not specify.
Indeed they don't specify this directly. If you take the examples into
consideration, they may shed some light on this, though:
$ xxd <
/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt
: 2d2d 2d2d 2d42 4547 494e 2043 4552 54
ote:
>>>>> What formats does certs need to be to work with update-ca-certificates?
>>>>>
>>>>> PEM or DER?
>>>> PEM
>>> Well lets look at man update-ca-certificates, shall we?
>>>
>>> "Certificates must have a
Pocket writes:
On 12/14/23 08:11, Henning Follmann wrote:
On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote:
On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
What formats does certs need to be to work with update-ca-certificates?
PEM or DER?
PEM
Well lets look at man update-ca
On 12/14/23 08:11, Henning Follmann wrote:
On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote:
On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
What formats does certs need to be to work with update-ca-certificates?
PEM or DER?
PEM
Well lets look at man update-ca-certificates
On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote:
> On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
> >
> > What formats does certs need to be to work with update-ca-certificates?
> >
> > PEM or DER?
>
> PEM
Well lets look at man update-ca-certificat
Hello,
On Wed, Dec 13, 2023 at 07:50:00PM -0700, Charles Curley wrote:
> On Thu, 14 Dec 2023 09:34:37 +0800
> jeremy ardley wrote:
>
> > You don't have to be your own CA. It's very easy to use letsencrypt
> > to generate valid certificates for hosts even if they are not
> > directly connected to
On Wed, Dec 13, 2023 at 10:52 PM Jeffrey Walton wrote:
>
> On Wed, Dec 13, 2023 at 9:58 PM Pocket wrote:
> >
> > On 12/13/23 21:47, Jeffrey Walton wrote:
> > > On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
> > >> What formats does certs need to
On Wed, Dec 13, 2023 at 9:58 PM Pocket wrote:
>
> On 12/13/23 21:47, Jeffrey Walton wrote:
> > On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
> >> What formats does certs need to be to work with update-ca-certificates?
> >>
> >> PEM or DER?
> > PEM
&g
On 12/13/23 21:50, Charles Curley wrote:
On Thu, 14 Dec 2023 09:34:37 +0800
jeremy ardley wrote:
You don't have to be your own CA. It's very easy to use letsencrypt
to generate valid certificates for hosts even if they are not
directly connected to the internet.
Oooh, is there a writeup som
On 12/13/23 21:47, Jeffrey Walton wrote:
On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
What formats does certs need to be to work with update-ca-certificates?
PEM or DER?
PEM
Ok since I am using an intermediate cert to sign, I am creating a
combined PEM with the root CA and the
On Thu, 14 Dec 2023 09:34:37 +0800
jeremy ardley wrote:
> You don't have to be your own CA. It's very easy to use letsencrypt
> to generate valid certificates for hosts even if they are not
> directly connected to the internet.
Oooh, is there a writeup somewhere on how to do that? The last time
On Wed, Dec 13, 2023 at 7:55 PM Pocket wrote:
>
> What formats does certs need to be to work with update-ca-certificates?
>
> PEM or DER?
PEM
> I have just finished writing some scripts to generate certs for my email
> server and nginx server.
>
> [...]
> Will pem f
On 12/13/23 20:25, Roberto C. Sánchez wrote:
On Wed, Dec 13, 2023 at 07:54:45PM -0500, Pocket wrote:
What formats does certs need to be to work with update-ca-certificates?
PEM or DER?
I have just finished writing some scripts to generate certs for my email
server and nginx server.
The
On 12/13/23 20:34, jeremy ardley wrote:
On 14/12/23 08:54, Pocket wrote:
I have just finished writing some scripts to generate certs for my
email server and nginx server.
The scripts allow me to become my own CA.
You don't have to be your own CA. It's very easy to use letsencrypt to
On 14/12/23 08:54, Pocket wrote:
I have just finished writing some scripts to generate certs for my
email server and nginx server.
The scripts allow me to become my own CA.
You don't have to be your own CA. It's very easy to use letsencrypt to
generate valid certificates for hosts even
On Wed, Dec 13, 2023 at 07:54:45PM -0500, Pocket wrote:
> What formats does certs need to be to work with update-ca-certificates?
>
> PEM or DER?
>
> I have just finished writing some scripts to generate certs for my email
> server and nginx server.
>
> The scripts allo
What formats does certs need to be to work with update-ca-certificates?
PEM or DER?
I have just finished writing some scripts to generate certs for my email
server and nginx server.
The scripts allow me to become my own CA.
The man page states that the cert needs to have a suffix of .crt
That seems to have worked (I think)...
On Thu, Jun 22, 2023, at 7:34 AM, Andrew M.A. Cater wrote:
snip
> It might be worth looking at precisely what is not installed / removed
> dpkg -C will give you what needs configuring if anything, I think.
>
> I had a similar experience with upg
On Thu, Jun 22, 2023 at 10:45 PM Rick Thomas wrote:
>
> That seems to have worked (I think)...
>
> On Thu, Jun 22, 2023, at 7:34 AM, Andrew M.A. Cater wrote:
> snip
> > It might be worth looking at precisely what is not installed / removed
> > dpkg -C will give you what needs configu
n I try to reinstall it, I get:
>>>
>>> rbthomas@pi:~$ sudo -i apt-get install --reinstall ca-certificates-java
>>> Reading package lists... Done
>>> Building dependency tree... Done
>>> Reading state information... Done
>>> 0 upgraded, 0 newly install
t; >> Unfortunately when I try to reinstall it, I get:
> >>
> >> rbthomas@pi:~$ sudo -i apt-get install --reinstall ca-certificates-java
> >> Reading package lists... Done
> >> Building dependency tree... Done
> >> Reading state information
~$ sudo -i apt-get install --reinstall ca-certificates-java
>> Reading package lists... Done
>> Building dependency tree... Done
>> Reading state information... Done
>> 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
>> 4 not fully installed or
ed by programs that I use at the command-line level. Would it be
>> possible to simply "purge" the affected packages?
>>
>> Thanks for any help you can give me to get this machine back in operation!
>
> The first command I would run is:
>
>apt-get install
>>
> >> I'm not a java user myself, though I suspect there are java programs are
> >> used by programs that I use at the command-line level. Would it be
> >> possible to simply "purge" the affected packages?
> >>
> >> Thanks for any
affected packages?
>
> Thanks for any help you can give me to get this machine back in operation!
The first command I would run is:
apt-get install ca-certificates-java
If the package is already installed (I can't tell; it looks like
install may have failed), then:
apt-get in
I have a Raspberry Pi that is running Debian (*not* Raspbian) that I just
upgraded from Bullseye => Bookworm.
Following the upgrade whenever I try to install the latest upgrades, I get
errors (see attached transcript).
Can anybody see what I've done wrong? Or what I can do to fix it?
I'm not
On Thu, May 12, 2022 at 06:06:41PM +0300, IL Ka wrote:
> Hi.
>
> OSes usually include all CA certificates (even expired). Windows also does
> it (I have CA expired in 1999 in win10).
>
> User should have the ability to distinguish between invalid signatures and
> old/expire
Hi.
OSes usually include all CA certificates (even expired). Windows also does
it (I have CA expired in 1999 in win10).
User should have the ability to distinguish between invalid signatures and
old/expired signatures.
While the latter is an expected situation, the former is definitely fraud.
Hi folks,
apparently /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt expired last
year:
% openssl x509 -in /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt -noout
-dates
notBefore=Sep 30 21:12:19 2000 GMT
notAfter=Sep 30 14:01:15 2021 GMT
I wonder why it is still included in ca
Gregor Zattler wrote:
> I thought the location of the certs might be debian specific.
Hi,
sorry but I do not know anything about S/MIME - I tend to recall, it is
insecure and meaningless.
Another option would be to ask on the debian dev list or to address the
debian maintainer or wait here someon
t; I'm asked if I trust the respective Root CAs Cert. That's tedious.
>>
>> Therefore I would like to integrate certificates provided by
>> debians ca-certificates package with gpgsm, but the only way I
>> found to do so, would be to manually import all those
>>
. That's tedious.
>
> Therefore I would like to integrate certificates provided by
> debians ca-certificates package with gpgsm, but the only way I
> found to do so, would be to manually import all those
> certificates.
>
> Isn't there an option to read in those certs fr
ld like to integrate certificates provided by
debians ca-certificates package with gpgsm, but the only way I
found to do so, would be to manually import all those
certificates.
Isn't there an option to read in those certs from /etc/ssl... at
start-up?
Ciao; Gregor
--
-... --- .-. . -.. ..--.. ...-.-
Am 07.07.2018 um 15:11 schrieb Roberto C. Sánchez:
On Sat, Jul 07, 2018 at 02:16:35PM +0200, Guido Schmidt wrote:
Hi all,
I just updated ca-certificates from 20141019+deb8u3 to 20141019+deb8u4 and got
these errors:
Updating certificates in /etc/ssl/certs... unable to load certificate
On Sat, Jul 07, 2018 at 02:16:35PM +0200, Guido Schmidt wrote:
> Hi all,
>
> I just updated ca-certificates from 20141019+deb8u3 to 20141019+deb8u4 and
> got these errors:
>
> Updating certificates in /etc/ssl/certs... unable to load certificate
> 140549699909264:error:0
Hi all,
I just updated ca-certificates from 20141019+deb8u3 to 20141019+deb8u4 and got
these errors:
Updating certificates in /etc/ssl/certs... unable to load certificate
140549699909264:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1219:
140549699909264:error
t update, I see there is a new ca-
> certificates available.
Did I miss that?
(And I'm wondering where it would be announced. I don't see any
mention of CA certificates on any debain *-announce lists recently.)
But another big question is, what is telling you new certificates are
available? Apt
.
Today, after an apt-get update, I see there is a new ca-
certificates available. Okay, install it. There is a dialog on
my text console for this, do you trust this handful of new
certificates? How should I know? The README file (possibly from
the June update, since I haven't fin
On Wed, Jun 13, 2012 at 03:59:18PM +0100, abdelkader belahcene wrote:
>Hi,
>each time I install or remove any Package,� the following setting is
>executed, how to avoid it
>�
> Setting up ca-certificates-java (20100412) ...
>creating /etc/ssl/
Hi,
each time I install or remove any Package, the following setting is
executed, how to avoid it
Setting up ca-certificates-java (20100412) ...
creating /etc/ssl/certs/java/cacerts...
removed untrusted certificate
mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
.
thanks for
mment header. Then
> run "dpkg --configure ca-certificates" and the post-installation script
I did what you suggested. The first time I ran the reconfigure script
it dawned on me that the error may be actually caused by a subprogram
called 'update-ca-certificates'. But it is not cle
't find any package whose name or description matched
> "ca-certificates_20061027_all.deb" The following packages have been
That one is easy: It should either be "aptitude install ca-certificates"
or "dpkg --install ca-certificates_20061027_all.deb".
> kept back: gdm lib
talled, 0 to remove and 3 not upgraded.
Need to get 0B of archives. After unpacking 0B will be used.
Setting up ca-certificates (20061027) ...
Updating certificates in /etc/ssl/certsdpkg: error processing
ca-certificates (--configure): subprocess post-installation script
returned error exit stat
On Thu, Nov 09, 2006 at 00:48:33 -0500, Mark Grieveson wrote:
> Hello. On a recent upgrade, using Etch, I got an error with
> ca-certificates (which prevented the upgrade). Has anyone else gotten
> this? I use xfce4.
Which version of the package is this? 20061027 installed without
Hello. On a recent upgrade, using Etch, I got an error with
ca-certificates (which prevented the upgrade). Has anyone else gotten
this? I use xfce4.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Thanks for the reply... however I am really only using this package because
other packages depend on it (openoffice.org depends on openoffice.org-bin
which depends on libcurl3 which depends on ca-certificates). I have
installed libcurl3 with a dpkg --ignore-depends=ca-certificates option so
if you want to create your own CA using open ssl check this link
www.debianhelp.co.uk/selfcert.htm
Sent from the Debian User forum at Nabble.com.
Hi,
Can anyone help me with this please? How do you find out what a
post-installation script is unhappy about?
Thanks,
Matthew
tmp: apt-get install -t stable ca-certificates
Reading Package Lists... Done
Building Dependency Tree... Done
ca-certificates is already the newest version.
0
48 matches
Mail list logo