升級ubuntu包後CA文件消失
我有 2 年沒有升級的 ubuntu 12.04 伺服器。在我們決定對其進行升級之前,它一直執行良好。
升級後(apt-get upgrade)CA 文件
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt
消失,程序無法訪問Entrust Certification Authority - L1C
.知道為什麼會這樣嗎?
這是日誌:
ubuntu@ip-10-67-192-40:~$ curl -i https://api.demo.com/ #works ubuntu@ip-10-67-192-40:~$ file /etc/ssl/certs/5f267794.0 /etc/ssl/certs/5f267794.0: symbolic link to
Entrust.net_Secure_Server_CA.pem' ubuntu@ip-10-67-192-40:~$ file /etc/ssl/certs/Entrust.net_Secure_Server_CA.pem /etc/ssl/certs/Entrust.net_Secure_Server_CA.pem: symbolic link to/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt' ubuntu@ip-10-67-192-40:~$ file /usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt /usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt: PEM certificate ubuntu@ip-10-67-192-40:~$ sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d....done. root@ip-10-67-192-40:~# apt-get update; apt-get upgrade ubuntu@ip-10-67-192-40:~$ curl -i https://api.demo.com/ #dosen't work
看起來這是相關的變更日誌條目:
ca-certificates (20140927) unstable; urgency=medium * Update Mozilla certificate authority bundle to version 2.1. [...] The following certificate authorities were removed (-): - "Entrust.net Secure Server CA" [...] -- Michael Shuler <michael@pbandjelly.org> Sat, 27 Sep 2014 15:14:00 -0500
快速了解一下 DDGing,我發現這個 mozilla 錯誤要求刪除,並引用了另一個錯誤,這表明有問題的 CA 證書已被棄用,已刪除所有信任位,因此已從 NSS 中刪除。
鑑於該證書已於 2011 年從 NSS(Firefox 6)中刪除,並且可能在此之前的某個時候已被棄用,我想說現在為您嘗試訪問的站點獲取新證書已經過去了。