con*_*fiq 1 certificate-authority
我有两年未升级的 ubuntu 12.04 服务器。在我们决定升级它之前,它一直运行良好。
升级(apt-get upgrade)后,CA 文件/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt消失,程序无法访问Entrust Certification Authority - L1C.
知道为什么会这样吗?
这是日志:
ubuntu@ip-10-67-192-40:~$ curl -i https://api.demo.com/ #works
ubuntu@ip-10-67-192-40:~$ file /etc/ssl/certs/5f267794.0
/etc/ssl/certs/5f267794.0: symbolic link to `Entrust.net_Secure_Server_CA.pem'
ubuntu@ip-10-67-192-40:~$ file /etc/ssl/certs/Entrust.net_Secure_Server_CA.pem
/etc/ssl/certs/Entrust.net_Secure_Server_CA.pem: symbolic link to `/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt'
ubuntu@ip-10-67-192-40:~$ file /usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt: PEM certificate
ubuntu@ip-10-67-192-40:~$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
root@ip-10-67-192-40:~# apt-get update; apt-get upgrade
ubuntu@ip-10-67-192-40:~$ curl -i https://api.demo.com/ #dosen't work
看起来这是相关的变更日志条目:
ca-certificates (20140927) unstable; urgency=medium
* Update Mozilla certificate authority bundle to version 2.1.
[...]
The following certificate authorities were removed (-):
- "Entrust.net Secure Server CA"
[...]
-- Michael Shuler <michael@pbandjelly.org> Sat, 27 Sep 2014 15:14:00 -0500
快速的 DDGing 和我发现这个要求删除的mozilla 错误,并引用了另一个错误,这表明有问题的 CA 证书已被弃用,已删除所有信任位,因此已从 NSS 中删除。
鉴于该证书已于 2011 年(Firefox 6)从 NSS 中删除,并且可能在此之前的某个时间已被弃用,我想说现在为您尝试访问的站点获取新证书已经过时了。
| 归档时间: |
|
| 查看次数: |
1025 次 |
| 最近记录: |