That works a treat. Thanks, Sam.
On Tue, Mar 3, 2020 at 3:32 AM Sam Morris via FreeIPA-users < [email protected]> wrote: > You can get browsers (and other programs that use libnss3) to use the > system-wide trust store (i.e., /etc/ssl/certs/ca-certificates.crt) if you > install p11-kit and run: > > # dpkg-divert --add --local --rename > /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so > # ln -srf /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so > /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so > > You can undo it by removing the symlink and then running 'dpkg-divert > --remove --rename /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so'. > > There was a discussion on the Debian BTS about doing this by default at < > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704180> but it never > actually happened. > > I think this is already done by default in the Red Hat world. > > -- > Sam Morris <[email protected]> > https://robots.org.uk/ > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
