update from 20130906ubuntu2 to 20170717~14.04.1 fails to install the Entrust G2 cert

Bug #1743014 reported by Christoper Ting on 2018-01-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ca-certificates (Ubuntu)
Undecided
Unassigned

Bug Description

Using ubuntu 14.04 with ca-certificates 20130906ubuntu2 installed.

#lsb_release -rd
Description: Ubuntu 14.04.5 LTS
Release: 14.04

#dpkg -l | grep ca-cert
ca-certificates 20130906ubuntu2

#apt-cache policy ca-certificates
ca-certificates:
  Installed: 20130906ubuntu2
  Candidate: 20170717~14.04.1
  Version table:
     20170717~14.04.1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
 *** 20130906ubuntu2 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Upgrade the ca-certificates package

#apt-get install ca-certificates
Preparing to unpack .../ca-certificates_20170717~14.04.1_all.deb ...
Unpacking ca-certificates (20170717~14.04.1) over (20130906ubuntu2) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up ca-certificates (20170717~14.04.1) ...
Processing triggers for ca-certificates (20170717~14.04.1) ...
Updating certificates in /etc/ssl/certs... 17 added, 36 removed; done.
Running hooks in /etc/ca-certificates/update.d....
Adding debian:AC_RAIZ_FNMT-RCM.pem
Adding debian:Amazon_Root_CA_1.pem
Adding debian:Amazon_Root_CA_2.pem
Adding debian:Amazon_Root_CA_3.pem
Adding debian:Amazon_Root_CA_4.pem
Adding debian:Certplus_Root_CA_G1.pem
Adding debian:Certplus_Root_CA_G2.pem
Adding debian:Certum_Trusted_Network_CA_2.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
Adding debian:Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
Adding debian:ISRG_Root_X1.pem
Adding debian:LuxTrust_Global_Root_2.pem
Adding debian:OpenTrust_Root_CA_G1.pem
Adding debian:OpenTrust_Root_CA_G2.pem
Adding debian:OpenTrust_Root_CA_G3.pem
Adding debian:SZAFIR_ROOT_CA2.pem
Adding debian:TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
Removing debian:AC_Raíz_Certicámara_S.A..pem
Removing debian:ApplicationCA_-_Japanese_Government.pem
Removing debian:Buypass_Class_2_CA_1.pem
Removing debian:CA_Disig.pem
Removing debian:ComSign_CA.pem
Removing debian:EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
Removing debian:Equifax_Secure_CA.pem
Removing debian:Equifax_Secure_Global_eBusiness_CA.pem
Removing debian:Equifax_Secure_eBusiness_CA_1.pem
Removing debian:IGC_A.pem
Removing debian:Juur-SK.pem
Removing debian:Microsec_e-Szigno_Root_CA.pem
Removing debian:NetLock_Business_=Class_B=_Root.pem
Removing debian:NetLock_Express_=Class_C=_Root.pem
Removing debian:NetLock_Notary_=Class_A=_Root.pem
Removing debian:NetLock_Qualified_=Class_QA=_Root.pem
Removing debian:RSA_Security_2048_v3.pem
Removing debian:Root_CA_Generalitat_Valenciana.pem
Removing debian:S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem
Removing debian:Sonera_Class_1_Root_CA.pem
Removing debian:Staat_der_Nederlanden_Root_CA.pem
Removing debian:StartCom_Certification_Authority.pem
Removing debian:StartCom_Certification_Authority_2.pem
Removing debian:StartCom_Certification_Authority_G2.pem
Removing debian:SwissSign_Platinum_CA_-_G2.pem
Removing debian:TC_TrustCenter_Class_3_CA_II.pem
Removing debian:UTN_USERFirst_Email_Root_CA.pem
Removing debian:Verisign_Class_1_Public_Primary_Certification_Authority.pem
Removing debian:Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem
Removing debian:Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
Removing debian:Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem
Removing debian:Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
Removing debian:Verisign_Class_3_Public_Primary_Certification_Authority.pem
Removing debian:Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
Removing debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem
Removing debian:WellsSecure_Public_Root_Certificate_Authority.pem
done.

The Entrust G2 CA cert is missing from /etc/ssl/certs and isn't noted as installed the apt-get install text.

When installing the 20170717~14.04.1 version directly (not upgrading), then the Entrust G2 cert is installed.

Entrust changed their installation instructions a month ago to forgo a cross link intermediate cert that would have their certs using two CAs: Entrust and Entrust G2.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers