Comment 10 for bug 855171

So we had to update ca-certificates to call c_rehash over the /etc/ssl/certs directory to fix bad symlinks, and this seems to have exposed a bug in ca-certificates-java: /etc/ca-certificates/update.d/jks-keystore is removing the system libnss3.so from users' systems on failure due to a wrong path.

The fix for ca-certificates-java has been uploaded to the archive and will be published ASAP.