Gentoo Archives: gentoo-user

From: Albert Hopkins <marduk@×××××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Duplicate ca certs
Date: Sun, 17 Aug 2008 11:51:41
Message-Id: 1218973841.32237.5.camel@localhost
In Reply to: [gentoo-user] Duplicate ca certs by Mick
1 On Sun, 2008-08-17 at 10:39 +0100, Mick wrote:
2 > Hi All,
3 >
4 > I am getting mixed up with update-ca-certificates. It reports that I have
5 > duplicates:
6 > =================================================
7 > # update-ca-certificates
8 > Updating certificates in /etc/ssl/certs....WARNING: SPI_CA_2006-cacert.pem
9 > does not contain a certificate or CRL: skipping
10 > WARNING: Verisign_Class_1_Public_Primary_OCSP_Responder.pem does not contain a
11 > certificate or CRL: skipping
12 > WARNING: cacert.org.pem does not contain a certificate or CRL: skipping
13 > WARNING: Skipping duplicate certificate QuoVadis_Root_CA.pem
14 > WARNING: Skipping duplicate certificate Verisign_RSA_Secure_Server_CA.pem
15 > WARNING: Skipping duplicate certificate
16 > America_Online_Root_Certification_Authority_1.pem
17 > WARNING: Skipping duplicate certificate
18 > America_Online_Root_Certification_Authority_2.pem
19 > WARNING: Verisign_Class_3_Public_Primary_OCSP_Responder.pem does not contain a
20 > certificate or CRL: skipping
21 > WARNING: Skipping duplicate certificate thawteCb.pem
22 > WARNING: Skipping duplicate certificate Wells_Fargo_Root_CA.pem
23 > WARNING: Skipping duplicate certificate thawteCp.pem
24 > WARNING: Skipping duplicate certificate vsign3.pem
25 > WARNING: spi-ca.pem does not contain a certificate or CRL: skipping
26 > WARNING: Verisign_Secure_Server_OCSP_Responder.pem does not contain a
27 > certificate or CRL: skipping
28 > WARNING: Skipping duplicate certificate aoltw1.pem
29 > WARNING: Skipping duplicate certificate aoltw2.pem
30 > WARNING: Verisign_Class_2_Public_Primary_OCSP_Responder.pem does not contain a
31 > certificate or CRL: skipping
32 > done.
33 > Running hooks in /etc/ca-certificates/update.d....done.
34 > =================================================
35 >
36 > However, when I check for e.g. vsign3.pem I see this:
37 >
38 > # ls -la /etc/ssl/certs/vsign*
39 > -rw-r--r-- 1 root root 984 Jun 1 09:43 /etc/ssl/certs/vsign1.pem
40 > -rw-r--r-- 1 root root 989 Dec 4 2005 /etc/ssl/certs/vsign2.pem
41 > -rw-r--r-- 1 root root 984 Jun 1 09:43 /etc/ssl/certs/vsign3.pem
42 > -rw-r--r-- 1 root root 976 Jun 1 09:43 /etc/ssl/certs/vsignss.pem
43 > -rw-r--r-- 1 root root 1084 Dec 4 2005 /etc/ssl/certs/vsigntca.pem
44 >
45 > Also, what should I do with those that report "does not contain a certificate
46 > or CRL: skipping"?
47
48
49 When you updated the ca-certificates, you should have gotten a postinst
50 message about broken symlinks that you need to remove.

Replies

Subject Author
Re: [gentoo-user] Duplicate ca certs Mick <michaelkintzios@×××××.com>