aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:15:10Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9935ca-certificates is broken and needs an update2019-07-23T11:15:10ZJohn Smithca-certificates is broken and needs an updateAlpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine ...Alpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine for the connection to
succeed.
1. get their certificate via this command:
openssl s\_client -starttls smtp -showcerts -connect
mail.amur-cit.ru:587
from the output of that command I copy 1st (well, 0th in terms of that
command’s output) certificate from the certificate chain.
2. save it into a file on Alpine node as
/usr/local/share/ca-certificates/mail.amur-cit.ru.crt
3. run update-ca-certificates
result:
WARNING: ca-certificates.crt does not contain exactly one certificate or
CRL: skipping
On a Debian-based node that was enough to add the certificate to the
list of trusted ones, the output there was the following:
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.
*(from redmine: issue id 9935, created on 2019-01-29, closed on 2019-01-29)*
* Changesets:
* Revision e52ca18af87015baba0756530ff0fd6b7b6ea081 by Natanael Copa on 2019-01-29T16:26:25Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```
* Revision ef889967982b9e04edc9a0dbb02231e47e41f03c by Natanael Copa on 2019-05-27T12:31:10Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```
* Revision acbc0e0a89f2c917c5c949d5e3ece043c8a9ec58 by Natanael Copa on 2019-05-27T12:35:15Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```3.9.0