[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Peer's certificate issuer is unknown while certificates have been ad
From: |
Daniel Kahn Gillmor |
Subject: |
Re: Peer's certificate issuer is unknown while certificates have been added |
Date: |
Fri, 21 Sep 2012 11:14:29 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:10.0.6esrpre) Gecko/20120817 Icedove/10.0.6 |
On 09/20/2012 05:55 PM, Daniel Kahn Gillmor wrote:
> That said, if you *do* want to add trusted root CAs to a debian-derived
> system that aren't already shipped in the ca-certificates package, you
> probably don't want to tamper with the contents of
> /usr/share/ca-certificates directly. That part of the filesystem is
> controlled by the ca-certificates package.
>
> Instead, for any CA that you want to add to a system as the admin, you
> only need to drop a world-readable PEM-encoded file containing the CA's
> certificate into /usr/share/ca-certificates/, and then re-run
> "update-ca-certificates" as the superuser. This will create links
> properly under /etc/ssl/certs, and will include them in
> /etc/ssl/ca-certificates.crt.
>
gah -- the above is wrong in a very confusing way, apologies!
/usr/share/ca-certificates
is controlled by the ca-certificates package.
But the local system administrator has free reign over:
/usr/local/share/ca-certificates
note the "/local/", which i sloppily left out of my original next.
files in the latter directory are automatically added to the system
default list of trusted root authorities whenever update-ca-certificates
is run.
sorry for adding to the confusion,
--dkg
signature.asc
Description: OpenPGP digital signature