Hello Michael, thanks for this answer - installing the intermediate cert via GUI is exactly the hint I needed and the way I want to go - no own customization needed.
Thanks a lot! Tobias Am 17.04.2014 18:58, schrieb Michael Stauber: > Hi Tobias, > >> on some of our servers we use certificates from Startcom. But we have >> the problem on every update of base-email-glue (which was quite often >> in the last weeks) that our manually added intermediate certificate >> is lost. Or we have to set the file immutable. But I don't like to >> maintain more exceptions from standard than necessary. >> >> Is it possible to just put it into the file carried by BO per default? >> >> Their certificates can be downloaded here: https://www.startssl.com/certs/. > I looked into it. base-email.mod contains this constructor: > > /usr/sausalito/constructor/base/email/syncEmailService.pl > > It is run on cced.init restart and also on updates/installs of > base-email-* RPMs. So even on cced.init restarts or reboots you'll have > this issue. > > That constructor has this command in it: > > /bin/cp /etc/pki/tls/certs/ca-bundle.crt /usr/share/ssl/certs/ > > So it copies the ca-bundle.crt over to usr/share/ssl/certs/. > > That ca-bundle.crt is provides by this RPM: > > [root@5108r ~]# rpm -q --whatprovides /etc/pki/tls/certs/ca-bundle.crt > ca-certificates-2013.1.95-65.1.el6_5.noarch > > Generally this should be no problem at all. If you use the GUI to > install the intermediate. In that case it'll not be overwritten. > _______________________________________________ Blueonyx mailing list [email protected] http://mail.blueonyx.it/mailman/listinfo/blueonyx
