我已删除(根)证书,并重新运行update-ca-certificates:
$ sudo rm /usr/local/share/ca-certificates/mine.root-ca.crt
ls -l /usr/local/share/ca-certificates/
total 4
-rw-r--r-- 1 root root 1838 Feb 16 2017 something-else.crt
$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
但:
$ ls -l /etc/ssl/certs/mine.root-ca.pem
lrwxrwxrwx 1 root root 53 Jun 4 07:22 /etc/ssl/certs/mine.root-ca.pem -> /usr/local/share/ca-certificates/mine.root-ca.crt
但是该文件(/usr/local/share/ca-certificates/mine.root-ca.crt)已经不存在了。
其实,0 added, 0 removed; done.是可疑的:它应该说1 removed。
证书验证对于相关域不再起作用(正如预期的那样),但这两个事实让我很烦恼:
- 挥之不去的联系
- 似乎
update-ca-certificates什么也没做
我在:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
答案1
根据 update-ca-certificates 的手册页,添加 -f 开关以删除 /etc/ssl/certs 中的符号链接
-f, --fresh
Fresh updates. Remove symlinks in /etc/ssl/certs directory.
这将创建一个没有您的根 CA 证书的新 ca-certificate.crt 文件并删除符号链接。
sudo update-ca-certificates -f