如何从系统中删除证书颁发机构的证书?

Joh*_*lla 18 certificates

ca-certificates软件包刚刚更新,它在我的 Xubuntu 13.10 系统上引起了以下更改:

Running hooks in /etc/ca-certificates/update.d....
Adding debian:CA_Disig_Root_R1.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:China_Internet_Network_Information_Center_EV_Certificates_Root.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:PSCProcert.pem
Adding debian:StartCom_Certification_Authority_2.pem
Adding debian:Swisscom_Root_CA_2.pem
Adding debian:Swisscom_Root_EV_CA_2.pem
Adding debian:TURKTRUST_Certificate_Services_Provider_Root_2007.pem
Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem
Removing debian:cacert.org_class3.pem
Removing debian:cacert.org_root.pem
Removing debian:Equifax_Secure_eBusiness_CA_2.pem
Removing debian:TC_TrustCenter_Universal_CA_III.pem
Run Code Online (Sandbox Code Playgroud)

我决定不信任其中一些 CA,并且我想删除它们的证书。我怎么做?

Flo*_*sch 31

sudo dpkg-reconfigure ca-certificates
Run Code Online (Sandbox Code Playgroud)

这应该为您提供一个列表,您可以在其中取消选择 CA。

CA 列表存储在文件中/etc/ca-certificates.conf。如果您手动编辑此文件,则需要运行

sudo update-ca-certificates
Run Code Online (Sandbox Code Playgroud)

更新实际证书/etc/ssl/certs/(如果您使用dpkg-reconfigure它是自动完成的)。

有关/usr/share/doc/ca-certificates/README.Debian更多信息,请参阅。