Skip to Content [alt-c]


In reply to Comment by Reader Guy

Reader Jack on 2020-06-01 at 17:44:

Comment #22 on the bug report resolved the issue for us. The conclusion we've come to is the blacklist does not remove the offending cert from the ca-bundle.crt file, that has to be done manually. If we blacklist AddTrust [editor's note: removed incorrect information], then modify /etc/pki/tls/certs/ca-bundle.crt (you'll need to chmod +w to mod it) and remove the AddTrust [editor's note: removed incorrect information] certs.

You will need to have the blacklist in place otherwise if you run update-ca-trust the offending certs will be added back into the bundle.

You'd think having the certs in blacklist would remove them from the cert bundle...... 0_0


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.