--- Begin Message ---
Package: ca-certificates
Version: 20200601
Severity: normal
Dear Maintainer,
Since the update of ca-certificates to version 20200601 I can no longer access
webkit.org websites.
$ gnutls-cli webkit.org
Processed 114 CA certificate(s).
Resolving 'webkit.org:443'...
Connecting to '54.190.50.171:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
- subject `C=US,ST=California,O=Apple
Inc.,OU=management:idms.group.764034,CN=www.webkit.org', issuer `C=US,O=Apple
Inc.,OU=Certification Authority,CN=Apple IST CA 2 - G1', serial
0x56bad882747e779b546f5fe1f1728a4b, RSA key 2048 bits, signed using RSA-SHA256,
activated `2019-03-14 16:13:54 UTC', expires `2021-04-12 16:13:54 UTC', pin-
sha256="wn1o7E4lMWKKBJYbeB8g/ZdNmeyrdOBvFA9yxI9H+Kk="
Public Key ID:
sha1:1020bd7159d9a3bb418ff02ee22f968359843074
sha256:c27d68ec4e2531628a04961b781f20fd974d99ecab74e06f140f72c48f47f8a9
Public Key PIN:
pin-sha256:wn1o7E4lMWKKBJYbeB8g/ZdNmeyrdOBvFA9yxI9H+Kk=
- Certificate[1] info:
- subject `C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple IST CA 2 -
G1', issuer `CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US', serial 0x023a74, RSA
key 2048 bits, signed using RSA-SHA256, activated `2014-06-16 15:42:02 UTC',
expires `2022-05-20 15:42:02 UTC', pin-
sha256="tc+C1H75gj+ap48SMYbFLoh56oSw+CLJHYPgQnm3j9U="
- Certificate[2] info:
- subject `CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US', issuer `CN=GeoTrust
Global CA,O=GeoTrust Inc.,C=US', serial 0x023456, RSA key 2048 bits, signed
using RSA-SHA1 (broken!), activated `2002-05-21 04:00:00 UTC', expires
`2022-05-21 04:00:00 UTC', pin-
sha256="h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU="
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.6.0-2-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.5.74
ii openssl 1.1.1g-1
ca-certificates recommends no packages.
ca-certificates suggests no packages.
-- debconf information:
* ca-certificates/enable_crts: extra/mitmproxy-ca-cert.crt,
mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt,
mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt,
mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt,
mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt,
mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt,
mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt,
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt,
mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt,
mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt,
mozilla/Certigna.crt, mozilla/certSIGN_ROOT_CA.crt,
mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Certum_Trusted_Network_CA.crt,
mozilla/CFCA_EV_ROOT.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt,
mozilla/Comodo_AAA_Services_root.crt,
mozilla/COMODO_Certification_Authority.crt,
mozilla/COMODO_ECC_Certification_Authority.crt,
mozilla/COMODO_RSA_Certification_Authority.crt,
mozilla/Cybertrust_Global_Root.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt,
mozilla/DigiCert_Assured_ID_Root_G2.crt,
mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt,
mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt,
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt,
mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/DST_Root_CA_X3.crt,
mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt,
mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/EC-ACC.crt,
mozilla/EE_Certification_Centre_Root_CA.crt,
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt,
mozilla/Entrust_Root_Certification_Authority.crt,
mozilla/Entrust_Root_Certification_Authority_-_EC1.crt,
mozilla/Entrust_Root_Certification_Authority_-_G2.crt,
mozilla/ePKI_Root_Certification_Authority.crt,
mozilla/E-Tugra_Certification_Authority.crt,
mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GeoTrust_Universal_CA_2.crt,
mozilla/Global_Chambersign_Root_-_2008.crt,
mozilla/GlobalSign_ECC_Root_CA_-_R4.crt,
mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt,
mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt,
mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/Go_Daddy_Class_2_CA.crt,
mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt,
mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt,
mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt,
mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt,
mozilla/Hongkong_Post_Root_CA_1.crt,
mozilla/IdenTrust_Commercial_Root_CA_1.crt,
mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/ISRG_Root_X1.crt,
mozilla/Izenpe.com.crt, mozilla/LuxTrust_Global_Root_2.crt,
mozilla/Microsec_e-Szigno_Root_CA_2009.crt,
mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt,
mozilla/Network_Solutions_Certificate_Authority.crt,
mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt,
mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt,
mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt,
mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt,
mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt,
mozilla/QuoVadis_Root_CA.crt, mozilla/Secure_Global_CA.crt,
mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt,
mozilla/Security_Communication_RootCA2.crt,
mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt,
mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt,
mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt,
mozilla/SSL.com_Root_Certification_Authority_ECC.crt,
mozilla/SSL.com_Root_Certification_Authority_RSA.crt,
mozilla/Staat_der_Nederlanden_EV_Root_CA.crt,
mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt,
mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt,
mozilla/Starfield_Class_2_CA.crt,
mozilla/Starfield_Root_Certificate_Authority_-_G2.crt,
mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt,
mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt,
mozilla/SZAFIR_ROOT_CA2.crt, mozilla/Taiwan_GRCA.crt,
mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/TrustCor_ECA-1.crt,
mozilla/TrustCor_RootCert_CA-1.crt, mozilla/TrustCor_RootCert_CA-2.crt,
mozilla/Trustis_FPS_Root_CA.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt,
mozilla/T-TeleSec_GlobalRoot_Class_3.crt,
mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt,
mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt,
mozilla/USERTrust_ECC_Certification_Authority.crt,
mozilla/USERTrust_RSA_Certification_Authority.crt,
mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt,
mozilla/XRamp_Global_CA_Root.crt
ca-certificates/title:
* ca-certificates/trust_new_crts: yes
ca-certificates/new_crts:
--- End Message ---