Reply

ca-certificates issues

Nicholi
Guide

ca-certificates issues

I'm not running any of the beta builds, but this would be in regards to the 6.2.2 update (I personally found it upgrading from 6.1.9) and has possibly been around a long time. The ca-certificate package version "20140325.netgear1" has only 2 certificate authorities packaged in it, Verisign and Entrust. I'm sure if you are even mildly familiar with how cert signing works you know there are a tremendous number of root authorities that do signing, and basically get packaged in with systems/browsers. Either something in the 6.2.2 upgrade or the ca-certificate package itself removed all the previously installed CAs on my system, and then of course I wound up with only 2 (Verisign and Entrust). Resulting in an endless number of SSL handshake errors because the CA could not be verified for all the other people that don't use Verisign/Entrust. I only say this problem may have been around awhile because the package is timestamped 2014-03-25...which isn't new, 6.2.2 was only released 2014-12-24.

You can see a few examples of people with the same issue here and here
http://www.readynas.com/forum/viewtopic.php?f=35&t=78975&p=456647
http://www.readynas.com/forum/viewtopic.php?f=7&t=80349&p=456648

I'm betting there are even more that don't even know what the problem is, so really have no idea how to troubleshoot it or even describe it with the correct terms/keywords. It'd be tough to search and find them all. Seems like a huge issue to go unnoticed in my opinion. I didn't see any "certificate issues" marked as resolved in any of the new bleeding edge beta threads so I figured I'd start a new post about it. Or am I completely wrong on this and ReadyNAS just doesn't plan on supporting other CAs and that we are responsible for manually installing them? Which would be the complete opposite of what every other Linux distro does (let alone what anyone would even do on Windows/Mac).
Message 1 of 4
mdgm-ntgr
NETGEAR Employee Retired

Re: ca-certificates issues

6.2.3 beta has the same version of ca-certificates as 6.2.2
Message 2 of 4
F_L_
Aspirant

Re: ca-certificates issues

I have this issue too.
Is the solution to run
sudo apt-get install ca-certificates=20130119+deb7u1
as suggested in one of the other threads?
Message 3 of 4
Nicholi
Guide

Re: ca-certificates issues

Its either that or manually install the cert files yourself.

If you install them to /usr/local/share/ca-certificates/ they shouldn't be erased in the future, as that is outside of the system managed directories.
Message 4 of 4
Discussion stats
  • 3 replies
  • 4600 views
  • 0 kudos
  • 3 in conversation
Announcements