Discussion:
OT Debian updating ssl certificates?
Tom Fowle
2016-04-08 04:41:44 UTC
Permalink
I am beginning to have ssl connections refused in lynx apparrently due to
out of date certificates.

I see the program
update-ca-certificates,
which looks as though it may do what I need, but ignorance may well lead to
disaster <GRIN>
and the program was last updated in 2003.
Is this prog what I want to do? or if not how do I do the update?
The lynx docs on updating ssl certs leavs me out of breath in a hurry!
Thanks
tom Fowle
Gregory Nowak
2016-04-08 19:31:01 UTC
Permalink
Running update-ca-certificates will only help you if you either added
to or deleted from /etc/ssl. It sounds like your ca-certificates
package may be out of date. If you haven't checked for new packages
and upgraded in a while, I would suggest doing that. I do seem to
recall that ca-certificates was one of the packages upgraded on my
debian systems a week or two ago.

Greg
Post by Tom Fowle
I am beginning to have ssl connections refused in lynx apparrently due to
out of date certificates.
I see the program
update-ca-certificates,
which looks as though it may do what I need, but ignorance may well lead to
disaster <GRIN>
and the program was last updated in 2003.
Is this prog what I want to do? or if not how do I do the update?
The lynx docs on updating ssl certs leavs me out of breath in a hurry!
Thanks
tom Fowle
_______________________________________________
Speakup mailing list
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
--
web site: http://www.gregn.net
gpg public key: http://www.gregn.net/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
If we haven't been in touch before, e-mail me before adding me to your contacts.

--
Free domains: http://www.eu.org/ or mail dns-***@EU.org
Tom Fowle
2016-04-09 05:21:54 UTC
Permalink
Greg,
thanks, I'd not gotten into the habit of doing regular update/upgrades, evil
lazy person that I am.
Will check it out.
Tom Fowle
Post by Gregory Nowak
Running update-ca-certificates will only help you if you either added
to or deleted from /etc/ssl. It sounds like your ca-certificates
package may be out of date. If you haven't checked for new packages
and upgraded in a while, I would suggest doing that. I do seem to
recall that ca-certificates was one of the packages upgraded on my
debian systems a week or two ago.
Greg
Post by Tom Fowle
I am beginning to have ssl connections refused in lynx apparrently due to
out of date certificates.
I see the program
update-ca-certificates,
which looks as though it may do what I need, but ignorance may well lead to
disaster <GRIN>
and the program was last updated in 2003.
Is this prog what I want to do? or if not how do I do the update?
The lynx docs on updating ssl certs leavs me out of breath in a hurry!
Thanks
tom Fowle
_______________________________________________
Speakup mailing list
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
--
web site: http://www.gregn.net
gpg public key: http://www.gregn.net/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
If we haven't been in touch before, e-mail me before adding me to your contacts.
--
_______________________________________________
Speakup mailing list
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
Tony Baechler
2016-04-09 10:28:58 UTC
Permalink
I'm having the same problem on both Debian and Ubuntu. Not only do I install
all package updates, but I manually installed the latest ca-certificates
from the mirror to work around this problem. Often, I'll go to sites which
work fine in Firefox but Lynx complains that the certificate can't be
verified. This is very annoying. What else can I try? The same thing happens
with wget, so it isn't a specific Lynx problem. It happens on most sites and
the certs are from known certificate authorities. I don't remember the exact
date of the latest package, but it's from 2016 and installed without errors.
Post by Gregory Nowak
Running update-ca-certificates will only help you if you either added
to or deleted from /etc/ssl. It sounds like your ca-certificates
package may be out of date. If you haven't checked for new packages
and upgraded in a while, I would suggest doing that. I do seem to
recall that ca-certificates was one of the packages upgraded on my
debian systems a week or two ago.
Gregory Nowak
2016-04-09 20:36:31 UTC
Permalink
Hmmm ... interesting. The only suggestions I can think of are to go
ahead and run update-ca-certificates. The other suggestion is to run
c_rehash on /etc/ssl/certs. If neither of those work, then I don't
know what else to suggest.

Greg
Post by Tony Baechler
I'm having the same problem on both Debian and Ubuntu. Not only do I
install all package updates, but I manually installed the latest
ca-certificates from the mirror to work around this problem. Often,
I'll go to sites which work fine in Firefox but Lynx complains that
the certificate can't be verified. This is very annoying. What else
can I try? The same thing happens with wget, so it isn't a specific
Lynx problem. It happens on most sites and the certs are from known
certificate authorities. I don't remember the exact date of the
latest package, but it's from 2016 and installed without errors.
--
web site: http://www.gregn.net
gpg public key: http://www.gregn.net/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
If we haven't been in touch before, e-mail me before adding me to your contacts.

--
Free domains: http://www.eu.org/ or mail dns-***@EU.org
Jude DaShiell
2016-04-09 22:52:42 UTC
Permalink
How many locations have certificates on the machine once these updates
get done? You could have more than one and lynx and w3m could still be
pointed at the old path location.
Date: Sat, 9 Apr 2016 06:28:58
Reply-To: Speakup is a screen review system for Linux.
Subject: Re: OT Debian updating ssl certificates?
I'm having the same problem on both Debian and Ubuntu. Not only do I install
all package updates, but I manually installed the latest ca-certificates
from the mirror to work around this problem. Often, I'll go to sites which
work fine in Firefox but Lynx complains that the certificate can't be
verified. This is very annoying. What else can I try? The same thing happens
with wget, so it isn't a specific Lynx problem. It happens on most sites and
the certs are from known certificate authorities. I don't remember the exact
date of the latest package, but it's from 2016 and installed without errors.
Post by Gregory Nowak
Running update-ca-certificates will only help you if you either added
to or deleted from /etc/ssl. It sounds like your ca-certificates
package may be out of date. If you haven't checked for new packages
and upgraded in a while, I would suggest doing that. I do seem to
recall that ca-certificates was one of the packages upgraded on my
debian systems a week or two ago.
_______________________________________________
Speakup mailing list
http://linux-speakup.org/cgi-bin/mailman/listinfo/speakup
--

Loading...