making such theories ?
Have a nice day :)
Thomas
Reply to: