Your message dated Wed, 24 Jun 2009 19:17:07 +0000
with message-id <[email protected]>
and subject line Bug#473677: fixed in ca-certificates 20090624
has caused the Debian Bug report #473677,
regarding Please document how to add custom certificates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
473677: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473677
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ca-certificates
Version: 20050804
Severity: wishlist
It wasn't clear how to add custom certificates in a way that would get
them added to /etc/ssl/certs/ca-certificates.crt. I finally figured
out this process:
- Copy PEM-formatted certificates to
/usr/share/ca-certificates/local/filename.crt
(extension .crt is critical)
- Run "dpkg-reconfigure ca-certificates" and enable the new
certificate. This should run update-ca-certificates.
Perhaps this can be documented in REAMDE.Debian?
-jim
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.2
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages ca-certificates depends on:
ii debconf [debconf-2.0] 1.4.67 Debian configuration management sy
ii openssl 0.9.8a-6 Secure Socket Layer (SSL) binary a
ca-certificates recommends no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20090624
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive:
ca-certificates_20090624.dsc
to pool/main/c/ca-certificates/ca-certificates_20090624.dsc
ca-certificates_20090624.tar.gz
to pool/main/c/ca-certificates/ca-certificates_20090624.tar.gz
ca-certificates_20090624_all.deb
to pool/main/c/ca-certificates/ca-certificates_20090624_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Philipp Kern <[email protected]> (supplier of updated ca-certificates package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 24 Jun 2009 21:04:08 +0200
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20090624
Distribution: unstable
Urgency: low
Maintainer: Philipp Kern <[email protected]>
Changed-By: Philipp Kern <[email protected]>
Description:
ca-certificates - Common CA certificates
Closes: 352637 419491 473677 476663 511150
Changes:
ca-certificates (20090624) unstable; urgency=low
.
* Allow local certificate installation. All certificates found
in `/usr/local/share/ca-certificates' will be automatically added
to the list of trusted certificates in `/etc/ssl/certs'.
(Closes: #352637, #419491, #473677, #476663, #511150)
* Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
1.51):
+ COMODO ECC Certification Authority
+ DigiNotar Root CA
+ Network Solutions Certificate Authority
+ WellsSecure Public Root Certificate Authority
- Equifax Secure Global eBusiness CA
- UTN USERFirst Object Root CA
* Reimplemented the Mozilla certdata parser mainly to exclude explicitly
untrusted certificates. This led to the exclusion of the
"MD5 Collisions Forged Rogue CA 23c3" and its parent
"Equifax Secure Global eBusiness CA". Furthermore code signing-only
certificates are no longer included neither.
* Remove the purging of old PEM files in postinst dating back to
versions earlier than 20030414.
* Hooks are now called at every invocation of `update-ca-certificates'.
If no changes were done to `/etc/ssl/certs', the input for the
hooks will be empty, though. Failure exit codes of hooks will not
tear down the upgrade process anymore. They are printed but ignored.
Checksums-Sha1:
9262dede484061af4807872bac8f6c6facab0eb2 790 ca-certificates_20090624.dsc
5962d6426b42d7811a81c4635100e506321b2dba 230505 ca-certificates_20090624.tar.gz
bd9e39bae37f48ad88321d283f4afd0cf3b8814d 154412
ca-certificates_20090624_all.deb
Checksums-Sha256:
514eb0a3a64675c4112bdffefc0db024b441175532bae81e9b62495472062913 790
ca-certificates_20090624.dsc
41870f2dc9ded510d89147f173587552873f9ffff237faf38d99f8a71330000b 230505
ca-certificates_20090624.tar.gz
0998ce4cac29f63651cad5a9a4f39cda9f1b0f21f38cf9588b364e33307c25a3 154412
ca-certificates_20090624_all.deb
Files:
1064896261b5e3a844f921a7b0f504cb 790 misc optional ca-certificates_20090624.dsc
ab879096aa02bc5264211e5602190dd8 230505 misc optional
ca-certificates_20090624.tar.gz
9d24288dddb5d0ba5cb1adb267144c7c 154412 misc optional
ca-certificates_20090624_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpCeMYACgkQ7Ro5M7LPzdi7LwCfYWrrSmxENeBX4H5sZ8k4W7qW
L2sAoLiL0b+9tZjvTksz9KEi2d23F2KT
=aQ9u
-----END PGP SIGNATURE-----
--- End Message ---
