subject:"sanity check for \/etc\/ssl\/certs\?"

Re: sanity check for /etc/ssl/certs?

2024-05-14 Thread Harald Dunkel


Problem was, /etc/ca-certificates.conf was not regenerated, even with

apt install --reinstall -o 
Dpkg::Options::="--force-confask,confnew,confmiss" ca-certificates

Regards
Harri

Re: sanity check for /etc/ssl/certs?

2024-05-14 Thread Jeffrey Walton

On Tue, May 14, 2024 at 3:10 PM Harald Dunkel 
wrote:

> Hi folks,
>
> is there a sanity check for /etc/ssl/certs included in Bookworm?
> I've got one host with some missing symlinks in this directory, eg.
>
> root@dpcl064:/etc/ssl/certs# ls -al *SSL.com*
> ls: cannot access '*SSL.com*': No such file or directory
>

It is hard to say what is going on.

I see them in Debian Unstable:

$ find /etc/ssl/certs -iname '*ssl.com*'
/etc/ssl/certs/SSL.com_TLS_RSA_Root_CA_2022.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
/etc/ssl/certs/SSL.com_TLS_ECC_Root_CA_2022.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.pem
/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.pem
/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem

I don't see anything in Debian's bug reporter about removing ssl.com;
confer, <https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=ca-certificates>.
And ssl.com is included in Mozilla and Chrome's root program.


> Other hosts show
>
> root@dpcl082:/etc/ssl/certs# ls -al *SSL.com*
> lrwxrwxrwx 1 root root 82 Jul 16  2018
> SSL.com_EV_Root_Certification_Authority_ECC.pem ->
> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
> lrwxrwxrwx 1 root root 85 Jul 16  2018
> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem ->
> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
> lrwxrwxrwx 1 root root 79 Jul 16  2018
> SSL.com_Root_Certification_Authority_ECC.pem ->
> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
> lrwxrwxrwx 1 root root 79 Jul 16  2018
> SSL.com_Root_Certification_Authority_RSA.pem ->
> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
>
> The files in /usr/share/ca-certificates are available, of course.
> The access rights seem OK. update-ca-certificates or reinstalling
> ca-certificates (with overwrite) didn't solve this problem.
>

Hazarding a guess... Have you upgraded that system over the years? That may
explain why you are seeing old artifacts and dead symlinks.

Maybe you should run `symlinks -r / | grep dangling` to locate dead
symlinks, and then run `symlink -r -d /` to delete them (once you are
satisfied with the resulting list).

Jeff

Re: sanity check for /etc/ssl/certs?

2024-05-14 Thread Marco Moock

Am 14.05.2024 um 16:44:05 Uhr schrieb Harald Dunkel:

> is there a sanity check for /etc/ssl/certs included in Bookworm?

Is ca-certificates installed?
If so, reinstall it.

-- 
kind regards
Marco

Send unsolicited bulk mail to 1715697845mu...@cartoonies.org

sanity check for /etc/ssl/certs?

2024-05-14 Thread Harald Dunkel


Hi folks,

is there a sanity check for /etc/ssl/certs included in Bookworm?
I've got one host with some missing symlinks in this directory, eg.

root@dpcl064:/etc/ssl/certs# ls -al *SSL.com*
ls: cannot access '*SSL.com*': No such file or directory

Other hosts show

root@dpcl082:/etc/ssl/certs# ls -al *SSL.com*
lrwxrwxrwx 1 root root 82 Jul 16  2018 
SSL.com_EV_Root_Certification_Authority_ECC.pem -> 
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root 85 Jul 16  2018 
SSL.com_EV_Root_Certification_Authority_RSA_R2.pem -> 
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root 79 Jul 16  2018 
SSL.com_Root_Certification_Authority_ECC.pem -> 
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root 79 Jul 16  2018 
SSL.com_Root_Certification_Authority_RSA.pem -> 
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt

The files in /usr/share/ca-certificates are available, of course.
The access rights seem OK. update-ca-certificates or reinstalling
ca-certificates (with overwrite) didn't solve this problem.


Every helpful comment is highly appreciated.

Harri

Re: sanity check for /etc/ssl/certs?

Re: sanity check for /etc/ssl/certs?

Re: sanity check for /etc/ssl/certs?

sanity check for /etc/ssl/certs?

4 matches

Site Navigation

Mail list logo

Footer information