Re: update-ca-certificates

2023-12-14 Thread Linux-Fan
not specify. Indeed they don't specify this directly. If you take the examples into consideration, they may shed some light on this, though: $ xxd < /usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt : 2d2d 2d2d 2d42 4547 494e 2043 4552 54

Re: update-ca-certificates

2023-12-14 Thread Pocket
ote: >>>>> What formats does certs need to be to work with update-ca-certificates? >>>>> >>>>> PEM or DER? >>>> PEM >>> Well lets look at man update-ca-certificates, shall we? >>> >>> "Certificates must have a

Re: update-ca-certificates

2023-12-14 Thread Linux-Fan
Pocket writes: On 12/14/23 08:11, Henning Follmann wrote: On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote: On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: What formats does certs need to be to work with update-ca-certificates? PEM or DER? PEM Well lets look at man update-ca

Re: update-ca-certificates

2023-12-14 Thread Pocket
On 12/14/23 08:11, Henning Follmann wrote: On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote: On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: What formats does certs need to be to work with update-ca-certificates? PEM or DER? PEM Well lets look at man update-ca-certificates

Re: update-ca-certificates

2023-12-14 Thread Henning Follmann
On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote: > On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: > > > > What formats does certs need to be to work with update-ca-certificates? > > > > PEM or DER? > > PEM Well lets look at man update-ca-certificat

letsencrypt certs for disconnected hosts (Was Re: update-ca-certificates)

2023-12-14 Thread Andy Smith
Hello, On Wed, Dec 13, 2023 at 07:50:00PM -0700, Charles Curley wrote: > On Thu, 14 Dec 2023 09:34:37 +0800 > jeremy ardley wrote: > > > You don't have to be your own CA. It's very easy to use letsencrypt > > to generate valid certificates for hosts even if they are not > > directly connected to

Re: update-ca-certificates

2023-12-14 Thread Jeffrey Walton
On Wed, Dec 13, 2023 at 10:52 PM Jeffrey Walton wrote: > > On Wed, Dec 13, 2023 at 9:58 PM Pocket wrote: > > > > On 12/13/23 21:47, Jeffrey Walton wrote: > > > On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: > > >> What formats does certs need to

Re: update-ca-certificates

2023-12-13 Thread Jeffrey Walton
On Wed, Dec 13, 2023 at 9:58 PM Pocket wrote: > > On 12/13/23 21:47, Jeffrey Walton wrote: > > On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: > >> What formats does certs need to be to work with update-ca-certificates? > >> > >> PEM or DER? > > PEM &g

Re: update-ca-certificates

2023-12-13 Thread Pocket
On 12/13/23 21:50, Charles Curley wrote: On Thu, 14 Dec 2023 09:34:37 +0800 jeremy ardley wrote: You don't have to be your own CA. It's very easy to use letsencrypt to generate valid certificates for hosts even if they are not directly connected to the internet. Oooh, is there a writeup som

Re: update-ca-certificates

2023-12-13 Thread Pocket
On 12/13/23 21:47, Jeffrey Walton wrote: On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: What formats does certs need to be to work with update-ca-certificates? PEM or DER? PEM Ok since I am using an intermediate cert to sign, I am creating a combined PEM with the root CA and the

Re: update-ca-certificates

2023-12-13 Thread Charles Curley
On Thu, 14 Dec 2023 09:34:37 +0800 jeremy ardley wrote: > You don't have to be your own CA. It's very easy to use letsencrypt > to generate valid certificates for hosts even if they are not > directly connected to the internet. Oooh, is there a writeup somewhere on how to do that? The last time

Re: update-ca-certificates

2023-12-13 Thread Jeffrey Walton
On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote: > > What formats does certs need to be to work with update-ca-certificates? > > PEM or DER? PEM > I have just finished writing some scripts to generate certs for my email > server and nginx server. > > [...] > Will pem f

Re: update-ca-certificates

2023-12-13 Thread Pocket
On 12/13/23 20:25, Roberto C. Sánchez wrote: On Wed, Dec 13, 2023 at 07:54:45PM -0500, Pocket wrote: What formats does certs need to be to work with update-ca-certificates? PEM or DER? I have just finished writing some scripts to generate certs for my email server and nginx server. The

Re: update-ca-certificates

2023-12-13 Thread Pocket
On 12/13/23 20:34, jeremy ardley wrote: On 14/12/23 08:54, Pocket wrote: I have just finished writing some scripts to generate certs for my email server and nginx server. The scripts allow me to become my own CA. You don't have to be your own CA. It's very easy to use letsencrypt to

Re: update-ca-certificates

2023-12-13 Thread jeremy ardley
On 14/12/23 08:54, Pocket wrote: I have just finished writing some scripts to generate certs for my email server and nginx server. The scripts allow me to become my own CA. You don't have to be your own CA. It's very easy to use letsencrypt to generate valid certificates for hosts even

Re: update-ca-certificates

2023-12-13 Thread Roberto C . Sánchez
On Wed, Dec 13, 2023 at 07:54:45PM -0500, Pocket wrote: > What formats does certs need to be to work with update-ca-certificates? > > PEM or DER? > > I have just finished writing some scripts to generate certs for my email > server and nginx server. > > The scripts allo

update-ca-certificates

2023-12-13 Thread Pocket
What formats does certs need to be to work with update-ca-certificates? PEM or DER? I have just finished writing some scripts to generate certs for my email server and nginx server. The scripts allow me to become my own CA. The man page states that the cert needs to have a suffix of .crt

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Rick Thomas
That seems to have worked (I think)... On Thu, Jun 22, 2023, at 7:34 AM, Andrew M.A. Cater wrote: snip > It might be worth looking at precisely what is not installed / removed > dpkg -C will give you what needs configuring if anything, I think. > > I had a similar experience with upg

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Jeffrey Walton
On Thu, Jun 22, 2023 at 10:45 PM Rick Thomas wrote: > > That seems to have worked (I think)... > > On Thu, Jun 22, 2023, at 7:34 AM, Andrew M.A. Cater wrote: > snip > > It might be worth looking at precisely what is not installed / removed > > dpkg -C will give you what needs configu

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Sven Joachim
n I try to reinstall it, I get: >>> >>> rbthomas@pi:~$ sudo -i apt-get install --reinstall ca-certificates-java >>> Reading package lists... Done >>> Building dependency tree... Done >>> Reading state information... Done >>> 0 upgraded, 0 newly install

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Andrew M.A. Cater
t; >> Unfortunately when I try to reinstall it, I get: > >> > >> rbthomas@pi:~$ sudo -i apt-get install --reinstall ca-certificates-java > >> Reading package lists... Done > >> Building dependency tree... Done > >> Reading state information

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Rick Thomas
~$ sudo -i apt-get install --reinstall ca-certificates-java >> Reading package lists... Done >> Building dependency tree... Done >> Reading state information... Done >> 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded. >> 4 not fully installed or

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Rick Thomas
ed by programs that I use at the command-line level. Would it be >> possible to simply "purge" the affected packages? >> >> Thanks for any help you can give me to get this machine back in operation! > > The first command I would run is: > >apt-get install

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-22 Thread Jeffrey Walton
>> > >> I'm not a java user myself, though I suspect there are java programs are > >> used by programs that I use at the command-line level. Would it be > >> possible to simply "purge" the affected packages? > >> > >> Thanks for any

Re: Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-21 Thread Jeffrey Walton
affected packages? > > Thanks for any help you can give me to get this machine back in operation! The first command I would run is: apt-get install ca-certificates-java If the package is already installed (I can't tell; it looks like install may have failed), then: apt-get in

Raspberry Pi Debian after upgrade Bullseye => Bookworm -- problem Setting up ca-certificates-java

2023-06-21 Thread Rick Thomas
I have a Raspberry Pi that is running Debian (*not* Raspbian) that I just upgraded from Bullseye => Bookworm. Following the upgrade whenever I try to install the latest upgrades, I get errors (see attached transcript). Can anybody see what I've done wrong? Or what I can do to fix it? I'm not

Re: ca-certificates: DST_Root_CA_X3.crt expired, so why is it still included in Bullseye?

2022-05-12 Thread tomas
On Thu, May 12, 2022 at 06:06:41PM +0300, IL Ka wrote: > Hi. > > OSes usually include all CA certificates (even expired). Windows also does > it (I have CA expired in 1999 in win10). > > User should have the ability to distinguish between invalid signatures and > old/expire

Re: ca-certificates: DST_Root_CA_X3.crt expired, so why is it still included in Bullseye?

2022-05-12 Thread IL Ka
Hi. OSes usually include all CA certificates (even expired). Windows also does it (I have CA expired in 1999 in win10). User should have the ability to distinguish between invalid signatures and old/expired signatures. While the latter is an expected situation, the former is definitely fraud.

ca-certificates: DST_Root_CA_X3.crt expired, so why is it still included in Bullseye?

2022-05-12 Thread Harald Dunkel
Hi folks, apparently /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt expired last year: % openssl x509 -in /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt -noout -dates notBefore=Sep 30 21:12:19 2000 GMT notAfter=Sep 30 14:01:15 2021 GMT I wonder why it is still included in ca

Re: how to integrate ca-certificates with gpgsm (for email s/mime signature verification)

2019-06-02 Thread deloptes
Gregor Zattler wrote: > I thought the location of the certs might be debian specific. Hi, sorry but I do not know anything about S/MIME - I tend to recall, it is insecure and meaningless. Another option would be to ask on the debian dev list or to address the debian maintainer or wait here someon

Re: how to integrate ca-certificates with gpgsm (for email s/mime signature verification)

2019-06-02 Thread Gregor Zattler
t; I'm asked if I trust the respective Root CAs Cert.  That's tedious. >> >> Therefore I would like to integrate certificates provided by >> debians ca-certificates package with gpgsm, but the only way I >> found to do so, would be to manually import all those >>

Re: how to integrate ca-certificates with gpgsm (for email s/mime signature verification)

2019-06-02 Thread deloptes
.  That's tedious. > > Therefore I would like to integrate certificates provided by > debians ca-certificates package with gpgsm, but the only way I > found to do so, would be to manually import all those > certificates. > > Isn't there an option to read in those certs fr

how to integrate ca-certificates with gpgsm (for email s/mime signature verification)

2019-06-02 Thread Gregor Zattler
ld like to integrate certificates provided by debians ca-certificates package with gpgsm, but the only way I found to do so, would be to manually import all those certificates. Isn't there an option to read in those certs from /etc/ssl... at start-up? Ciao; Gregor -- -... --- .-. . -.. ..--.. ...-.-

Re: Errors on updating package ca-certificates in jessie

2018-07-07 Thread Guido Schmidt
Am 07.07.2018 um 15:11 schrieb Roberto C. Sánchez: On Sat, Jul 07, 2018 at 02:16:35PM +0200, Guido Schmidt wrote: Hi all, I just updated ca-certificates from 20141019+deb8u3 to 20141019+deb8u4 and got these errors: Updating certificates in /etc/ssl/certs... unable to load certificate

Re: Errors on updating package ca-certificates in jessie

2018-07-07 Thread Roberto C . Sánchez
On Sat, Jul 07, 2018 at 02:16:35PM +0200, Guido Schmidt wrote: > Hi all, > > I just updated ca-certificates from 20141019+deb8u3 to 20141019+deb8u4 and > got these errors: > > Updating certificates in /etc/ssl/certs... unable to load certificate > 140549699909264:error:0

Errors on updating package ca-certificates in jessie

2018-07-07 Thread Guido Schmidt
Hi all, I just updated ca-certificates from 20141019+deb8u3 to 20141019+deb8u4 and got these errors: Updating certificates in /etc/ssl/certs... unable to load certificate 140549699909264:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1219: 140549699909264:error

Re: ca-certificates

2013-09-10 Thread Joel Rees
t update, I see there is a new ca- > certificates available. Did I miss that? (And I'm wondering where it would be announced. I don't see any mention of CA certificates on any debain *-announce lists recently.) But another big question is, what is telling you new certificates are available? Apt

ca-certificates

2013-09-10 Thread Gordon Haverland
. Today, after an apt-get update, I see there is a new ca- certificates available. Okay, install it. There is a dialog on my text console for this, do you trust this handful of new certificates? How should I know? The README file (possibly from the June update, since I haven't fin

Re: how to avoid Setting up ca-certificates-java

2012-06-13 Thread Darac Marjal
On Wed, Jun 13, 2012 at 03:59:18PM +0100, abdelkader belahcene wrote: >Hi, >each time I install or remove any Package,� the following setting is >executed, how to avoid it >� > Setting up ca-certificates-java (20100412) ... >creating /etc/ssl/

how to avoid Setting up ca-certificates-java

2012-06-13 Thread abdelkader belahcene
Hi, each time I install or remove any Package, the following setting is executed, how to avoid it Setting up ca-certificates-java (20100412) ... creating /etc/ssl/certs/java/cacerts... removed untrusted certificate mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt . thanks for

Re: ca-certificates

2006-11-13 Thread David E. Fox
mment header. Then > run "dpkg --configure ca-certificates" and the post-installation script I did what you suggested. The first time I ran the reconfigure script it dawned on me that the error may be actually caused by a subprogram called 'update-ca-certificates'. But it is not cle

Re: ca-certificates

2006-11-11 Thread Florian Kulzer
't find any package whose name or description matched > "ca-certificates_20061027_all.deb" The following packages have been That one is easy: It should either be "aptitude install ca-certificates" or "dpkg --install ca-certificates_20061027_all.deb". > kept back: gdm lib

Re: ca-certificates

2006-11-10 Thread David E. Fox
talled, 0 to remove and 3 not upgraded. Need to get 0B of archives. After unpacking 0B will be used. Setting up ca-certificates (20061027) ... Updating certificates in /etc/ssl/certsdpkg: error processing ca-certificates (--configure): subprocess post-installation script returned error exit stat

Re: ca-certificates

2006-11-09 Thread Florian Kulzer
On Thu, Nov 09, 2006 at 00:48:33 -0500, Mark Grieveson wrote: > Hello. On a recent upgrade, using Etch, I got an error with > ca-certificates (which prevented the upgrade). Has anyone else gotten > this? I use xfce4. Which version of the package is this? 20061027 installed without

ca-certificates

2006-11-08 Thread Mark Grieveson
Hello. On a recent upgrade, using Etch, I got an error with ca-certificates (which prevented the upgrade). Has anyone else gotten this? I use xfce4. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ca-certificates post-installation script fails

2005-11-24 Thread Matthew Hobbs
Thanks for the reply... however I am really only using this package because other packages depend on it (openoffice.org depends on openoffice.org-bin which depends on libcurl3 which depends on ca-certificates). I have installed libcurl3 with a dpkg --ignore-depends=ca-certificates option so

Re: ca-certificates post-installation script fails

2005-11-24 Thread gg234 (sent by Nabble.com)
if you want to create your own CA using open ssl check this link www.debianhelp.co.uk/selfcert.htm Sent from the Debian User forum at Nabble.com.

ca-certificates post-installation script fails

2005-11-23 Thread Matthew Hobbs
Hi, Can anyone help me with this please? How do you find out what a post-installation script is unhappy about? Thanks, Matthew tmp: apt-get install -t stable ca-certificates Reading Package Lists... Done Building Dependency Tree... Done ca-certificates is already the newest version. 0