Hi, i am confronted with an old Debian 8 "jessie" machine where since (probably) yesterday the Iceweasel browser does not work any more with many websites. E.g.
This Connection is Untrusted ... lists.debian.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer) Googling around (with Debian 10) gives me the idea that the installed package ca-certificates is outdated. It is currently not an option to upgrade the system to a newer Debian version. I am even scared to do what i deduce from https://serverfault.com/questions/891734/debian-wheezy-outdated-root-certificates namely: - add to /etc/apt/sources.list : deb http://ftp.de.debian.org/debian-security/ jessie/updates main - run: apt-get update apt-get install ca-certificates Is this a good idea ? Will it do harm to the 6 year old system ? --------------------------------------------------------------------------- If not a good idea: Is there a known procedure to get and install the certificates manually ? I see proposals to download .crt files and run update-ca-certificates --fresh Where would i get a current set of certificates ? How do i identify the certificates which the browser does not accept ? wget does not tell me the certificate name either. Have a nice day :) Thomas
