Comments (17)
Issue still there after swupd update, certificates broken again:
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo swupd update swupd-client software update 3.14.3 Copyright (C) 2012-2017 Intel Corporation Update started. Attempting to download version string to memory Preparing to update from 20310 to 20320 Downloading packs... Extracting os-core pack for version 20320 ...100% Statistics for going from version 20310 to version 20320: changed bundles : 1 new bundles : 0 deleted bundles : 0 changed files : 3 new files : 0 deleted files : 0 Starting download of remaining update content. This may take a while... ...100% Finishing download of update content... Staging file content Applying update ...100% Update was applied. Calling post-update helper scripts. Update took 14.8 seconds Update successful. System updated from version 20310 to version 20320 utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo flatpak update Looking for updates... Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate Warning: Can't find dependencies: Unacceptable TLS certificate Warning: Problem looking for related refs: Unacceptable TLS certificate ^C utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ git clone https://www.github.com Cloning into 'www.github.com'... fatal: unable to access 'https://www.github.com/': SSL certificate problem: unable to get local issuer certificate
I don't know if flatpak or swupd broke but i didn't installed anything or modified files under root directory since 4-5 days before issue started.
from distribution.
fixed with downloading http://curl.haxx.se/ca/cacert.pem and coping the cacert.pem as ca-bundle.crt to /var/cache/ca-certs/anchors and /etc/pki/tls/certs
after that /var/cache/ca-certs/anchors/ca-bundle.crt and /etc/pki/tls/certs/ca-bundle.crt files should exist. that fixed my problem
from distribution.
I should reopen this issue since i closed by accident
from distribution.
@tuxutku, could you please try and re-run sudo clrtrust generate
.
from distribution.
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo clrtrust generate Password: WARNING: file /usr/share/ca-certs/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/LuxTrust_Global_Root_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/COMODO_RSA_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Cybertrust_Global_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Network_Solutions_Certificate_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AffirmTrust_Premium.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/EC-ACC.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/QuoVadis_Root_CA_2_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Amazon_Root_CA_1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GeoTrust_Primary_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/VeriSign_Universal_Root_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/QuoVadis_Root_CA_1_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Starfield_Root_Certificate_Authority_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GlobalSign_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certum_Trusted_Network_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Starfield_Class_2_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/USERTrust_ECC_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Microsec_e-Szigno_Root_CA_2009.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/USERTrust_RSA_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/D-TRUST_Root_Class_3_CA_2_2009.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certigna.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TWCA_Root_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/ACCVRAIZ1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Assured_ID_Root_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/QuoVadis_Root_CA_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/OpenTrust_Root_CA_G1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GlobalSign_ECC_Root_CA_-_R4.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/CFCA_EV_ROOT.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TWCA_Global_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Staat_der_Nederlanden_Root_CA_-_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SSL.com_Root_Certification_Authority_ECC.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Amazon_Root_CA_4.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/certSIGN_ROOT_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Entrust_Root_Certification_Authority_-_EC1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Visa_eCommerce_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Go_Daddy_Root_Certificate_Authority_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/OISTE_WISeKey_Global_Root_GA_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/ComSign_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SZAFIR_ROOT_CA2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Amazon_Root_CA_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GlobalSign_Root_CA_-_R3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TrustCor_RootCert_CA-1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Deutsche_Telekom_Root_CA_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/T-TeleSec_GlobalRoot_Class_3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Camerfirma_Global_Chambersign_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/OpenTrust_Root_CA_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TrustCor_ECA-1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AffirmTrust_Premium_ECC.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SSL.com_EV_Root_Certification_Authority_ECC.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SwissSign_Gold_CA_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certum_Trusted_Network_CA_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_High_Assurance_EV_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AC_RAIZ_FNMT-RCM.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Taiwan_GRCA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/E-Tugra_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/QuoVadis_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Assured_ID_Root_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Comodo_AAA_Services_root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/COMODO_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Actalis_Authentication_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certplus_Root_CA_G1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Global_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/thawte_Primary_Root_CA_-_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Chambers_of_Commerce_Root_-_2008.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GeoTrust_Primary_Certification_Authority_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/ePKI_Root_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/QuoVadis_Root_CA_3_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TC_TrustCenter_Class_3_CA_II.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Assured_ID_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AffirmTrust_Commercial.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/XRamp_Global_CA_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Secure_Global_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Sonera_Class_2_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/OpenTrust_Root_CA_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AC_Raíz_Certicámara_S.A..crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TrustCor_RootCert_CA-2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DST_ACES_CA_X6.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Trustis_FPS_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GeoTrust_Universal_CA_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/EE_Certification_Centre_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/TeliaSonera_Root_CA_v1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certplus_Root_CA_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SSL.com_Root_Certification_Authority_RSA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Buypass_Class_2_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Hongkong_Post_Root_CA_1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/IdenTrust_Public_Sector_Root_CA_1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Global_Root_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SecureTrust_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Atos_TrustedRoot_2011.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GeoTrust_Primary_Certification_Authority_-_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GeoTrust_Global_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/S-TRUST_Universal_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Starfield_Services_Root_Certificate_Authority_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/T-TeleSec_GlobalRoot_Class_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/D-TRUST_Root_CA_3_2013.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AddTrust_External_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GeoTrust_Universal_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DST_Root_CA_X3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Camerfirma_Chambers_of_Commerce_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/CA_Disig_Root_R2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Go_Daddy_Class_2_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Amazon_Root_CA_3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/thawte_Primary_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Izenpe.com.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/IdenTrust_Commercial_Root_CA_1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Staat_der_Nederlanden_Root_CA_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/ISRG_Root_X1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/OISTE_WISeKey_Global_Root_GB_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AddTrust_Low-Value_Services_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SwissSign_Silver_CA_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Global_Chambersign_Root_-_2008.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Staat_der_Nederlanden_EV_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Security_Communication_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/CA_Disig_Root_R1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Entrust.net_Premium_2048_Secure_Server_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Swisscom_Root_CA_2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Trusted_Root_G4.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/QuoVadis_Root_CA_3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GlobalSign_ECC_Root_CA_-_R5.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Buypass_Class_3_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Entrust_Root_Certification_Authority_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/thawte_Primary_Root_CA_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SwissSign_Platinum_CA_-_G2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Security_Communication_RootCA2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Entrust_Root_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Baltimore_CyberTrust_Root.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/SecureSign_RootCA11.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/UTN_USERFirst_Email_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certinomis_-_Root_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Security_Communication_EV_RootCA1.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GlobalSign_Root_CA_-_R2.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/Certplus_Class_2_Primary_CA.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/DigiCert_Global_Root_G3.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/GDCA_TrustAUTH_R5_ROOT.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/COMODO_ECC_Certification_Authority.crt is not a certificate WARNING: file /usr/share/ca-certs/trusted/AffirmTrust_Networking.crt is not a certificate Trust store generated at /var/cache/ca-certs utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ git clone --recursive https://github.com/gpac/gpac.git Cloning into 'gpac'... fatal: unable to access 'https://github.com/gpac/gpac.git/': SSL certificate problem: unable to get local issuer certificate
still can't use git but can use flatpak, need to mention that i could run flatpak after manually downloading ca-bundle.crt
from distribution.
@tuxutku, could you post the content of any of the *.crt file here? the error means that running openssl x509
fails on the certificates installed in /usr/share/ca-certs/trusted
. i cannot reproduce this on my system.
after you do, please try running sudo swupd verify --fix
(it should fix any deviations in your /usr/
tree) and then try generating the trust store again with sudo clrtrust generate
.
from distribution.
i can't run
sudo swupd verify --fix
since i have manualy removed qt5 and other programs because of incompatible binaries, it will take my days to reinstall then remove these, and i will lose lots of my free time, i will try to find another way to fix this
from distribution.
@tuxutku So this is a little odd to do but you can try running:
swupd verify --install -p /path/to/tmp/root -m $your-clear-linux-version && swupd bundle-add -p /path/to/tmp/root network-basic
Which will give you the certs in /path/to/tmp/root/usr/share/ca-certs/trusted that you could then compare to your system (and copy over/replace as needed).
from distribution.
@tuxutku, we cannot reproduce the issue, so without your help it's hard to get to the root cause of this. it sounds like you manually modified files in /usr
, i'm wondering if you could run:
openssl x509 -in /usr/share/ca-certs/trusted/AffirmTrust_Networking.crt -noout -fingerprint -sha1
to see if openssl
on your system is still functional. if it's not, then that is the issue.
you can also use pre-built store, to do that: sudo rm -rf /var/cache/ca-certs; mv /usr/share/ca-certs/.prebuilt-store /var/cache/ca-certs
. this will resolve your connectivity issues for now (unless the installed certificates are really broken).
from distribution.
when i was building another program it required openssl bu it wasn't installed, so i installed opessl to /usr/local. installation of openssl or update and reboot after that broke it.
when i will go to home i will look to this but now i am not at my home, after 6 to 10 hours i can be at my home
from distribution.
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ openssl x509 -in /usr/share/ca-certs/trusted/AffirmTrust_Networking.crt -noout -fingerprint -sha1 SHA1 Fingerprint=29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ ls -l /usr/share/ca-certs/trusted total 616 -rw-r--r-- 2 root root 2772 Jan 13 2017 ACCVRAIZ1.crt -rw-r--r-- 2 root root 2281 Jan 13 2017 AC_Raíz_Certicámara_S.A..crt -rw-r--r-- 1 root root 1972 Jan 13 2017 AC_RAIZ_FNMT-RCM.crt -rw-r--r-- 2 root root 2049 Jan 13 2017 Actalis_Authentication_Root_CA.crt -rw-r--r-- 2 root root 1521 Sep 14 19:49 AddTrust_External_Root.crt -rw-r--r-- 2 root root 1480 Jan 13 2017 AddTrust_Low-Value_Services_Root.crt -rw-r--r-- 2 root root 1204 Jan 13 2017 AffirmTrust_Commercial.crt -rw-r--r-- 2 root root 1204 Jan 13 2017 AffirmTrust_Networking.crt -rw-r--r-- 2 root root 1891 Jan 13 2017 AffirmTrust_Premium.crt -rw-r--r-- 2 root root 753 Jan 13 2017 AffirmTrust_Premium_ECC.crt -rw-r--r-- 1 root root 1188 Jan 13 2017 Amazon_Root_CA_1.crt -rw-r--r-- 1 root root 1883 Jan 13 2017 Amazon_Root_CA_2.crt -rw-r--r-- 1 root root 656 Jan 13 2017 Amazon_Root_CA_3.crt -rw-r--r-- 1 root root 737 Jan 13 2017 Amazon_Root_CA_4.crt -rw-r--r-- 2 root root 1261 Jan 13 2017 Atos_TrustedRoot_2011.crt -rw-r--r-- 2 root root 2167 Jan 13 2017 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -rw-r--r-- 2 root root 1261 Jan 13 2017 Baltimore_CyberTrust_Root.crt -rw-r--r-- 2 root root 1915 Jan 13 2017 Buypass_Class_2_Root_CA.crt -rw-r--r-- 2 root root 1915 Jan 13 2017 Buypass_Class_3_Root_CA.crt -rw-r--r-- 2 root root 1935 Jan 13 2017 CA_Disig_Root_R1.crt -rw-r--r-- 2 root root 1935 Jan 13 2017 CA_Disig_Root_R2.crt -rw-r--r-- 2 root root 1704 Jan 13 2017 Camerfirma_Chambers_of_Commerce_Root.crt -rw-r--r-- 2 root root 1716 Jan 13 2017 Camerfirma_Global_Chambersign_Root.crt -rw-r--r-- 2 root root 1330 Jan 13 2017 Certigna.crt -rw-r--r-- 2 root root 1992 Jan 13 2017 Certinomis_-_Root_CA.crt -rw-r--r-- 2 root root 1298 Jan 13 2017 Certplus_Class_2_Primary_CA.crt -rw-r--r-- 2 root root 1939 Jan 13 2017 Certplus_Root_CA_G1.crt -rw-r--r-- 2 root root 794 Jan 13 2017 Certplus_Root_CA_G2.crt -rw-r--r-- 2 root root 1176 Jan 13 2017 certSIGN_ROOT_CA.crt -rw-r--r-- 2 root root 1119 Jan 13 2017 Certum_Root_CA.crt -rw-r--r-- 2 root root 2078 Jan 13 2017 Certum_Trusted_Network_CA_2.crt -rw-r--r-- 2 root root 1354 Jan 13 2017 Certum_Trusted_Network_CA.crt -rw-r--r-- 2 root root 1984 Jan 13 2017 CFCA_EV_ROOT.crt -rw-r--r-- 2 root root 2594 Jan 13 2017 Chambers_of_Commerce_Root_-_2008.crt -rw-r--r-- 2 root root 1517 Jan 13 2017 Comodo_AAA_Services_root.crt -rw-r--r-- 2 root root 1489 Jan 13 2017 COMODO_Certification_Authority.crt -rw-r--r-- 2 root root 940 Jan 13 2017 COMODO_ECC_Certification_Authority.crt -rw-r--r-- 2 root root 2086 Jan 13 2017 COMODO_RSA_Certification_Authority.crt -rw-r--r-- 2 root root 1302 Jan 13 2017 ComSign_CA.crt -rw-r--r-- 2 root root 1318 Jan 13 2017 Cybertrust_Global_Root.crt -rw-r--r-- 2 root root 1318 Jan 13 2017 Deutsche_Telekom_Root_CA_2.crt -rw-r--r-- 2 root root 1350 Jan 13 2017 DigiCert_Assured_ID_Root_CA.crt -rw-r--r-- 2 root root 1306 Jan 13 2017 DigiCert_Assured_ID_Root_G2.crt -rw-r--r-- 2 root root 851 Jan 13 2017 DigiCert_Assured_ID_Root_G3.crt -rw-r--r-- 2 root root 1338 Jan 13 2017 DigiCert_Global_Root_CA.crt -rw-r--r-- 2 root root 1294 Jan 13 2017 DigiCert_Global_Root_G2.crt -rw-r--r-- 2 root root 839 Oct 25 01:59 DigiCert_Global_Root_G3.crt -rw-r--r-- 2 root root 1367 Sep 14 19:49 DigiCert_High_Assurance_EV_Root_CA.crt -rw-r--r-- 2 root root 1988 Jan 13 2017 DigiCert_Trusted_Root_G4.crt -rw-r--r-- 2 root root 1460 Jan 13 2017 DST_ACES_CA_X6.crt -rw-r--r-- 2 root root 1200 Jan 13 2017 DST_Root_CA_X3.crt -rw-r--r-- 1 root root 1468 Jan 13 2017 D-TRUST_Root_CA_3_2013.crt -rw-r--r-- 2 root root 1517 Jan 13 2017 D-TRUST_Root_Class_3_CA_2_2009.crt -rw-r--r-- 2 root root 1537 Jan 13 2017 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -rw-r--r-- 2 root root 1911 Jan 13 2017 EC-ACC.crt -rw-r--r-- 2 root root 1452 Jan 13 2017 EE_Certification_Centre_Root_CA.crt -rw-r--r-- 2 root root 1505 Jan 13 2017 Entrust.net_Premium_2048_Secure_Server_CA.crt -rw-r--r-- 2 root root 1643 Jan 13 2017 Entrust_Root_Certification_Authority.crt -rw-r--r-- 2 root root 1090 Jan 13 2017 Entrust_Root_Certification_Authority_-_EC1.crt -rw-r--r-- 2 root root 1533 Jan 13 2017 Entrust_Root_Certification_Authority_-_G2.crt -rw-r--r-- 2 root root 2033 Jan 13 2017 ePKI_Root_Certification_Authority.crt -rw-r--r-- 2 root root 2244 Jan 13 2017 E-Tugra_Certification_Authority.crt -rw-r--r-- 1 root root 1980 Jan 13 2017 GDCA_TrustAUTH_R5_ROOT.crt -rw-r--r-- 2 root root 1216 Jan 13 2017 GeoTrust_Global_CA.crt -rw-r--r-- 2 root root 1269 Jan 13 2017 GeoTrust_Primary_Certification_Authority.crt -rw-r--r-- 2 root root 989 Jan 13 2017 GeoTrust_Primary_Certification_Authority_-_G2.crt -rw-r--r-- 2 root root 1444 Jan 13 2017 GeoTrust_Primary_Certification_Authority_-_G3.crt -rw-r--r-- 2 root root 1939 Jan 13 2017 GeoTrust_Universal_CA_2.crt -rw-r--r-- 2 root root 1935 Jan 13 2017 GeoTrust_Universal_CA.crt -rw-r--r-- 2 root root 2585 Jan 13 2017 Global_Chambersign_Root_-_2008.crt -rw-r--r-- 2 root root 713 Jan 13 2017 GlobalSign_ECC_Root_CA_-_R4.crt -rw-r--r-- 2 root root 794 Jan 13 2017 GlobalSign_ECC_Root_CA_-_R5.crt -rw-r--r-- 2 root root 1261 Sep 14 19:49 GlobalSign_Root_CA.crt -rw-r--r-- 2 root root 1354 Jan 13 2017 GlobalSign_Root_CA_-_R2.crt -rw-r--r-- 2 root root 1229 Jan 13 2017 GlobalSign_Root_CA_-_R3.crt -rw-r--r-- 2 root root 1448 Jan 13 2017 Go_Daddy_Class_2_CA.crt -rw-r--r-- 2 root root 1367 Jan 13 2017 Go_Daddy_Root_Certificate_Authority_-_G2.crt -rw-r--r-- 2 root root 1017 Jan 13 2017 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -rw-r--r-- 2 root root 1513 Jan 13 2017 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -rw-r--r-- 2 root root 2155 Jan 13 2017 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -rw-r--r-- 2 root root 1168 Jan 13 2017 Hongkong_Post_Root_CA_1.crt -rw-r--r-- 2 root root 1923 Jan 13 2017 IdenTrust_Commercial_Root_CA_1.crt -rw-r--r-- 2 root root 1931 Jan 13 2017 IdenTrust_Public_Sector_Root_CA_1.crt -rw-r--r-- 2 root root 1939 Jan 13 2017 ISRG_Root_X1.crt -rw-r--r-- 2 root root 2122 Jan 13 2017 Izenpe.com.crt -rw-r--r-- 1 root root 2057 Jan 13 2017 LuxTrust_Global_Root_2.crt -rw-r--r-- 2 root root 1460 Jan 13 2017 Microsec_e-Szigno_Root_CA_2009.crt -rw-r--r-- 2 root root 1476 Jan 13 2017 'NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt' -rw-r--r-- 2 root root 1411 Jan 13 2017 Network_Solutions_Certificate_Authority.crt -rw-r--r-- 2 root root 1428 Jan 13 2017 OISTE_WISeKey_Global_Root_GA_CA.crt -rw-r--r-- 2 root root 1346 Jan 13 2017 OISTE_WISeKey_Global_Root_GB_CA.crt -rw-r--r-- 2 root root 1944 Jan 13 2017 OpenTrust_Root_CA_G1.crt -rw-r--r-- 2 root root 1944 Jan 13 2017 OpenTrust_Root_CA_G2.crt -rw-r--r-- 2 root root 798 Jan 13 2017 OpenTrust_Root_CA_G3.crt -rw-r--r-- 2 root root 1923 Jan 13 2017 QuoVadis_Root_CA_1_G3.crt -rw-r--r-- 2 root root 2041 Jan 13 2017 QuoVadis_Root_CA_2.crt -rw-r--r-- 2 root root 1923 Jan 13 2017 QuoVadis_Root_CA_2_G3.crt -rw-r--r-- 2 root root 2354 Jan 13 2017 QuoVadis_Root_CA_3.crt -rw-r--r-- 2 root root 1923 Jan 13 2017 QuoVadis_Root_CA_3_G3.crt -rw-r--r-- 2 root root 2078 Jan 13 2017 QuoVadis_Root_CA.crt -rw-r--r-- 2 root root 1354 Jan 13 2017 Secure_Global_CA.crt -rw-r--r-- 2 root root 1249 Jan 13 2017 SecureSign_RootCA11.crt -rw-r--r-- 2 root root 1350 Jan 13 2017 SecureTrust_CA.crt -rw-r--r-- 2 root root 1269 Jan 13 2017 Security_Communication_EV_RootCA1.crt -rw-r--r-- 2 root root 1261 Jan 13 2017 Security_Communication_RootCA2.crt -rw-r--r-- 2 root root 1224 Jan 13 2017 Security_Communication_Root_CA.crt -rw-r--r-- 2 root root 1143 Jan 13 2017 Sonera_Class_2_Root_CA.crt -rw-r--r-- 1 root root 956 Jan 13 2017 SSL.com_EV_Root_Certification_Authority_ECC.crt -rw-r--r-- 1 root root 2114 Jan 13 2017 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -rw-r--r-- 1 root root 944 Jan 13 2017 SSL.com_Root_Certification_Authority_ECC.crt -rw-r--r-- 1 root root 2094 Jan 13 2017 SSL.com_Root_Certification_Authority_RSA.crt -rw-r--r-- 2 root root 1948 Jan 13 2017 Staat_der_Nederlanden_EV_Root_CA.crt -rw-r--r-- 2 root root 2069 Jan 13 2017 Staat_der_Nederlanden_Root_CA_-_G2.crt -rw-r--r-- 2 root root 1952 Jan 13 2017 Staat_der_Nederlanden_Root_CA_-_G3.crt -rw-r--r-- 2 root root 1468 Jan 13 2017 Starfield_Class_2_CA.crt -rw-r--r-- 2 root root 1399 Jan 13 2017 Starfield_Root_Certificate_Authority_-_G2.crt -rw-r--r-- 2 root root 1424 Jan 13 2017 Starfield_Services_Root_Certificate_Authority_-_G2.crt -rw-r--r-- 2 root root 1395 Jan 13 2017 S-TRUST_Universal_Root_CA.crt -rw-r--r-- 2 root root 2090 Jan 13 2017 Swisscom_Root_CA_2.crt -rw-r--r-- 2 root root 2045 Jan 13 2017 SwissSign_Gold_CA_-_G2.crt -rw-r--r-- 2 root root 2057 Jan 13 2017 SwissSign_Platinum_CA_-_G2.crt -rw-r--r-- 2 root root 2049 Jan 13 2017 SwissSign_Silver_CA_-_G2.crt -rw-r--r-- 1 root root 981 Jan 13 2017 Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.crt -rw-r--r-- 1 root root 1436 Jan 13 2017 Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.crt -rw-r--r-- 1 root root 981 Jan 13 2017 Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.crt -rw-r--r-- 1 root root 1436 Jan 13 2017 Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.crt -rw-r--r-- 2 root root 1257 Jan 13 2017 SZAFIR_ROOT_CA2.crt -rw-r--r-- 2 root root 1948 Jan 13 2017 Taiwan_GRCA.crt -rw-r--r-- 2 root root 1679 Jan 13 2017 TC_TrustCenter_Class_3_CA_II.crt -rw-r--r-- 2 root root 1870 Jan 13 2017 TeliaSonera_Root_CA_v1.crt -rw-r--r-- 2 root root 1493 Jan 13 2017 thawte_Primary_Root_CA.crt -rw-r--r-- 2 root root 940 Jan 13 2017 thawte_Primary_Root_CA_-_G2.crt -rw-r--r-- 2 root root 1505 Jan 13 2017 thawte_Primary_Root_CA_-_G3.crt -rw-r--r-- 1 root root 1493 Jan 13 2017 TrustCor_ECA-1.crt -rw-r--r-- 1 root root 1513 Jan 13 2017 TrustCor_RootCert_CA-1.crt -rw-r--r-- 1 root root 2204 Jan 13 2017 TrustCor_RootCert_CA-2.crt -rw-r--r-- 2 root root 1241 Jan 13 2017 Trustis_FPS_Root_CA.crt -rw-r--r-- 2 root root 1367 Jan 13 2017 T-TeleSec_GlobalRoot_Class_2.crt -rw-r--r-- 2 root root 1367 Jan 13 2017 T-TeleSec_GlobalRoot_Class_3.crt -rw-r--r-- 1 root root 1582 Jan 13 2017 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -rw-r--r-- 2 root root 1501 Jan 13 2017 TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt -rw-r--r-- 2 root root 1883 Jan 13 2017 TWCA_Global_Root_CA.crt -rw-r--r-- 2 root root 1269 Jan 13 2017 TWCA_Root_Certification_Authority.crt -rw-r--r-- 2 root root 948 Jan 13 2017 USERTrust_ECC_Certification_Authority.crt -rw-r--r-- 2 root root 2094 Jan 13 2017 USERTrust_RSA_Certification_Authority.crt -rw-r--r-- 2 root root 1667 Jan 13 2017 UTN_USERFirst_Email_Root_CA.crt -rw-r--r-- 2 root root 1484 Jan 13 2017 Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt -rw-r--r-- 2 root root 1480 Jan 13 2017 Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt -rw-r--r-- 2 root root 1484 Jan 13 2017 Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt -rw-r--r-- 2 root root 1281 Jan 13 2017 VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt -rw-r--r-- 2 root root 1732 Jan 13 2017 VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt -rw-r--r-- 2 root root 1700 Jan 13 2017 VeriSign_Universal_Root_Certification_Authority.crt -rw-r--r-- 2 root root 1322 Jan 13 2017 Visa_eCommerce_Root.crt -rw-r--r-- 2 root root 1513 Jan 13 2017 XRamp_Global_CA_Root.crt
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ git clone https://www.github.com Cloning into 'www.github.com'... fatal: unable to access 'https://www.github.com/': SSL certificate problem: unable to get local issuer certificate
Then i did run the command you give
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo rm -rf /var/cache/ca-certs; sudo cp -r /usr/share/ca-certs/.prebuilt-store /var/cache/ca-certs
Now github works:
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ git clone https://www.github.com Cloning into 'www.github.com'... remote: Not Found fatal: repository 'https://www.github.com/' not found
Thanks for the help
from distribution.
i am not applying the fix right now for possible debugging
from distribution.
I have applied the fix again now it works again
from distribution.
@tuxutku, the trust store (the location where the certificates are stored) will be re-generated each time you update. since you installed/removed software from /usr
(we highly discourage this practice because of exactly this type of consequences), clrtrust
fails to generate the store properly. hence you will loose TLS connectivity after each update, unless you use the workaround i suggested.
i'd be happy to debug and fix the root cause of the issue for you. let me know if you have some time to debug and run some commands which would help to understand what the problem is:
- which
openssl
is used:
command -v openssl
- if
openssl
returns expected exit code:
openssl x509 -in /usr/share/ca-certs/trusted/AffirmTrust_Networking.crt -noout -fingerprint -sha1; echo $?
- finally, please run
clrtrust
in the following fashion:
sudo /usr/bin/bash -x /usr/bin/clrtrust generate >/tmp/clrtrust_out 2>&1
the output will be quite verbose, so please attach resulting file /tmp/clrtrust_out
to the post (as opposed to pasting it in).
from distribution.
After updates i could find a openssl copy in /usr/bin, so i have removed the /usr/local/bin copy and linked this one on to it:
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ command -v openssl /usr/local/bin/openssl utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo mv /usr/local/bin/openssl /usr/local/bin/openssl.old Password: utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo ln -s /usr/bin/openssl /usr/local/bin/openssl
Then i have runned the code:
utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ openssl x509 -in /usr/share/ca-certs/trusted/AffirmTrust_Networking.crt -noout -fingerprint -sha1; echo $? SHA1 Fingerprint=29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F 0 utku@clr-449e9b2a44f8458bb4885604dc172a1c ~ $ sudo /usr/bin/bash -x /usr/bin/clrtrust generate >/tmp/clrtrust_out 2>&1
from distribution.
I have updated and rebooted but flatpak still works, i am not having this issue anymore
from distribution.
Glad it worked. It does seem that your store is being generated properly now. The issue seems to be that under sudo
, clrtrust
could not find a functional version of openssl
. I have filed a couple of issues (clearlinux/clrtrust#10 and clearlinux/clrtrust#11) against clrtrust
to handle such situations better. Thank you! Please close the issue if you no longer have it.
from distribution.
Related Issues (20)
- Current kernels don't boot any longer on bare metal installations. HOT 6
- GNOME devs fixed mutter 46.0 sync issue for NVIDIA graphics HOT 12
- Revert Blender, OBS-Studio, Krita, sshfs removal HOT 1
- bemenu: empty package HOT 1
- Need to update BUG_REPORT_URL in /etc/os-release HOT 1
- `tecla` can't show Arabic keyboard layout
- SDDM does not work, CL version 41540 HOT 1
- CL 41570, 41580 performance regression HOT 6
- Recent system update to version 41580 breaks theme and designated desktop icons for mounted volumes not displayed HOT 8
- Silent boot
- Bundle request for dkms and init-rdahead-extras HOT 3
- Solaar to 1.1.12 HOT 3
- Nested /usr (/usr) /share/defaults/iproute2 HOT 2
- VMware Workstation Pro 17.5 HOT 7
- 2125258
- swupd or clr-boot-manager broken, leaving artifacts in /boot partition after kernel uninstall HOT 7
- Building a kernel takes 1.4x longer HOT 1
- Package request: passt / pasta
- Git credentials login through GNOME Keyring stopped working, `/usr/libexec/git-core/git-credential-libsecret` is missing HOT 2
- pcscd service don't start HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from distribution.