2

I have some self-signed certificates located in /mnt/raid/ssl that I would like to add to my /usr/share/ca-certificates. So far I've tried the following:

  1. sudo ln -s /mnt/raid/ssl /usr/share/ca-certificates/extra
  2. sudo dpkg-reconfigure ca-certificates # certificates under ./extra don't appear
  3. sudo update-ca-certificates

The output to step 3 is as follows:

$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.

What am I missing?

Louis Thibault
  • 1,217
  • I'm not 100% sure, but I think that subdirectories containing certificates will not be processed. Maybe try to symlink the certificates separate in the top level directory. – radriaanse Jun 29 '15 at 12:51
  • @remyseroos, this is surprising since there are two directories in /usr/share/ca-certificates/extra: mozilla and spi-inc.org. I've also seen several tutorials that recommend creating an extra directory for self-signed certs. – Louis Thibault Jun 29 '15 at 12:54
  • Try copying the directory in directly? It may be a case that the symlinks aren't followed – Thomas Ward Jun 29 '15 at 16:18
  • @ThomasW., the whole point is to store the directory on the RAID array, so I'd rather avoid that solution if at all possible. – Louis Thibault Jun 29 '15 at 16:28
  • @blz I meant temporarily, to see if that is the case, not as a long term solution – Thomas Ward Jun 29 '15 at 16:29
  • @ThomasW. Ah, okay, sorry! Yes, copying the directory to /usr/share/ca-certificates works just fine. – Louis Thibault Jun 29 '15 at 16:32
  • Hmm, this looks related; https://serverfault.com/questions/585038/why-do-i-need-to-create-symbolic-links-for-certificates – radriaanse Jun 29 '15 at 19:18

1 Answers1

1

Try placing them in (a subdirectory of) /usr/local/share/ca-certificates instead of /usr/share/ca-certificates. That location is also mentioned in /usr/share/doc/ca-certificates/README.Debian (on Debian 8 Jessie).

Peter Nowee
  • 336