[Touch-packages] [Bug 1656054] Re: Unable to validate GoDaddy signed certs
https://casecurity.ssllabs.com/analyze.html?d=api-v1.weather.gov That's a good link to send them to show the "Chain issues - Incomplete" and "Extra download" on the intermediate. Also https://www.godaddy.com/help/install-ssl-certificates-16623 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1656054 Title: Unable to validate GoDaddy signed certs Status in ca-certificates package in Ubuntu: Invalid Bug description: I am updating a script to use a new version of the US National Weather Service API and am running into a certificate problem. kjotte@daedalus:/tmp$ curl https://api-v1.weather.gov/ curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none ... I have run update-ca-certificates to ensure the master bundle is current. This URL is accessible in Firefox with correct validation. Workaround: kjotte@daedalus:/tmp$ curl -sO https://certs.godaddy.com/repository/gd_bundle-g2.crt kjotte@daedalus:/tmp$ curl --cacert ./gd_bundle-g2.crt https://api-v1.weather.gov/ {"status":"OK"} Please update the system certificate store so I don't have to load the GoDaddy cert bundle on every machine I'll be running my scripts on. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: ca-certificates 20160104ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35 Uname: Linux 4.4.0-59-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.4 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Jan 12 12:43:45 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2011-12-09 (1861 days ago) InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012) PackageArchitecture: all SourcePackage: ca-certificates UpgradeStatus: Upgraded to xenial on 2016-05-31 (226 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1656054/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1656054] Re: Unable to validate GoDaddy signed certs
s: = subject i: = issuer The server certificate "CN=nws.noaa.gov" was issued by (signed by) "CN=Go Daddy Secure Certificate Authority - G2" This issuer is an intermediate. There is nothing provided by the server to chain this intermediate to a root certificate. I'm pretty sure the root that signed this intermediate is "Go Daddy Root Certificate Authority - G2", which has been in ca-certificates since 20111025. The web server needs to be configured to provide that intermediate certificate to the client, in order to complete the chain to the root. I'm certain this is all in the Go Daddy "How do I configure my new certificate" instructions. :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1656054 Title: Unable to validate GoDaddy signed certs Status in ca-certificates package in Ubuntu: Invalid Bug description: I am updating a script to use a new version of the US National Weather Service API and am running into a certificate problem. kjotte@daedalus:/tmp$ curl https://api-v1.weather.gov/ curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none ... I have run update-ca-certificates to ensure the master bundle is current. This URL is accessible in Firefox with correct validation. Workaround: kjotte@daedalus:/tmp$ curl -sO https://certs.godaddy.com/repository/gd_bundle-g2.crt kjotte@daedalus:/tmp$ curl --cacert ./gd_bundle-g2.crt https://api-v1.weather.gov/ {"status":"OK"} Please update the system certificate store so I don't have to load the GoDaddy cert bundle on every machine I'll be running my scripts on. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: ca-certificates 20160104ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35 Uname: Linux 4.4.0-59-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.4 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Jan 12 12:43:45 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2011-12-09 (1861 days ago) InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012) PackageArchitecture: all SourcePackage: ca-certificates UpgradeStatus: Upgraded to xenial on 2016-05-31 (226 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1656054/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1656054] Re: Unable to validate GoDaddy signed certs
The site is probably not configured correctly. See a similar example: https://bugzilla.mozilla.org/show_bug.cgi?id=926163 FYI, a better test than curl is: echo "HEAD /" | openssl s_client -CApath /etc/ssl/certs -connect api-v1.weather.gov:443 ** Bug watch added: Mozilla Bugzilla #926163 https://bugzilla.mozilla.org/show_bug.cgi?id=926163 ** Changed in: ca-certificates (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1656054 Title: Unable to validate GoDaddy signed certs Status in ca-certificates package in Ubuntu: Invalid Bug description: I am updating a script to use a new version of the US National Weather Service API and am running into a certificate problem. kjotte@daedalus:/tmp$ curl https://api-v1.weather.gov/ curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none ... I have run update-ca-certificates to ensure the master bundle is current. This URL is accessible in Firefox with correct validation. Workaround: kjotte@daedalus:/tmp$ curl -sO https://certs.godaddy.com/repository/gd_bundle-g2.crt kjotte@daedalus:/tmp$ curl --cacert ./gd_bundle-g2.crt https://api-v1.weather.gov/ {"status":"OK"} Please update the system certificate store so I don't have to load the GoDaddy cert bundle on every machine I'll be running my scripts on. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: ca-certificates 20160104ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35 Uname: Linux 4.4.0-59-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.4 Architecture: amd64 CurrentDesktop: XFCE Date: Thu Jan 12 12:43:45 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2011-12-09 (1861 days ago) InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012) PackageArchitecture: all SourcePackage: ca-certificates UpgradeStatus: Upgraded to xenial on 2016-05-31 (226 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1656054/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1638268] Re: certbot-auto claims parse error in apache config, but doesn't tell me which line
** Package changed: ca-certificates (Ubuntu) => python-certbot (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1638268 Title: certbot-auto claims parse error in apache config, but doesn't tell me which line Status in python-certbot package in Ubuntu: New Bug description: Saving debug log to /var/log/letsencrypt/letsencrypt.log ... The error was: PluginError(('There has been an error in parsing the file (%s): %s', u'/etc/apache2/sites-available/mycrazydomainname.com', u'Syntax error'),) Ok, well, it would be super-helpful to know which line had the syntax error, that's a file with hundreds of lines modrewrite rules, tls protocol specifier lines, comments... What doesn't it like? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-certbot/+bug/1638268/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1465243] Re: Missing root certificate "COMODO RSA Certification Authority"
Tagged as Fix Released (at least in Debian..) ca-certificates (20150426) unstable; urgency=medium * debian/postinst: Set mode and group of /usr/local/share/ca-certificates based on current /usr/local permissions and ownership. Closes: #611501 * sbin/update-ca-certificates: Allow customisation of the paths used by update-ca-certificates. Add an option to set the certs in a directory to the defaults. Thanks for the patches, Paul Wise. Closes: #774059, #774201 Fix shellcheck warnings and a little indentation. * sbin/update-ca-certificates.8: Correct concatenated file name in man page from certificates.crt to ca-certificates.crt. Closes: #782230 * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.4. The following certificate authorities were added (+): + "CFCA EV ROOT" + "COMODO RSA Certification Authority" + "Entrust Root Certification Authority - EC1" + "Entrust Root Certification Authority - G2" + "GlobalSign ECC Root CA - R4" + "GlobalSign ECC Root CA - R5" + "IdenTrust Commercial Root CA 1" + "IdenTrust Public Sector Root CA 1" + "S-TRUST Universal Root CA" + "Staat der Nederlanden EV Root CA" + "Staat der Nederlanden Root CA - G3" + "USERTrust ECC Certification Authority" + "USERTrust RSA Certification Authority" Closes: #762709 The following certificate authorities were removed (-): - "America Online Root Certification Authority 1" - "America Online Root Certification Authority 2" - "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" - "GTE CyberTrust Global Root" - "Thawte Premium Server CA" - "Thawte Server CA" -- Michael Shuler Sun, 26 Apr 2015 10:37:48 -0500 ** Changed in: ca-certificates (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1465243 Title: Missing root certificate "COMODO RSA Certification Authority" Status in ca-certificates package in Ubuntu: Fix Released Bug description: I think that the following certificate is missing: COMODO RSA Certification Authority Fingerprint: afe5d244a8d1194230ff479fe2f897bbcd7a8cb4 The whole certificate is attached. It's present in Mozilla CA Certificate Store: https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1465243/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1425710] Re: can install or remove any applications
What does this have to do with ca-certificates? Marked incomplete. ** Changed in: ca-certificates (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1425710 Title: can install or remove any applications Status in ca-certificates package in Ubuntu: Incomplete Bug description: when i try to install or remove applications from ubuntu software centre, it wont allow me to do so. also, update manager doesn't work at all. ANd I have to update new apps from terminal. yes, it does update from terminal by command sudo apt-get install update, but its impossible to remove unnecessary apps. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1425710/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1394771] Re: package ca-certificates 20141019 failed to install/upgrade: Trigger bilden eine Schleife, aufgegeben
I looked at the logs and see no issue with the ca-certificates package install. Please, post the specific ca-certificates install error, if I missed it. (I do not speak German, but did find what looks like all the normal package install states in the logs) ** Changed in: ca-certificates (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1394771 Title: package ca-certificates 20141019 failed to install/upgrade: Trigger bilden eine Schleife, aufgegeben Status in “ca-certificates” package in Ubuntu: Invalid Bug description: I tried upgrading from utopic to vivid. The upgrade failed. i hope the collected information is useful. ProblemType: Package DistroRelease: Ubuntu 15.04 Package: ca-certificates 20141019 ProcVersionSignature: Ubuntu 3.16.0-24.32-generic 3.16.4 Uname: Linux 3.16.0-24-generic i686 ApportVersion: 2.14.7-0ubuntu10 Architecture: i386 Date: Thu Nov 20 22:54:16 2014 DuplicateSignature: package:ca-certificates:20141019:Trigger bilden eine Schleife, aufgegeben ErrorMessage: Trigger bilden eine Schleife, aufgegeben InstallationDate: Installed on 2014-03-16 (249 days ago) InstallationMedia: Xubuntu 14.04 LTS "Trusty Tahr" - Alpha i386 (20140316) PackageArchitecture: all SourcePackage: ca-certificates Title: package ca-certificates 20141019 failed to install/upgrade: Trigger bilden eine Schleife, aufgegeben UpgradeStatus: Upgraded to vivid on 2014-11-20 (0 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1394771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1283997] Re: terena ssl certificate issue
I'm marking this as Invalid, since we've established that with a current version of ca-certificates, the connection is fine. I don't know how backports are done in Ubuntu, since I work primarily in Debian and just look at bug reports in launchpad from time to time. I imagine that if you install the 14.10 package version of ca-certificates on 14.04 you should be just fine. -- Michael ** Changed in: ca-certificates (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1283997 Title: terena ssl certificate issue Status in “ca-certificates” package in Ubuntu: Invalid Bug description: The problem is explained here: https://answers.launchpad.net/ubuntu/+question/244372 The easiest way to reproduce it is to try to clone any git repository for example. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1283997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1359695] Re: Missing "Microsoft Root Certificate Authority" cert
Have Microsoft go through the Mozilla CA Inclusion process :) All the CA certificates in the ca-certificates package come from Mozilla, and one CA certificate from SPI, which is a Debian Trusted Organization. ** Changed in: ca-certificates (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1359695 Title: Missing "Microsoft Root Certificate Authority" cert Status in “ca-certificates” package in Ubuntu: Invalid Bug description: There is no Microsoft Root Certificate Authority cert present. Microsoft Root Certificate Authority SHA1: cdd4eeae6000ac7f40c3802c171e30148030c072 RSA 4096 bits / SHA1withRSA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1359695/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1365913] Re: ca-certificates installing a link to libnss3.so in root directory
** Package changed: ca-certificates (Ubuntu) => ca-certificates-java (Ubuntu) ** Tags removed: ca-certificates -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1365913 Title: ca-certificates installing a link to libnss3.so in root directory Status in “ca-certificates-java” package in Ubuntu: New Bug description: I have found a link to /usr/lib/x86_64-linux-gnu/libnss3.so located in my root directory. It was created Mar 25, 2014, at the same moment that the package ca-certificates was being updated. A similar bug was reported on the Debian bug tracker in 2012, for the package ca-certificates-java: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688415 I'm running ubuntu 12.04. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1365913/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp