COMODO certificates

FWIW I downloaded the debian 7 ca-certificates package and extracted the missing files and copied them to /usr/share/ca-certificates/mozilla. That fixed all the problems. It took those two above and all the ones named Add* to fix it. There are a LOT more certificates in the debian version of this package. I think netgear left a bunch out for some reason and the netgear1 version of the package is deemed newer. I'm afraid to uninstall the netgear1 version and install the debian one because there must be a reason netgear modified it.

Update: Can someone submit this as a bug? Addons that download things don't work very well. Netgear really should include the full set of certificates. I used shell commands to populate all the bad links that the netgear package installed from the full set of files in the debian distribution and there were dozens missing. If you have colorizing turned on just do a ls of /etc/ssl/certs. It's all the red ones :-).

steve

Hi Steve,

Can you pl post the links to the download? New to Linux

Thanks,
Arpan

Well it's been a few weeks and this is probably not the best way to do this. It might be ok to just install it but I don't know what netgear did so I just wanted the missing cert files. I ran apt-get with the -d download only option.

apt-get -d install ca-certificates=20130119+deb7u1

That puts the right kit in /var/cache/apt/archives. You can unpack it to some directory you've created with dpkg -x.

dpkg -x filename.deb ~/certs

(I don't remember what the deb filename was).

Then it is a matter of restoring the missing files. I was being cautious and didn't want to overwrite anything. So I wrote a find/exec statement that would find links with missing files in /etc/ssl/certs and then copy the file. All the missing files were needed in /usr/share/ca-certificates/mozilla. So with hindsight I think you could just populate that directory without overwriting existing files and get all the ones that are missing. Make sure owner and permissions of the new files are the same as the ones already there.

steve

Steve,

I'm having similar issues with SSL certificates in any app that's using SSL, not just SB. Your last paragraph is somewhat vague to me. Can you elaborate on the exec statement/replacement bit for a Linux newbie please?

Many more issues with this thing and I may just go out and buy a W4000+ instead.

;)

Basically if you get the package extracted then find the mozilla directory within it and just do:

cp -n mozilla/* /usr/share/ca-certificates/mozilla

-n means don't overwrite. So it will just add all the missing files.

steve

Cheers for that. Will give it a go.

I just noticed the same after upgrading from 6.1.9 to 6.2.2. Snooped around my /etc/ssl/certs directory and noticed NONE of the symlinks existed. These were all pointing to /usr/share/ca-certificates/mozilla/ which is updated by the package "ca-certificates". Sure enough I see a netgear specific package for this, so I downgraded to the last debian packaged version.

sudo apt-get install ca-certificates=20130119+deb7u1

I don't know why netgear would remove practically all the known certificate authorities... but likely that's why you might be experience SSL cert issues in various programs. I took a look inside the netgear derived package "ca-certificates_20140325.netgear1_all", and sure enough it only has Verisign and Entrust CA certs. So why has this package been around since March 2014? Just waiting to singularly b0rk everyones installs? I could understand if it was something recent from the 6.2.2 update...but March 2014?!

That's probably easier, I was just worried there must be something in that netgear version I was afraid to lose :-). I have no idea why they did this. Programs like sickbeard and headphones are virtually useless without these certs.

steve