Erik Auerswald wrote:
> Grigoriy Sokolik wrote:
> > I've rechecked:
>
> I cannot reproduce the problem, the certificate is trusted by my system:
>
> # via IPv4
> $ gnutls-cli --verbose translationproject.org </dev/null | grep -E
> 'Connecting|Status'
> Connecting to '80.69.83.146:443'...
> - Status: The certificate is trusted.
> # via IPv6
> $ gnutls-cli --verbose translationproject.org </dev/null | grep -E
> 'Connecting|Status'
> Connecting to '2a01:7c8:c037:6::20:443'...
> - Status: The certificate is trusted.
I have the same results here. Everything looks okay in the inspection
of it.
> It seems to me as if your system does not trust the used root CA.
>
> > [...]issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.'[...]
>
> On my Ubuntu 18.04 system, I find it via symlink from /etc/ssl/certs:
>
> $ ls /etc/ssl/certs/DST_Root_CA_X3.pem -l
> lrwxrwxrwx 1 root root 53 Mai 28 2018 /etc/ssl/certs/DST_Root_CA_X3.pem
> -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
> $ certtool --certificate-info <
> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt | grep Subject:
> Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
Again same here on my Debian system. The root certificate store for
the trust anchor is in the ca-certificates package.
Looking at my oldest system I see this is distributed as package
version 20200601~deb9u1 and includes the above file.
$ apt-cache policy ca-certificates
ca-certificates:
Installed: 20200601~deb9u1
Candidate: 20200601~deb9u1
Version table:
*** 20200601~deb9u1 500
500 http://ftp.us.debian.org/debian stretch/main amd64 Packages
500 http://ftp.us.debian.org/debian stretch-updates/main amd64
Packages
100 /var/lib/dpkg/status
Verifying that the equivalent of ca-certificates is installed on your
system should provide for it.
As this seems not to be a bug in Coreutils I am marking the bug as
closed with this mail. However more discussion is always welcome.
Bob
