Hi, Bullseye will be frozen soon. Let's manage to get this sorted out šļø.
I think the maintainable solution to this is toĀ replaceĀ (dpkg-divert) libnssckbi.soĀ (/usr/lib/<ARCH>/nss/libnssckbi.so) with /usr/lib/<ARCH>/pkcs11/p11-kit-trust.so if a packageĀ p11-kit-trustĀ is installed. The package p11-kit-trust can be built from: https://packages.debian.org/source/sid/p11-kitĀ as described here (the package name here is still p11-kit-nssckbi, but that can be changed easily): https://salsa.debian.org/gnutls-team/p11-kit/-/commit/2bc43fb58fc491d2a845a321cadd90a7f33f371e Solution found here: https://salsa.debian.org/gnutls-team/p11-kit/commits/tmp-704180-divertnss taken from bug report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704180#80 Internet sources which describe the same solution: https://superuser.com/a/1312419 https://www.bachmann-lan.de/linux-mit-eigenen-ssl-zertifikaten-root-ca-installieren/ (In Fedora/Red Hat/etc. it's done this way by default, package name for this is p11-kit-trust) I think this bug report is a duplicate of #704180 BR DI(FH) Holger Fischer, MSc
