[BlueOnyx:15220] Re: Missing Certificate in /usr/share/ssl/certs/ca-bundle.crt
Tobias Gablunsky
tobias at gablunsky.de
Fri Apr 18 05:32:28 -05 2014
Hello Michael,
thanks for this answer - installing the intermediate cert via GUI is
exactly the hint I needed and the way I want to go - no own
customization needed.
Thanks a lot!
Tobias
Am 17.04.2014 18:58, schrieb Michael Stauber:
> Hi Tobias,
>
>> on some of our servers we use certificates from Startcom. But we have
>> the problem on every update of base-email-glue (which was quite often
>> in the last weeks) that our manually added intermediate certificate
>> is lost. Or we have to set the file immutable. But I don't like to
>> maintain more exceptions from standard than necessary.
>>
>> Is it possible to just put it into the file carried by BO per default?
>>
>> Their certificates can be downloaded here: https://www.startssl.com/certs/.
> I looked into it. base-email.mod contains this constructor:
>
> /usr/sausalito/constructor/base/email/syncEmailService.pl
>
> It is run on cced.init restart and also on updates/installs of
> base-email-* RPMs. So even on cced.init restarts or reboots you'll have
> this issue.
>
> That constructor has this command in it:
>
> /bin/cp /etc/pki/tls/certs/ca-bundle.crt /usr/share/ssl/certs/
>
> So it copies the ca-bundle.crt over to usr/share/ssl/certs/.
>
> That ca-bundle.crt is provides by this RPM:
>
> [root at 5108r ~]# rpm -q --whatprovides /etc/pki/tls/certs/ca-bundle.crt
> ca-certificates-2013.1.95-65.1.el6_5.noarch
>
> Generally this should be no problem at all. If you use the GUI to
> install the intermediate. In that case it'll not be overwritten.
>
More information about the Blueonyx
mailing list