why in the world would anybody want to remove it? this has clearly dependency impact
"yum reinstall ca-certificates" is your friend
Am 01.11.2013 21:30, schrieb bruce:
ooopps...
when I run rpm -qV ca-certificates
I get
rpm -qV ca-certificates S.5....T. c /etc/pki/tls/certs/ca-bundle.crt
when I try to do yum erase ca-certificates.. yum offers to remove a bunch of things!!
[root@dell-1 parseapp2]# rpm -e ca-certificates error: Failed dependencies: ca-certificates is needed by (installed) qt-1:4.6.3-10.fc13.x86_64 ca-certificates is needed by (installed) neon-0.29.3-1.fc13.x86_64 ca-certificates is needed by (installed) java-1.6.0-openjdk-1:1.6.0.0-51.1.8.8.fc13.x86_64 ca-certificates is needed by (installed) qt-1:4.6.3-10.fc13.i686 ca-certificates is needed by (installed) libpurple-2.7.11-1.fc13.x86_64 ca-certificates >= 2008-5 is needed by (installed) openssl-1.0.0d-1.fc13.x86_64 ca-certificates >= 2008-5 is needed by (installed) openssl-1.0.0d-1.fc13.i686
thoughts??
thanks
On Fri, Nov 1, 2013 at 4:12 PM, Michael Cronenworth mike@cchtml.com wrote:
bruce wrote:
I tried to extract the pem as you suggested, placed it in a diff dir.. it works...
So I've got a couple of questions... How did you know which cert/pem file to extract? Why didn't my attempt at getting the cert from the "lock" of the url/address for the smc.edu site not work?
I read the "Issued By" line:
- Peer's certificate issuer is not recognized: 'CN=VeriSign Class 3
International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US'
You downloaded the client certificate that is signed by the CA certificate. In order for curl/NSS to validate the client certificate it needs the CA certificate and not the client certificate.
Also, any idea what I can do regarding the access/path errors I mentioned...
In regards to your private mail, I do not know why you are seeing errors. You may have damanged the cert databases in /etc/pki/nssdb, which are empty by default, but are still used during CA checking.
You can verify the ca-bundle is unharmed by running "rpm -qV ca-certificates". Nothing should print to your terminal if it verifies successfully.