Problem: My local certificates where removed during an update

Problem: My local certificates where removed during an update

We upgraded out Univention UCS recently and all my local certificates I added under /etc/ssl where removed:

Setting up ca-certificates (20200601~deb9u1) ...
Updating certificates in /etc/ssl/certs...
15 added, 40 removed; done.

Before the certificates where there:

root@ucs:~ # ls -al /etc/ssl
rw-r--r-- 1 root root   1392 Aug 15  2019 domca.crt.pem
lrwxrwxrwx 1 root root     13 Aug 15  2019 6cfb734c.0 -> domca.crt.pem
-rw-r--r-- 1 root root   1298 Aug 15  2019 ADDOMRootCA.pem
-rw-r--r-- 1 root root   1299 Aug 15  2019 addom-dom.de.chain.root.ca

Environment

Univention UCS maintains the certificates for its own domain under /etc/univention/ssl. The directory /etc/ssl is used by the operating system for official CAs and certificates. It is updated and cleaned regularly through updates.
Additional certificates should be placed at /usr/share/ca-certificates.
dpkg-reconfigure ca-certificates will rewrite /etc/ca-certificates.conf where update-ca-certificates will look for public certificates and will update or remove certificates in /etc/sslaccording to the .conf file.
In case you will put your own certificates in the file it will be overwritten by dpkg-reconfigure ca during an update.

Solution

Put your additional certificates under /usr/share/ca-certificates thus they will be included when update-ca-certificates is running.

This topic was automatically closed after 24 hours. New replies are no longer allowed.

Mastodon