Package: ssl-cert Version: 1.1.3 Followup-For: Bug #1091317 X-Debbugs-Cc: [email protected]
Answering my own question (which really should be in the manual page): One CAN generate certificates for arbitrary hostnames using 'make-ssl-cert --force-overwrite /usr/share/ssl-cert/ssleay.cnf /path/to/certificate.crt' and debconf will prompt for the desired hostname and alternate domain names. However, the resulting certificate fails to pass SSL verification on browsers. An example of what that does with APT: Err:1 https://repos.internal/debian unstable InRelease SSL connection failed: error:0A000086:SSL routines::certificate verify failed / Success [IP: 172.16.1.1 443] Martin-Éric -- System Information: Debian Release: 13.4 APT prefers stable-security-debug APT policy: (500, 'stable-security-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ssl-cert depends on: ii adduser 3.152 ii debconf [debconf-2.0] 1.5.91 ii openssl 3.5.5-1~deb13u1 ssl-cert recommends no packages. ssl-cert suggests no packages. -- debconf information: make-ssl-cert/vulnerable_prng: make-ssl-cert/altname: DNS:p8b75.internal make-ssl-cert/title: * make-ssl-cert/hostname: repos.internal
