1 |
On Saturday 30 August 2008, Stroller wrote: |
2 |
> On 18 Aug 2008, at 08:04, Mick wrote: |
3 |
> > ... |
4 |
> > |
5 |
> >> When you updated the ca-certificates, you should have gotten a |
6 |
> >> postinst |
7 |
> >> message about broken symlinks that you need to remove. |
8 |
> > |
9 |
> > Oops! I had missed that. |
10 |
> > |
11 |
> > Looks good now: |
12 |
> > |
13 |
> > # update-ca-certificates |
14 |
> > Updating certificates in /etc/ssl/certs....done. |
15 |
> |
16 |
> Except that doesn't _seem_ to fix it: |
17 |
> |
18 |
> WARN: postinst |
19 |
> Broken symlink for a certificate at //etc/ssl/certs/SPI_CA_2006- |
20 |
> cacert.pem |
21 |
> Broken symlink for a certificate at //etc/ssl/certs/ |
22 |
> Verisign_Class_1_Public_Primary_OCSP_Responder.pem |
23 |
> Broken symlink for a certificate at //etc/ssl/certs/cacert.org.pem |
24 |
> Broken symlink for a certificate at //etc/ssl/certs/ |
25 |
> Verisign_Class_3_Public_Primary_OCSP_Responder.pem |
26 |
> Broken symlink for a certificate at //etc/ssl/certs/spi-ca.pem |
27 |
> Broken symlink for a certificate at //etc/ssl/certs/ |
28 |
> Verisign_Secure_Server_OCSP_Responder.pem |
29 |
> Broken symlink for a certificate at //etc/ssl/certs/ |
30 |
> Verisign_Class_2_Public_Primary_OCSP_Responder.pem |
31 |
> You MUST remove the above broken symlinks |
32 |
> |
33 |
> $ ls -l /etc/ssl/certs/SPI_CA_2006-cacert.pem |
34 |
> lrwxrwxrwx 1 root root 61 Aug 30 03:37 /etc/ssl/certs/SPI_CA_2006- |
35 |
> cacert.pem -> /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006- |
36 |
> cacert.crt |
37 |
> $ sudo update-ca-certificates --verbose |
38 |
> Updating certificates in /etc/ssl/certs....done. |
39 |
> $ ls -l /etc/ssl/certs/SPI_CA_2006-cacert.pem |
40 |
> lrwxrwxrwx 1 root root 61 Aug 30 03:37 /etc/ssl/certs/SPI_CA_2006- |
41 |
> cacert.pem -> /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006- |
42 |
> cacert.crt |
43 |
> $ |
44 |
|
45 |
I assume that the above links are shown as red (or whatever) indicating that |
46 |
the links are borked? |
47 |
|
48 |
On my machine: |
49 |
|
50 |
# |
51 |
ls -la /usr/share/ca-certificates/mozilla/Verisign_Secure_Server_OCSP_Responder.crt |
52 |
ls: cannot |
53 |
access /usr/share/ca-certificates/mozilla/Verisign_Secure_Server_OCSP_Responder.crt: |
54 |
No such file or directory |
55 |
|
56 |
# ls -la /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-cacert.crt |
57 |
ls: cannot |
58 |
access /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-cacert.crt: No such |
59 |
file or directory |
60 |
|
61 |
I believe that it is left as an exercise for the reader to manually remove |
62 |
such broken lists as your WARN message tells you: |
63 |
|
64 |
> WARN: postinst |
65 |
> Broken symlink for a certificate at //etc/ssl/certs/SPI_CA_2006- |
66 |
> cacert.pem |
67 |
> Broken symlink for a certificate at |
68 |
[snip...] |
69 |
> You MUST remove the above broken symlinks" |
70 |
|
71 |
Now I better go and do the same on my boxen! |
72 |
-- |
73 |
Regards, |
74 |
Mick |