On Sat, Feb 23, 2019 at 09:32:18AM +0000, DJ Lucas via blfs-support wrote: > > On 2/23/2019 3:14 AM, Ken Moffat via blfs-support wrote: > > I had a reply off-list suggesting that I try without the local cert > > directory. So I renamed that, and retried. Running make-ca -g > > succeeded but told me that the certs were up to date. Running make-ca > > -f succeeded, the final output was: Certificate: Global Chambersign > > Root - 2008 Keyhash: 0c4c9b6c Added to p11-kit anchor directory with > > trust 'C,C,'. Extracting OpenSSL certificates to > > /etc/ssl/certs...Done! Extracting GNUTLS server auth certificates to > > /etc/pki/tls/certs/ca-bundle.crt...Done! Extracting GNUTLS S-Mime > > certificates to /etc/pki/tls/certs/email-ca-bundle.crt...Done! > > Extracting GNUTLS code signing certificates to > > /etc/pki/tls/certs/objsign-ca-bundle.crt...Done! Extracting Java > > cacerts (JKS) to /etc/pki/tls/java/cacerts...Done! And running links > > to an https: site from chroot now works. I'll keep this around for a > > bit in case you are replying to my earlier reply, but I need to sort > > out some food, then I'll probably go shopping and then wind down and > > go to bed. > Bad cert in the /etc/ssl/local directory caused that to cascade like > that? I can't see how, but I'll have to figure it out. If you still have > it around and it's not too much trouble (and nothing private in > /etc/ssl/local), could you tar up the contents and send, or is it just > the example cacert.org certs? > --DJ > I don't have any current use for local certs, I was just trying to follow the book. Maybe something in what I thought I had copied from the book is wrong. So here is the commented-out part. KM_LOG points to my log for this package, and apologies if I've mis-pasted or failed to update this and wasted your time.
#install -vdm755 /etc/ssl/local >$KM_LOG 2>&1 #wget http://www.cacert.org/certs/root.crt >>$KM_LOG 2>&1 #wget http://www.cacert.org/certs/class3.crt >>$KM_LOG 2>&1 #openssl x509 -in root.crt -text -fingerprint -setalias "CAcert Class 1 root" \ # -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ # > /etc/ssl/local/CAcert_Class_1_root.pem >>$KM_LOG 2>&1 #openssl x509 -in class3.crt -text -fingerprint -setalias "CAcert Class 3 root" \ # -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ # > /etc/ssl/local/CAcert_Class_3_root.pem >>$KM_LOG 2>&1 But, looking at the contents: clearly wget has failed. -rw-r--r-- 1 root root 0 Feb 23 05:15 CAcert_Class_1_root.pem -rw-r--r-- 1 root root 0 Feb 23 05:15 CAcert_Class_3_root.pem Again, sorry if this is just me screwing up. ĸen -- The beauty of reading a page of de Selby is that it leads one inescapably to the conclusion that one is not, of all nincompoops, the greates. -- du Garbandier -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
