1 |
On Sun, 2008-08-17 at 10:39 +0100, Mick wrote: |
2 |
> Hi All, |
3 |
> |
4 |
> I am getting mixed up with update-ca-certificates. It reports that I have |
5 |
> duplicates: |
6 |
> ================================================= |
7 |
> # update-ca-certificates |
8 |
> Updating certificates in /etc/ssl/certs....WARNING: SPI_CA_2006-cacert.pem |
9 |
> does not contain a certificate or CRL: skipping |
10 |
> WARNING: Verisign_Class_1_Public_Primary_OCSP_Responder.pem does not contain a |
11 |
> certificate or CRL: skipping |
12 |
> WARNING: cacert.org.pem does not contain a certificate or CRL: skipping |
13 |
> WARNING: Skipping duplicate certificate QuoVadis_Root_CA.pem |
14 |
> WARNING: Skipping duplicate certificate Verisign_RSA_Secure_Server_CA.pem |
15 |
> WARNING: Skipping duplicate certificate |
16 |
> America_Online_Root_Certification_Authority_1.pem |
17 |
> WARNING: Skipping duplicate certificate |
18 |
> America_Online_Root_Certification_Authority_2.pem |
19 |
> WARNING: Verisign_Class_3_Public_Primary_OCSP_Responder.pem does not contain a |
20 |
> certificate or CRL: skipping |
21 |
> WARNING: Skipping duplicate certificate thawteCb.pem |
22 |
> WARNING: Skipping duplicate certificate Wells_Fargo_Root_CA.pem |
23 |
> WARNING: Skipping duplicate certificate thawteCp.pem |
24 |
> WARNING: Skipping duplicate certificate vsign3.pem |
25 |
> WARNING: spi-ca.pem does not contain a certificate or CRL: skipping |
26 |
> WARNING: Verisign_Secure_Server_OCSP_Responder.pem does not contain a |
27 |
> certificate or CRL: skipping |
28 |
> WARNING: Skipping duplicate certificate aoltw1.pem |
29 |
> WARNING: Skipping duplicate certificate aoltw2.pem |
30 |
> WARNING: Verisign_Class_2_Public_Primary_OCSP_Responder.pem does not contain a |
31 |
> certificate or CRL: skipping |
32 |
> done. |
33 |
> Running hooks in /etc/ca-certificates/update.d....done. |
34 |
> ================================================= |
35 |
> |
36 |
> However, when I check for e.g. vsign3.pem I see this: |
37 |
> |
38 |
> # ls -la /etc/ssl/certs/vsign* |
39 |
> -rw-r--r-- 1 root root 984 Jun 1 09:43 /etc/ssl/certs/vsign1.pem |
40 |
> -rw-r--r-- 1 root root 989 Dec 4 2005 /etc/ssl/certs/vsign2.pem |
41 |
> -rw-r--r-- 1 root root 984 Jun 1 09:43 /etc/ssl/certs/vsign3.pem |
42 |
> -rw-r--r-- 1 root root 976 Jun 1 09:43 /etc/ssl/certs/vsignss.pem |
43 |
> -rw-r--r-- 1 root root 1084 Dec 4 2005 /etc/ssl/certs/vsigntca.pem |
44 |
> |
45 |
> Also, what should I do with those that report "does not contain a certificate |
46 |
> or CRL: skipping"? |
47 |
|
48 |
|
49 |
When you updated the ca-certificates, you should have gotten a postinst |
50 |
message about broken symlinks that you need to remove. |