Package: ssl-cert Version: 1.1.3 Followup-For: Bug #1091317 X-Debbugs-Cc: [email protected],[email protected]
It turns out that 'update-ca-certificates' only recognizes official certificates shipping with 'bin:ca-certificates' OR locale ones (such as snakeoil certificates) in /usr/local/share/ca-certificates/. This doesn't help remote hosts connecting to our local Apache because the snakeoil certificate issuer is unknown to them. Unless I'm missing something (Julien in CC can confirm), we don't have a debhelper method to ship our own certificates with a package and trigger 'update-ca-certificates' upon install? Martin-Éric -- System Information: Debian Release: 13.4 APT prefers stable-security-debug APT policy: (500, 'stable-security-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.74+deb13+1-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ssl-cert depends on: ii adduser 3.152 ii debconf [debconf-2.0] 1.5.91 ii openssl 3.5.5-1~deb13u1 ssl-cert recommends no packages. ssl-cert suggests no packages. -- debconf information: * make-ssl-cert/hostname: repos.internal make-ssl-cert/title: make-ssl-cert/vulnerable_prng: make-ssl-cert/altname: DNS:p8b75.internal
