Package: ca-certificates-java Version: 20090629 Severity: important [Read to end for why install fails. If it looks like some previous error of mine breaks keytool, please close this bug.]
This system here trusts the A-Cert root authority. I dont remember how I did install the certificate back then. Below /etc/ssl/ these two files exist: # ls -l /etc/ssl/certs/a-cert.pem lrwxrwxrwx 1 root root 37 Feb 26 12:34 /etc/ssl/certs/a-cert.pem -> /usr/share/ca-certificates/a-cert.crt # ls -l /etc/ssl/certs/cdd7aee7.0 lrwxrwxrwx 1 root root 10 May 25 2008 /etc/ssl/certs/cdd7aee7.0 -> a-cert.pem postinst from the package fails like this: # ./postinst configure [...] + keytool -importcert -trustcacerts -keystore /etc/ssl/certs/java/cacerts -noprompt -storepass changeit -alias a_cert -file /usr/share/ca-certificates/a-cert.crt + grep -q 'Signature not available' /tmp/fileF2xI64 + echo ' error adding a-cert.crt' error adding a-cert.crt [...] just running # keytool -importcert -trustcacerts -keystore /etc/ssl/certs/java/cacerts -noprompt -storepass changeit -alias a_cert -file /usr/share/ca-certificates/a-cert.crt fails with: keytool error: java.lang.Exception: Input not an X.509 certificate that file's contents start with a comment-line: # A-CERT ADVANCED Selfsigned Zertifikat -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- removing the comment from the first line lets me add the cert. so this is either a bug in keytool or the cert does not conform to some standard, which I do not know. keytool also fails, when I reget the file from here: http://www.a-cert.at/static/a-cert-advanced.crt Regards Peter -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ca-certificates-java depends on: ii ca-certificates 20090709 Common CA certificates ii sun-java6-jre [java6-runtime- 6-14-1 Sun Java(TM) Runtime Environment ( ca-certificates-java recommends no packages. ca-certificates-java suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
