The hash symlinks are supposed to be managed automatically by openssl. If you have a symlink like /etc/ssl/certs/f066f19f.0 -> /usr/share/debathena-ssl-certificates/mitCA.pem then it will get removed by c_rehash (which is run by update-ca-certificates).
However, if you instead make a symlink /etc/ssl/certs/mitCA.pem -> /usr/share/debathena-ssl-certificates/mitCA.pem then c_rehash will add the symlink /etc/ssl/certs/f066f19f.0 -> mitCA.pem and this will all be preserved over ca-certificates upgrades, etc. Alternatively, if you put a CA certificate in /usr/share/ca-certificates with the .crt extension, then run dpkg-reconfigure ca-certificates and tell it that you trust the new CA, it will be linked to /etc/ssl/certs appropriately and added to /etc/ssl/certs/ca-certificates.crt. So this is not a bug, although there could perhaps be better documentation. -- ca-certificates removes all users certificates in /etc/ssl/certs https://bugs.launchpad.net/bugs/114495 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs