Ubuntu
ca-certificates package

  1. Bug #1795242
  2. Activity log

Activity log for bug #1795242

Date Who What changed Old value New value Message
2018-09-30 14:58:23 Stan Janssen bug added bug
2018-10-01 23:14:40 Seth Arnold ca-certificates (Ubuntu): status New Incomplete
2018-10-02 23:09:42 Seth Arnold ca-certificates (Ubuntu): status Incomplete Confirmed
2018-10-03 05:31:53 Stan Janssen description The "DigiCert High Assurance EV Root CA" certificate is missing, which means that the system does not trust web sites that are using SSL certificates signed by that root. An example is a popular website in the Netherlands https://marktplaats.nl. The result is that no resources other that the text-only homepage is loaded. Installing the Digicert root certificte manually from Digicert solves the problem: ``` wget https://dl.cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt mv DigiCertSHA2SecureServerCA.crt DigiCertSHA2SecureServerCA.der openssl x509 -inform DER -outform PEM -in DigiCertSHA2SecureServerCA.der -out DigicertSHA2SecureServerCA.pem.crt sudo mkdir -p /usr/share/ca-certificates/extra sudo cp DigicertSHA2SecureServerCA.pem.crt /usr/share/ca-certificates/extra/ sudo dpkg-reconfigure ca-certificates ``` Maybe there is a valid reason for not including this certificate by default, or maybe this certificate can be included by default, since it seems like it's assumed to be included on every machine. EDIT: This post originally mentioned the "DigiCert High Assurance EV Root CA", which was the wrong name. The "DigiCert SHA2 Secure Server" was intended. This post has been edited for clarity. ------------- The "DigiCert SHA2 Secure Server" certificate is missing, which means that the system does not trust web sites that are using SSL certificates signed by that root. An example is a popular website in the Netherlands https://marktplaats.nl. The result is that no resources other that the text-only homepage is loaded. Installing the Digicert root certificte manually from Digicert solves the problem: ``` wget https://dl.cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt mv DigiCertSHA2SecureServerCA.crt DigiCertSHA2SecureServerCA.der openssl x509 -inform DER -outform PEM -in DigiCertSHA2SecureServerCA.der -out DigicertSHA2SecureServerCA.pem.crt sudo mkdir -p /usr/share/ca-certificates/extra sudo cp DigicertSHA2SecureServerCA.pem.crt /usr/share/ca-certificates/extra/ sudo dpkg-reconfigure ca-certificates ``` Maybe there is a valid reason for not including this certificate by default, or maybe this certificate can be included by default, since it seems like it's assumed to be included on every machine.
2019-07-27 19:30:40 Karl-Philipp Richter bug added subscriber Karl-Philipp Richter