On 18 Aug 2008, at 08:04, Mick wrote:
...
When you updated the ca-certificates, you should have gotten a
postinst
message about broken symlinks that you need to remove.
Oops! I had missed that.
Looks good now:
# update-ca-certificates
Updating certificates in /etc/ssl/certs....done.
Except that doesn't _seem_ to fix it:
WARN: postinst
Broken symlink for a certificate at //etc/ssl/certs/SPI_CA_2006-
cacert.pem
Broken symlink for a certificate at //etc/ssl/certs/
Verisign_Class_1_Public_Primary_OCSP_Responder.pem
Broken symlink for a certificate at //etc/ssl/certs/cacert.org.pem
Broken symlink for a certificate at //etc/ssl/certs/
Verisign_Class_3_Public_Primary_OCSP_Responder.pem
Broken symlink for a certificate at //etc/ssl/certs/spi-ca.pem
Broken symlink for a certificate at //etc/ssl/certs/
Verisign_Secure_Server_OCSP_Responder.pem
Broken symlink for a certificate at //etc/ssl/certs/
Verisign_Class_2_Public_Primary_OCSP_Responder.pem
You MUST remove the above broken symlinks
$ ls -l /etc/ssl/certs/SPI_CA_2006-cacert.pem
lrwxrwxrwx 1 root root 61 Aug 30 03:37 /etc/ssl/certs/SPI_CA_2006-
cacert.pem -> /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-
cacert.crt
$ sudo update-ca-certificates --verbose
Updating certificates in /etc/ssl/certs....done.
$ ls -l /etc/ssl/certs/SPI_CA_2006-cacert.pem
lrwxrwxrwx 1 root root 61 Aug 30 03:37 /etc/ssl/certs/SPI_CA_2006-
cacert.pem -> /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-
cacert.crt
$
Stroller.
