1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • sanity check for /etc/ssl/certs?

    From Harald Dunkel@21:1/5 to All on Tue May 14 17:10:02 2024
    Hi folks,

    is there a sanity check for /etc/ssl/certs included in Bookworm?
    I've got one host with some missing symlinks in this directory, eg.

    root@dpcl064:/etc/ssl/certs# ls -al *SSL.com*
    ls: cannot access '*SSL.com*': No such file or directory

    Other hosts show

    root@dpcl082:/etc/ssl/certs# ls -al *SSL.com*
    lrwxrwxrwx 1 root root 82 Jul 16 2018 SSL.com_EV_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
    lrwxrwxrwx 1 root root 85 Jul 16 2018 SSL.com_EV_Root_Certification_Authority_RSA_R2.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
    lrwxrwxrwx 1 root root 79 Jul 16 2018 SSL.com_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
    lrwxrwxrwx 1 root root 79 Jul 16 2018 SSL.com_Root_Certification_Authority_RSA.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt

    The files in /usr/share/ca-certificates are available, of course.
    The access rights seem OK. update-ca-certificates or reinstalling ca-certificates (with overwrite) didn't solve this problem.


    Every helpful comment is highly appreciated.

    Harri

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Tue May 14 17:20:01 2024
    Am 14.05.2024 um 16:44:05 Uhr schrieb Harald Dunkel:

    is there a sanity check for /etc/ssl/certs included in Bookworm?

    Is ca-certificates installed?
    If so, reinstall it.

    --
    kind regards
    Marco

    Send unsolicited bulk mail to 1715697845muell@cartoonies.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Harald Dunkel@21:1/5 to All on Wed May 15 09:00:01 2024
    Problem was, /etc/ca-certificates.conf was not regenerated, even with

    apt install --reinstall -o Dpkg::Options::="--force-confask,confnew,confmiss" ca-certificates

    Regards
    Harri

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)