ca-certificates is broken and needs an update (#9935) · Issues · alpine / aports

ca-certificates is broken and needs an update

Alpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which is quite old and looks like it is broken:

mail server mail.amur-cit.ru:587 uses self-signed certificate, which I need to add to the list of trusted ones on Alpine for the connection to succeed.

get their certificate via this command:

openssl s_client -starttls smtp -showcerts -connect mail.amur-cit.ru:587

from the output of that command I copy 1st (well, 0th in terms of that command’s output) certificate from the certificate chain.

save it into a file on Alpine node as /usr/local/share/ca-certificates/mail.amur-cit.ru.crt
run update-ca-certificates

result:

WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping

On a Debian-based node that was enough to add the certificate to the list of trusted ones, the output there was the following:

Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.

(from redmine: issue id 9935, created on 2019-01-29, closed on 2019-01-29)

Changesets:
- Revision e52ca18a by Natanael Copa on 2019-01-29T16:26:25Z:

main/ca-certificates: upgrade to 20190108

fixes #9935

Revision ef889967 by Natanael Copa on 2019-05-27T12:31:10Z:

main/ca-certificates: upgrade to 20190108

fixes #9935

Revision acbc0e0a by Natanael Copa on 2019-05-27T12:35:15Z:

main/ca-certificates: upgrade to 20190108

fixes #9935

Alpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:

mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine for the connection to
succeed.

1. get their certificate via this command:

openssl s\_client -starttls smtp -showcerts -connect
mail.amur-cit.ru:587

from the output of that command I copy 1st (well, 0th in terms of that
command’s output) certificate from the certificate chain.

2. save it into a file on Alpine node as
/usr/local/share/ca-certificates/mail.amur-cit.ru.crt

3. run update-ca-certificates

result:

WARNING: ca-certificates.crt does not contain exactly one certificate or
CRL: skipping

On a Debian-based node that was enough to add the certificate to the
list of trusted ones, the output there was the following:

Updating certificates in /etc/ssl/certs…  
1 added, 0 removed; done.  
Running hooks in /etc/ca-certificates/update.d…  
done.

*(from redmine: issue id 9935, created on 2019-01-29, closed on 2019-01-29)*

* Changesets:
  * Revision e52ca18af87015baba0756530ff0fd6b7b6ea081 by Natanael Copa on 2019-01-29T16:26:25Z:

```
main/ca-certificates: upgrade to 20190108

fixes #9935
```

* Revision ef889967982b9e04edc9a0dbb02231e47e41f03c by Natanael Copa on 2019-05-27T12:31:10Z:

```
main/ca-certificates: upgrade to 20190108

fixes #9935
```

* Revision acbc0e0a89f2c917c5c949d5e3ece043c8a9ec58 by Natanael Copa on 2019-05-27T12:35:15Z:

```
main/ca-certificates: upgrade to 20190108

fixes #9935
```

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information