Digicert certificate is not included
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ca-certificates (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
EDIT: This post originally mentioned the "DigiCert High Assurance EV Root CA", which was the wrong name. The "DigiCert SHA2 Secure Server" was intended. This post has been edited for clarity.
-------------
The "DigiCert SHA2 Secure Server" certificate is missing, which means that the system does not trust web sites that are using SSL certificates signed by that root. An example is a popular website in the Netherlands https:/
Installing the Digicert root certificte manually from Digicert solves the problem:
```
wget https:/
mv DigiCertSHA2Sec
openssl x509 -inform DER -outform PEM -in DigiCertSHA2Sec
sudo mkdir -p /usr/share/
sudo cp DigicertSHA2Sec
sudo dpkg-reconfigure ca-certificates
```
Maybe there is a valid reason for not including this certificate by default, or maybe this certificate can be included by default, since it seems like it's assumed to be included on every machine.
Changed in ca-certificates (Ubuntu): | |
status: | New → Incomplete |
Changed in ca-certificates (Ubuntu): | |
status: | Incomplete → Confirmed |
description: | updated |
This certificate does appear to be installed by default in the ca-certificates package:
$ dpkg -L ca-certificates | grep DigiCert ca-certificates /mozilla/ DigiCert_ Assured_ ID_Root_ CA.crt ca-certificates /mozilla/ DigiCert_ Assured_ ID_Root_ G2.crt ca-certificates /mozilla/ DigiCert_ Assured_ ID_Root_ G3.crt ca-certificates /mozilla/ DigiCert_ Global_ Root_CA. crt ca-certificates /mozilla/ DigiCert_ Global_ Root_G2. crt ca-certificates /mozilla/ DigiCert_ Global_ Root_G3. crt ca-certificates /mozilla/ DigiCert_ High_Assurance_ EV_Root_ CA.crt ca-certificates /mozilla/ DigiCert_ Trusted_ Root_G4. crt
/usr/share/
/usr/share/
/usr/share/
/usr/share/
/usr/share/
/usr/share/
/usr/share/
/usr/share/
$ sha256sum /usr/share/ ca-certificates /mozilla/ DigiCert_ High_Assurance_ EV_Root_ CA.crt 12b90bf7c680468 27f3bf5607357f1 e4918c5dc813b35 9bf1 /usr/share/ ca-certificates /mozilla/ DigiCert_ High_Assurance_ EV_Root_ CA.crt ca-certificates /mozilla/ DigiCert_ High_Assurance_ EV_Root_ CA.crt ca-certificates /mozilla/ DigiCert_ High_Assurance_ EV_Root_ CA.crt certs/DigiCert* EV* certs/DigiCert_ High_Assurance_ EV_Root_ CA.pem -> /usr/share/ ca-certificates /mozilla/ DigiCert_ High_Assurance_ EV_Root_ CA.crt
d98f681c3a7dce8
$ ls -l /usr/share/
-rw-r--r-- 1 root root 1367 Apr 9 16:43 /usr/share/
$ ls -l /etc/ssl/
lrwxrwxrwx 1 root root 73 Oct 17 2012 /etc/ssl/
Does this file exist on your system? Does this symlink exist on your system?
Thanks