On Saturday 30 August 2008, Stroller wrote: > On 18 Aug 2008, at 08:04, Mick wrote: > > ... > > > >> When you updated the ca-certificates, you should have gotten a > >> postinst > >> message about broken symlinks that you need to remove. > > > > Oops! I had missed that. > > > > Looks good now: > > > > # update-ca-certificates > > Updating certificates in /etc/ssl/certs....done. > > Except that doesn't _seem_ to fix it: > > WARN: postinst > Broken symlink for a certificate at //etc/ssl/certs/SPI_CA_2006- > cacert.pem > Broken symlink for a certificate at //etc/ssl/certs/ > Verisign_Class_1_Public_Primary_OCSP_Responder.pem > Broken symlink for a certificate at //etc/ssl/certs/cacert.org.pem > Broken symlink for a certificate at //etc/ssl/certs/ > Verisign_Class_3_Public_Primary_OCSP_Responder.pem > Broken symlink for a certificate at //etc/ssl/certs/spi-ca.pem > Broken symlink for a certificate at //etc/ssl/certs/ > Verisign_Secure_Server_OCSP_Responder.pem > Broken symlink for a certificate at //etc/ssl/certs/ > Verisign_Class_2_Public_Primary_OCSP_Responder.pem > You MUST remove the above broken symlinks > > $ ls -l /etc/ssl/certs/SPI_CA_2006-cacert.pem > lrwxrwxrwx 1 root root 61 Aug 30 03:37 /etc/ssl/certs/SPI_CA_2006- > cacert.pem -> /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006- > cacert.crt > $ sudo update-ca-certificates --verbose > Updating certificates in /etc/ssl/certs....done. > $ ls -l /etc/ssl/certs/SPI_CA_2006-cacert.pem > lrwxrwxrwx 1 root root 61 Aug 30 03:37 /etc/ssl/certs/SPI_CA_2006- > cacert.pem -> /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006- > cacert.crt > $
I assume that the above links are shown as red (or whatever) indicating that the links are borked? On my machine: # ls -la /usr/share/ca-certificates/mozilla/Verisign_Secure_Server_OCSP_Responder.crt ls: cannot access /usr/share/ca-certificates/mozilla/Verisign_Secure_Server_OCSP_Responder.crt: No such file or directory # ls -la /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-cacert.crt ls: cannot access /usr/share/ca-certificates/spi-inc.org/SPI_CA_2006-cacert.crt: No such file or directory I believe that it is left as an exercise for the reader to manually remove such broken lists as your WARN message tells you: > WARN: postinst > Broken symlink for a certificate at //etc/ssl/certs/SPI_CA_2006- > cacert.pem > Broken symlink for a certificate at [snip...] > You MUST remove the above broken symlinks" Now I better go and do the same on my boxen! -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
