On Sun, 2008-08-17 at 10:39 +0100, Mick wrote: > Hi All, > > I am getting mixed up with update-ca-certificates. It reports that I have > duplicates: > ================================================= > # update-ca-certificates > Updating certificates in /etc/ssl/certs....WARNING: SPI_CA_2006-cacert.pem > does not contain a certificate or CRL: skipping > WARNING: Verisign_Class_1_Public_Primary_OCSP_Responder.pem does not contain > a > certificate or CRL: skipping > WARNING: cacert.org.pem does not contain a certificate or CRL: skipping > WARNING: Skipping duplicate certificate QuoVadis_Root_CA.pem > WARNING: Skipping duplicate certificate Verisign_RSA_Secure_Server_CA.pem > WARNING: Skipping duplicate certificate > America_Online_Root_Certification_Authority_1.pem > WARNING: Skipping duplicate certificate > America_Online_Root_Certification_Authority_2.pem > WARNING: Verisign_Class_3_Public_Primary_OCSP_Responder.pem does not contain > a > certificate or CRL: skipping > WARNING: Skipping duplicate certificate thawteCb.pem > WARNING: Skipping duplicate certificate Wells_Fargo_Root_CA.pem > WARNING: Skipping duplicate certificate thawteCp.pem > WARNING: Skipping duplicate certificate vsign3.pem > WARNING: spi-ca.pem does not contain a certificate or CRL: skipping > WARNING: Verisign_Secure_Server_OCSP_Responder.pem does not contain a > certificate or CRL: skipping > WARNING: Skipping duplicate certificate aoltw1.pem > WARNING: Skipping duplicate certificate aoltw2.pem > WARNING: Verisign_Class_2_Public_Primary_OCSP_Responder.pem does not contain > a > certificate or CRL: skipping > done. > Running hooks in /etc/ca-certificates/update.d....done. > ================================================= > > However, when I check for e.g. vsign3.pem I see this: > > # ls -la /etc/ssl/certs/vsign* > -rw-r--r-- 1 root root 984 Jun 1 09:43 /etc/ssl/certs/vsign1.pem > -rw-r--r-- 1 root root 989 Dec 4 2005 /etc/ssl/certs/vsign2.pem > -rw-r--r-- 1 root root 984 Jun 1 09:43 /etc/ssl/certs/vsign3.pem > -rw-r--r-- 1 root root 976 Jun 1 09:43 /etc/ssl/certs/vsignss.pem > -rw-r--r-- 1 root root 1084 Dec 4 2005 /etc/ssl/certs/vsigntca.pem > > Also, what should I do with those that report "does not contain a certificate > or CRL: skipping"?
When you updated the ca-certificates, you should have gotten a postinst message about broken symlinks that you need to remove.
