Peer's certificate issuer is unknown while certificates have been added
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 21 17:14:29 CEST 2012
On 09/20/2012 05:55 PM, Daniel Kahn Gillmor wrote:
> That said, if you *do* want to add trusted root CAs to a debian-derived
> system that aren't already shipped in the ca-certificates package, you
> probably don't want to tamper with the contents of
> /usr/share/ca-certificates directly. That part of the filesystem is
> controlled by the ca-certificates package.
> Instead, for any CA that you want to add to a system as the admin, you
> only need to drop a world-readable PEM-encoded file containing the CA's
> certificate into /usr/share/ca-certificates/, and then re-run
> "update-ca-certificates" as the superuser. This will create links
> properly under /etc/ssl/certs, and will include them in
gah -- the above is wrong in a very confusing way, apologies!
is controlled by the ca-certificates package.
But the local system administrator has free reign over:
note the "/local/", which i sloppily left out of my original next.
files in the latter directory are automatically added to the system
default list of trusted root authorities whenever update-ca-certificates
sorry for adding to the confusion,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Gnutls-help