[arch-general] ca-certificates update

mick bareman at tpg.com.au
Mon Sep 7 02:22:35 UTC 2015

After re-installing in july I'm having problems with certificates and was pointed to https://www.archlinux.org/news/ca-certificates-update/ 

ca-certificates update

2014-12-11 - Jan Steffens

The way local CA certificates are handled has changed. If you have added any locally trusted certificates:

1    Move /usr/local/share/ca-certificates/*.crt to /etc/ca-certificates/trust-source/anchors/

2    Do the same with all manually-added /etc/ssl/certs/*.pem files and rename them to *.crt
3   Instead of update-ca-certificates, run trust extract-compat

Also see man 8 update-ca-trust and trust --help.

when I tried step 2:

move /etc/ssl/certs/*.pem to /etc/ca-certificates/trust-source/anchors/ and rename them to *.crt I found

1 the mv command seems to have lost the ablity to rename files as they are moved.
2 moving or copying the *.pem file results in adirectory full of broken links.

I think the solution might be to create symlinks to the real files, located at
 /etc/ca-certificates/extracted/cadir instead of linking to link to the files but before I try that I want to be sure I wont break anything.


More information about the arch-general mailing list