Problem: My local certificates where removed during an update
We upgraded out Univention UCS recently and all my local certificates I added under /etc/ssl where removed:
Setting up ca-certificates (20200601~deb9u1) ... Updating certificates in /etc/ssl/certs... 15 added, 40 removed; done.
Before the certificates where there:
root@ucs:~ # ls -al /etc/ssl rw-r--r-- 1 root root 1392 Aug 15 2019 domca.crt.pem lrwxrwxrwx 1 root root 13 Aug 15 2019 6cfb734c.0 -> domca.crt.pem -rw-r--r-- 1 root root 1298 Aug 15 2019 ADDOMRootCA.pem -rw-r--r-- 1 root root 1299 Aug 15 2019 addom-dom.de.chain.root.ca
Univention UCS maintains the certificates for its own domain under
/etc/univention/ssl. The directory
/etc/ssl is used by the operating system for official CAs and certificates. It is updated and cleaned regularly through updates.
Additional certificates should be placed at
dpkg-reconfigure ca-certificates will rewrite
update-ca-certificates will look for public certificates and will update or remove certificates in
/etc/sslaccording to the .conf file.
In case you will put your own certificates in the file it will be overwritten by
dpkg-reconfigure ca during an update.
Put your additional certificates under
/usr/share/ca-certificates thus they will be included when
update-ca-certificates is running.