Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN
------------------------------

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN
------------------------------

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

/var/ssl/certs looks fine.
Can you share below outputs? 
lslpp -l | grep openssl
rpm -qa

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Wed September 07, 2022 09:23 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Ayappan,
# oslevel -s
7200-05-04-2220

# lslpp -l | grep openssl
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.license 1.0.2.2103 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer



# rpm -qa
libdatrie-0.2.4-1.ppc
libpng-1.6.9-1.ppc
perl-Net_SSLeay.pm-1.55-3.ppc
jasper-1.900.1-2.ppc
librsvg2-2.34.2-1.ppc
bash_64-5.0-4.ppc
python-urlgrabber-3.10.1-1.noarch
shared-mime-info-1.6-2.ppc
deltarpm-3.6-1.ppc
bzip2-1.0.8-2.ppc
gdbm-1.23-1.ppc
perl-5.34.1-1.ppc
libgcc8-8.3.0-6.ppc
zlib-1.2.12-1.ppc
xz-libs-5.2.5-1.ppc
libstdc++8-8.3.0-6.ppc
ncurses-6.3-1.ppc
fontconfig-2.11.95-4.ppc
libtasn1-4.16.0-1.ppc
libjpeg-9d-1.ppc
pixman-0.34.0-1.ppc
libgomp-8-1.ppc
info-6.7-1.ppc
libtextstyle-0.21-1.ppc
gettext-0.21-1.ppc
readline-8.1-1.ppc
python-2.7.18-3.ppc
python3-3.7.12-1.ppc
atk-2.20.0-3.ppc
pkg-config-0.29.2-2.ppc
p11-kit-0.23.22-1.ppc
libXft-2.3.2-4waixX11.ppc
libssh2-1.10.0-1.ppc
cyrus-sasl-2.1.28-1.ppc
apr-util-1.6.1-1.ppc
lzo-2.10-2.ppc
pango-1.40.1-2waixX11.ppc
libtiff-4.3.0-1.ppc
libnghttp2-1.46.0-1.ppc
createrepo_c-libs-0.16.0-32_1.ppc
libxcb-1.14-1waixX11.ppc
python-pycurl-7.43.0-1.ppc
mod_ssl-2.4.54-1.ppc
rsync-3.2.3-1.ppc
python-tools-2.7.18-3.ppc
libxml2-python-2.9.14-1.ppc
jbigkit-2.1-1.ppc
dejavu-lgc-sans-mono-fonts-2.37-1.noarch
libdbi-0.9.0-1.ppc
libart_lgpl-2.3.21-2.ppc
ca-certificates-2021.2.52-3.ppc
libthai-0.1.18-1.ppc
perl-Crypt-SSLeay-0.57-2.ppc
libcroco-0.6.5-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
yum-utils-1.1.31-2.noarch
python-deltarpm-3.6-1.ppc
test-dummy-1.1-5.ppc
lpar2rrd-agent-7.40-2.ppc
db-5.3.28-1.ppc
libgcc-8-1.ppc
libffi-3.4.2-1.ppc
expat-2.4.6-1.ppc
libstdc++-8-1.ppc
freetype2-2.12.1-1.ppc
libXrender-0.9.8-3waixX11.ppc
apr-1.7.0-1.ppc
libgomp8-8.3.0-6.ppc
jbigkit-libs-2.1-1.ppc
libunistring-0.9.10-1.ppc
libxml2-2.9.14-1.ppc
libiconv-1.17-1.ppc
glib2-2.56.1-3.ppc
sqlite-3.37.2-1.ppc
pysqlite-2.8.3-2.ppc
pcre-8.44-2.ppc
xcb-proto-1.14-1.ppc
p11-kit-tools-0.23.22-1.ppc
krb5-libs-1.18.5-1.ppc
file-libs-5.41-1.ppc
lz4-1.9.3-1.ppc
openldap-2.4.58-3.ppc
httpd-2.4.54-1.ppc
cairo-1.14.6-2waixX11.ppc
libwebp-1.0.2-1.ppc
gdk-pixbuf-2.35.1-3waixX11.ppc
curl-7.83.1-1.ppc
libXdmcp-1.1.2-1.ppc
createrepo_c-0.16.0-32_1.ppc
gtk2-2.24.30-3waixX11.ppc
sudo-1.9.5p2-1.ppc
yum-3.4.3-8.noarch
python-devel-2.7.18-3.ppc
xz-5.2.5-1.ppc
dejavu-sans-mono-fonts-2.37-1.noarch
lua-5.4.1-1.ppc
zip-3.0-4.ppc
wget-1.21.2-1.ppc
harfbuzz-4.3.0-1.ppc
AIX-rpm-7.2.5.103-50.ppc

------------------------------
Nicolas KAPLIN
------------------------------

Original Message:
Sent: Wed September 07, 2022 10:12 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

/var/ssl/certs looks fine.
Can you share below outputs? 
lslpp -l | grep openssl
rpm -qa

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 09:23 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Do you have any SSL environmental variables ( like SSL_CERT_DIR ., etc) exported ?

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Wed September 07, 2022 10:18 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Ayappan,
# oslevel -s
7200-05-04-2220

# lslpp -l | grep openssl
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.license 1.0.2.2103 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer



# rpm -qa
libdatrie-0.2.4-1.ppc
libpng-1.6.9-1.ppc
perl-Net_SSLeay.pm-1.55-3.ppc
jasper-1.900.1-2.ppc
librsvg2-2.34.2-1.ppc
bash_64-5.0-4.ppc
python-urlgrabber-3.10.1-1.noarch
shared-mime-info-1.6-2.ppc
deltarpm-3.6-1.ppc
bzip2-1.0.8-2.ppc
gdbm-1.23-1.ppc
perl-5.34.1-1.ppc
libgcc8-8.3.0-6.ppc
zlib-1.2.12-1.ppc
xz-libs-5.2.5-1.ppc
libstdc++8-8.3.0-6.ppc
ncurses-6.3-1.ppc
fontconfig-2.11.95-4.ppc
libtasn1-4.16.0-1.ppc
libjpeg-9d-1.ppc
pixman-0.34.0-1.ppc
libgomp-8-1.ppc
info-6.7-1.ppc
libtextstyle-0.21-1.ppc
gettext-0.21-1.ppc
readline-8.1-1.ppc
python-2.7.18-3.ppc
python3-3.7.12-1.ppc
atk-2.20.0-3.ppc
pkg-config-0.29.2-2.ppc
p11-kit-0.23.22-1.ppc
libXft-2.3.2-4waixX11.ppc
libssh2-1.10.0-1.ppc
cyrus-sasl-2.1.28-1.ppc
apr-util-1.6.1-1.ppc
lzo-2.10-2.ppc
pango-1.40.1-2waixX11.ppc
libtiff-4.3.0-1.ppc
libnghttp2-1.46.0-1.ppc
createrepo_c-libs-0.16.0-32_1.ppc
libxcb-1.14-1waixX11.ppc
python-pycurl-7.43.0-1.ppc
mod_ssl-2.4.54-1.ppc
rsync-3.2.3-1.ppc
python-tools-2.7.18-3.ppc
libxml2-python-2.9.14-1.ppc
jbigkit-2.1-1.ppc
dejavu-lgc-sans-mono-fonts-2.37-1.noarch
libdbi-0.9.0-1.ppc
libart_lgpl-2.3.21-2.ppc
ca-certificates-2021.2.52-3.ppc
libthai-0.1.18-1.ppc
perl-Crypt-SSLeay-0.57-2.ppc
libcroco-0.6.5-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
yum-utils-1.1.31-2.noarch
python-deltarpm-3.6-1.ppc
test-dummy-1.1-5.ppc
lpar2rrd-agent-7.40-2.ppc
db-5.3.28-1.ppc
libgcc-8-1.ppc
libffi-3.4.2-1.ppc
expat-2.4.6-1.ppc
libstdc++-8-1.ppc
freetype2-2.12.1-1.ppc
libXrender-0.9.8-3waixX11.ppc
apr-1.7.0-1.ppc
libgomp8-8.3.0-6.ppc
jbigkit-libs-2.1-1.ppc
libunistring-0.9.10-1.ppc
libxml2-2.9.14-1.ppc
libiconv-1.17-1.ppc
glib2-2.56.1-3.ppc
sqlite-3.37.2-1.ppc
pysqlite-2.8.3-2.ppc
pcre-8.44-2.ppc
xcb-proto-1.14-1.ppc
p11-kit-tools-0.23.22-1.ppc
krb5-libs-1.18.5-1.ppc
file-libs-5.41-1.ppc
lz4-1.9.3-1.ppc
openldap-2.4.58-3.ppc
httpd-2.4.54-1.ppc
cairo-1.14.6-2waixX11.ppc
libwebp-1.0.2-1.ppc
gdk-pixbuf-2.35.1-3waixX11.ppc
curl-7.83.1-1.ppc
libXdmcp-1.1.2-1.ppc
createrepo_c-0.16.0-32_1.ppc
gtk2-2.24.30-3waixX11.ppc
sudo-1.9.5p2-1.ppc
yum-3.4.3-8.noarch
python-devel-2.7.18-3.ppc
xz-5.2.5-1.ppc
dejavu-sans-mono-fonts-2.37-1.noarch
lua-5.4.1-1.ppc
zip-3.0-4.ppc
wget-1.21.2-1.ppc
harfbuzz-4.3.0-1.ppc
AIX-rpm-7.2.5.103-50.ppc

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 10:12 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

/var/ssl/certs looks fine.
Can you share below outputs? 
lslpp -l | grep openssl
rpm -qa

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 09:23 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Hello Ayappan,

No SSL env variables:


AIXTHREAD_COND_DEBUG='OFF '
AIXTHREAD_GUARDPAGES=4
AIXTHREAD_MUTEX_DEBUG='OFF '
AIXTHREAD_RWLOCK_DEBUG='0FF '
AIXTHREAD_SCOPE='S '
EDITOR=vi
ENV_run=env
ERRNO=0
EXTSHM=ON
FCEDIT=vi
HISTSIZE=500
IFS='
'
LANG=en_US
LC__FASTMSG=true
LINENO=1
LOCPATH=/usr/lib/nls/loc
LOGIN=root
LOGNAME=root
MAILCHECK=600
MAILMSG='[YOU HAVE NEW MAIL]'
MALLOCMULTIHEAP=heaps:16
ODMDIR=/etc/objrepos
OPTIND=1
PAGER=pg
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/home/kaplin/bin:/usr/bin/X11:/sbin:.:
PPID=6422846
PS1='root@XXXX:$PWD # '
PS2='> '
PS3='#? '
PS4='+ '
RANDOM=530
SECONDS=32
SPINLOOPTIME=20000
SSH_TTY=/dev/pts/2
TERM=xterm
TMOUT=0
TZ=Europe/Paris
USER=root
VISUAL=vi
YIELDLOOPTIME=40000
_=/bin/ksh

------------------------------
Nicolas KAPLIN
------------------------------

Original Message:
Sent: Wed September 07, 2022 11:02 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Do you have any SSL environmental variables ( like SSL_CERT_DIR ., etc) exported ?

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 10:18 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Ayappan,
# oslevel -s
7200-05-04-2220

# lslpp -l | grep openssl
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.license 1.0.2.2103 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer



# rpm -qa
libdatrie-0.2.4-1.ppc
libpng-1.6.9-1.ppc
perl-Net_SSLeay.pm-1.55-3.ppc
jasper-1.900.1-2.ppc
librsvg2-2.34.2-1.ppc
bash_64-5.0-4.ppc
python-urlgrabber-3.10.1-1.noarch
shared-mime-info-1.6-2.ppc
deltarpm-3.6-1.ppc
bzip2-1.0.8-2.ppc
gdbm-1.23-1.ppc
perl-5.34.1-1.ppc
libgcc8-8.3.0-6.ppc
zlib-1.2.12-1.ppc
xz-libs-5.2.5-1.ppc
libstdc++8-8.3.0-6.ppc
ncurses-6.3-1.ppc
fontconfig-2.11.95-4.ppc
libtasn1-4.16.0-1.ppc
libjpeg-9d-1.ppc
pixman-0.34.0-1.ppc
libgomp-8-1.ppc
info-6.7-1.ppc
libtextstyle-0.21-1.ppc
gettext-0.21-1.ppc
readline-8.1-1.ppc
python-2.7.18-3.ppc
python3-3.7.12-1.ppc
atk-2.20.0-3.ppc
pkg-config-0.29.2-2.ppc
p11-kit-0.23.22-1.ppc
libXft-2.3.2-4waixX11.ppc
libssh2-1.10.0-1.ppc
cyrus-sasl-2.1.28-1.ppc
apr-util-1.6.1-1.ppc
lzo-2.10-2.ppc
pango-1.40.1-2waixX11.ppc
libtiff-4.3.0-1.ppc
libnghttp2-1.46.0-1.ppc
createrepo_c-libs-0.16.0-32_1.ppc
libxcb-1.14-1waixX11.ppc
python-pycurl-7.43.0-1.ppc
mod_ssl-2.4.54-1.ppc
rsync-3.2.3-1.ppc
python-tools-2.7.18-3.ppc
libxml2-python-2.9.14-1.ppc
jbigkit-2.1-1.ppc
dejavu-lgc-sans-mono-fonts-2.37-1.noarch
libdbi-0.9.0-1.ppc
libart_lgpl-2.3.21-2.ppc
ca-certificates-2021.2.52-3.ppc
libthai-0.1.18-1.ppc
perl-Crypt-SSLeay-0.57-2.ppc
libcroco-0.6.5-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
yum-utils-1.1.31-2.noarch
python-deltarpm-3.6-1.ppc
test-dummy-1.1-5.ppc
lpar2rrd-agent-7.40-2.ppc
db-5.3.28-1.ppc
libgcc-8-1.ppc
libffi-3.4.2-1.ppc
expat-2.4.6-1.ppc
libstdc++-8-1.ppc
freetype2-2.12.1-1.ppc
libXrender-0.9.8-3waixX11.ppc
apr-1.7.0-1.ppc
libgomp8-8.3.0-6.ppc
jbigkit-libs-2.1-1.ppc
libunistring-0.9.10-1.ppc
libxml2-2.9.14-1.ppc
libiconv-1.17-1.ppc
glib2-2.56.1-3.ppc
sqlite-3.37.2-1.ppc
pysqlite-2.8.3-2.ppc
pcre-8.44-2.ppc
xcb-proto-1.14-1.ppc
p11-kit-tools-0.23.22-1.ppc
krb5-libs-1.18.5-1.ppc
file-libs-5.41-1.ppc
lz4-1.9.3-1.ppc
openldap-2.4.58-3.ppc
httpd-2.4.54-1.ppc
cairo-1.14.6-2waixX11.ppc
libwebp-1.0.2-1.ppc
gdk-pixbuf-2.35.1-3waixX11.ppc
curl-7.83.1-1.ppc
libXdmcp-1.1.2-1.ppc
createrepo_c-0.16.0-32_1.ppc
gtk2-2.24.30-3waixX11.ppc
sudo-1.9.5p2-1.ppc
yum-3.4.3-8.noarch
python-devel-2.7.18-3.ppc
xz-5.2.5-1.ppc
dejavu-sans-mono-fonts-2.37-1.noarch
lua-5.4.1-1.ppc
zip-3.0-4.ppc
wget-1.21.2-1.ppc
harfbuzz-4.3.0-1.ppc
AIX-rpm-7.2.5.103-50.ppc

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 10:12 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

/var/ssl/certs looks fine.
Can you share below outputs? 
lslpp -l | grep openssl
rpm -qa

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 09:23 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Okay. Everything looks fine except that the cert.pem inside /var/ssl/ is pointing to a custom ca-bundle.crt rather than /opt/freeware/etc/ssl/certs/ca-bundle.crt. Is there any reason for that change?

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Thu September 08, 2022 05:11 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

No SSL env variables:


AIXTHREAD_COND_DEBUG='OFF '
AIXTHREAD_GUARDPAGES=4
AIXTHREAD_MUTEX_DEBUG='OFF '
AIXTHREAD_RWLOCK_DEBUG='0FF '
AIXTHREAD_SCOPE='S '
EDITOR=vi
ENV_run=env
ERRNO=0
EXTSHM=ON
FCEDIT=vi
HISTSIZE=500
IFS='
'
LANG=en_US
LC__FASTMSG=true
LINENO=1
LOCPATH=/usr/lib/nls/loc
LOGIN=root
LOGNAME=root
MAILCHECK=600
MAILMSG='[YOU HAVE NEW MAIL]'
MALLOCMULTIHEAP=heaps:16
ODMDIR=/etc/objrepos
OPTIND=1
PAGER=pg
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/home/kaplin/bin:/usr/bin/X11:/sbin:.:
PPID=6422846
PS1='root@XXXX:$PWD # '
PS2='> '
PS3='#? '
PS4='+ '
RANDOM=530
SECONDS=32
SPINLOOPTIME=20000
SSH_TTY=/dev/pts/2
TERM=xterm
TMOUT=0
TZ=Europe/Paris
USER=root
VISUAL=vi
YIELDLOOPTIME=40000
_=/bin/ksh

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 11:02 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Do you have any SSL environmental variables ( like SSL_CERT_DIR ., etc) exported ?

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 10:18 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Ayappan,
# oslevel -s
7200-05-04-2220

# lslpp -l | grep openssl
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.license 1.0.2.2103 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer



# rpm -qa
libdatrie-0.2.4-1.ppc
libpng-1.6.9-1.ppc
perl-Net_SSLeay.pm-1.55-3.ppc
jasper-1.900.1-2.ppc
librsvg2-2.34.2-1.ppc
bash_64-5.0-4.ppc
python-urlgrabber-3.10.1-1.noarch
shared-mime-info-1.6-2.ppc
deltarpm-3.6-1.ppc
bzip2-1.0.8-2.ppc
gdbm-1.23-1.ppc
perl-5.34.1-1.ppc
libgcc8-8.3.0-6.ppc
zlib-1.2.12-1.ppc
xz-libs-5.2.5-1.ppc
libstdc++8-8.3.0-6.ppc
ncurses-6.3-1.ppc
fontconfig-2.11.95-4.ppc
libtasn1-4.16.0-1.ppc
libjpeg-9d-1.ppc
pixman-0.34.0-1.ppc
libgomp-8-1.ppc
info-6.7-1.ppc
libtextstyle-0.21-1.ppc
gettext-0.21-1.ppc
readline-8.1-1.ppc
python-2.7.18-3.ppc
python3-3.7.12-1.ppc
atk-2.20.0-3.ppc
pkg-config-0.29.2-2.ppc
p11-kit-0.23.22-1.ppc
libXft-2.3.2-4waixX11.ppc
libssh2-1.10.0-1.ppc
cyrus-sasl-2.1.28-1.ppc
apr-util-1.6.1-1.ppc
lzo-2.10-2.ppc
pango-1.40.1-2waixX11.ppc
libtiff-4.3.0-1.ppc
libnghttp2-1.46.0-1.ppc
createrepo_c-libs-0.16.0-32_1.ppc
libxcb-1.14-1waixX11.ppc
python-pycurl-7.43.0-1.ppc
mod_ssl-2.4.54-1.ppc
rsync-3.2.3-1.ppc
python-tools-2.7.18-3.ppc
libxml2-python-2.9.14-1.ppc
jbigkit-2.1-1.ppc
dejavu-lgc-sans-mono-fonts-2.37-1.noarch
libdbi-0.9.0-1.ppc
libart_lgpl-2.3.21-2.ppc
ca-certificates-2021.2.52-3.ppc
libthai-0.1.18-1.ppc
perl-Crypt-SSLeay-0.57-2.ppc
libcroco-0.6.5-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
yum-utils-1.1.31-2.noarch
python-deltarpm-3.6-1.ppc
test-dummy-1.1-5.ppc
lpar2rrd-agent-7.40-2.ppc
db-5.3.28-1.ppc
libgcc-8-1.ppc
libffi-3.4.2-1.ppc
expat-2.4.6-1.ppc
libstdc++-8-1.ppc
freetype2-2.12.1-1.ppc
libXrender-0.9.8-3waixX11.ppc
apr-1.7.0-1.ppc
libgomp8-8.3.0-6.ppc
jbigkit-libs-2.1-1.ppc
libunistring-0.9.10-1.ppc
libxml2-2.9.14-1.ppc
libiconv-1.17-1.ppc
glib2-2.56.1-3.ppc
sqlite-3.37.2-1.ppc
pysqlite-2.8.3-2.ppc
pcre-8.44-2.ppc
xcb-proto-1.14-1.ppc
p11-kit-tools-0.23.22-1.ppc
krb5-libs-1.18.5-1.ppc
file-libs-5.41-1.ppc
lz4-1.9.3-1.ppc
openldap-2.4.58-3.ppc
httpd-2.4.54-1.ppc
cairo-1.14.6-2waixX11.ppc
libwebp-1.0.2-1.ppc
gdk-pixbuf-2.35.1-3waixX11.ppc
curl-7.83.1-1.ppc
libXdmcp-1.1.2-1.ppc
createrepo_c-0.16.0-32_1.ppc
gtk2-2.24.30-3waixX11.ppc
sudo-1.9.5p2-1.ppc
yum-3.4.3-8.noarch
python-devel-2.7.18-3.ppc
xz-5.2.5-1.ppc
dejavu-sans-mono-fonts-2.37-1.noarch
lua-5.4.1-1.ppc
zip-3.0-4.ppc
wget-1.21.2-1.ppc
harfbuzz-4.3.0-1.ppc
AIX-rpm-7.2.5.103-50.ppc

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 10:12 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

/var/ssl/certs looks fine.
Can you share below outputs? 
lslpp -l | grep openssl
rpm -qa

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 09:23 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------

Yes, it was a test, we tried to change the ca_bundle, to see  SSL working   (code zero).

if we put original ca_bundle we have a code 19.

In both cases, we cant reach IBM server in https , even with SSl code zero (with our CA_bundle modified).

------------------------------
Nicolas KAPLIN
------------------------------

Original Message:
Sent: Thu September 08, 2022 08:31 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Okay. Everything looks fine except that the cert.pem inside /var/ssl/ is pointing to a custom ca-bundle.crt rather than /opt/freeware/etc/ssl/certs/ca-bundle.crt. Is there any reason for that change?

------------------------------
Ayappan P

Original Message:
Sent: Thu September 08, 2022 05:11 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

No SSL env variables:


AIXTHREAD_COND_DEBUG='OFF '
AIXTHREAD_GUARDPAGES=4
AIXTHREAD_MUTEX_DEBUG='OFF '
AIXTHREAD_RWLOCK_DEBUG='0FF '
AIXTHREAD_SCOPE='S '
EDITOR=vi
ENV_run=env
ERRNO=0
EXTSHM=ON
FCEDIT=vi
HISTSIZE=500
IFS='
'
LANG=en_US
LC__FASTMSG=true
LINENO=1
LOCPATH=/usr/lib/nls/loc
LOGIN=root
LOGNAME=root
MAILCHECK=600
MAILMSG='[YOU HAVE NEW MAIL]'
MALLOCMULTIHEAP=heaps:16
ODMDIR=/etc/objrepos
OPTIND=1
PAGER=pg
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/home/kaplin/bin:/usr/bin/X11:/sbin:.:
PPID=6422846
PS1='root@XXXX:$PWD # '
PS2='> '
PS3='#? '
PS4='+ '
RANDOM=530
SECONDS=32
SPINLOOPTIME=20000
SSH_TTY=/dev/pts/2
TERM=xterm
TMOUT=0
TZ=Europe/Paris
USER=root
VISUAL=vi
YIELDLOOPTIME=40000
_=/bin/ksh

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 11:02 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Do you have any SSL environmental variables ( like SSL_CERT_DIR ., etc) exported ?

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 10:18 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Ayappan,
# oslevel -s
7200-05-04-2220

# lslpp -l | grep openssl
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.license 1.0.2.2103 COMMITTED Open Secure Socket License
openssl.man.en_US 1.0.2.2103 COMMITTED Open Secure Socket Layer
openssl.base 1.0.2.2103 COMMITTED Open Secure Socket Layer



# rpm -qa
libdatrie-0.2.4-1.ppc
libpng-1.6.9-1.ppc
perl-Net_SSLeay.pm-1.55-3.ppc
jasper-1.900.1-2.ppc
librsvg2-2.34.2-1.ppc
bash_64-5.0-4.ppc
python-urlgrabber-3.10.1-1.noarch
shared-mime-info-1.6-2.ppc
deltarpm-3.6-1.ppc
bzip2-1.0.8-2.ppc
gdbm-1.23-1.ppc
perl-5.34.1-1.ppc
libgcc8-8.3.0-6.ppc
zlib-1.2.12-1.ppc
xz-libs-5.2.5-1.ppc
libstdc++8-8.3.0-6.ppc
ncurses-6.3-1.ppc
fontconfig-2.11.95-4.ppc
libtasn1-4.16.0-1.ppc
libjpeg-9d-1.ppc
pixman-0.34.0-1.ppc
libgomp-8-1.ppc
info-6.7-1.ppc
libtextstyle-0.21-1.ppc
gettext-0.21-1.ppc
readline-8.1-1.ppc
python-2.7.18-3.ppc
python3-3.7.12-1.ppc
atk-2.20.0-3.ppc
pkg-config-0.29.2-2.ppc
p11-kit-0.23.22-1.ppc
libXft-2.3.2-4waixX11.ppc
libssh2-1.10.0-1.ppc
cyrus-sasl-2.1.28-1.ppc
apr-util-1.6.1-1.ppc
lzo-2.10-2.ppc
pango-1.40.1-2waixX11.ppc
libtiff-4.3.0-1.ppc
libnghttp2-1.46.0-1.ppc
createrepo_c-libs-0.16.0-32_1.ppc
libxcb-1.14-1waixX11.ppc
python-pycurl-7.43.0-1.ppc
mod_ssl-2.4.54-1.ppc
rsync-3.2.3-1.ppc
python-tools-2.7.18-3.ppc
libxml2-python-2.9.14-1.ppc
jbigkit-2.1-1.ppc
dejavu-lgc-sans-mono-fonts-2.37-1.noarch
libdbi-0.9.0-1.ppc
libart_lgpl-2.3.21-2.ppc
ca-certificates-2021.2.52-3.ppc
libthai-0.1.18-1.ppc
perl-Crypt-SSLeay-0.57-2.ppc
libcroco-0.6.5-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
yum-utils-1.1.31-2.noarch
python-deltarpm-3.6-1.ppc
test-dummy-1.1-5.ppc
lpar2rrd-agent-7.40-2.ppc
db-5.3.28-1.ppc
libgcc-8-1.ppc
libffi-3.4.2-1.ppc
expat-2.4.6-1.ppc
libstdc++-8-1.ppc
freetype2-2.12.1-1.ppc
libXrender-0.9.8-3waixX11.ppc
apr-1.7.0-1.ppc
libgomp8-8.3.0-6.ppc
jbigkit-libs-2.1-1.ppc
libunistring-0.9.10-1.ppc
libxml2-2.9.14-1.ppc
libiconv-1.17-1.ppc
glib2-2.56.1-3.ppc
sqlite-3.37.2-1.ppc
pysqlite-2.8.3-2.ppc
pcre-8.44-2.ppc
xcb-proto-1.14-1.ppc
p11-kit-tools-0.23.22-1.ppc
krb5-libs-1.18.5-1.ppc
file-libs-5.41-1.ppc
lz4-1.9.3-1.ppc
openldap-2.4.58-3.ppc
httpd-2.4.54-1.ppc
cairo-1.14.6-2waixX11.ppc
libwebp-1.0.2-1.ppc
gdk-pixbuf-2.35.1-3waixX11.ppc
curl-7.83.1-1.ppc
libXdmcp-1.1.2-1.ppc
createrepo_c-0.16.0-32_1.ppc
gtk2-2.24.30-3waixX11.ppc
sudo-1.9.5p2-1.ppc
yum-3.4.3-8.noarch
python-devel-2.7.18-3.ppc
xz-5.2.5-1.ppc
dejavu-sans-mono-fonts-2.37-1.noarch
lua-5.4.1-1.ppc
zip-3.0-4.ppc
wget-1.21.2-1.ppc
harfbuzz-4.3.0-1.ppc
AIX-rpm-7.2.5.103-50.ppc

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 10:12 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

/var/ssl/certs looks fine.
Can you share below outputs? 
lslpp -l | grep openssl
rpm -qa

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 09:23 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

# ls -l /var/ssl
total 152
drwxr-xr-x 2 root system 256 Sep 05 10:04 64
lrwxrwxrwx 1 root system 33 Sep 05 10:05 cert.pem -> /home/pichard/certs/ca-bundle.crt
drwxr-xr-x 2 root system 20480 Sep 05 10:04 certs
drwxr-xr-x 2 root system 28672 Sep 02 10:04 certs.old
drwxr-xr-x 2 root system 256 Sep 06 10:04 misc
-rw-r--r-- 1 root system 11485 Jun 16 2021 openssl.cnf
-rw-r--r-- 1 root system 11485 Oct 05 2015 openssl.cnf.rpmorig


# ls -l /var/ssl/certs
total 0
lrwxrwxrwx 1 root system 23 Sep 05 10:04 002c0b4f.0 -> GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 36 Sep 05 10:04 03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 10 Sep 05 10:04 349f2832.0 -> EC-ACC.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 61 Sep 05 10:04 3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 16 Sep 05 10:04 4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 32 Sep 05 10:04 5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 5f618aec.0 -> certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 9482e63a.0 -> Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 988a38cb.0 -> NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 67 Sep 05 10:04 AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 ANF_Secure_Server_Root_CA.crt -> /opt/freeware/etc/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 89 Sep 05 10:04 Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 40 Sep 05 10:04 Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Certum_EC-384_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root system 57 Sep 05 10:04 Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Certum_Trusted_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 66 Sep 05 10:04 DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 68 Sep 05 10:04 Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 74 Sep 05 10:04 Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 GLOBALTRUST_2020.crt -> /opt/freeware/etc/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx 1 root system 43 Sep 05 10:04 GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_E46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 GlobalSign_Root_R46.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_ECC_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 59 Sep 05 10:04 HARICA_TLS_RSA_Root_CA_2021.crt -> /opt/freeware/etc/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root system 91 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx 1 root system 87 Sep 05 10:04 Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root system 42 Sep 05 10:04 Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_ECC_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 Microsoft_RSA_Root_Certificate_Authority_2017.crt -> /opt/freeware/etc/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 NAVER_Global_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 NetLock_Arany_=Class_Gold=_Fotanusitvany.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx 1 root system 71 Sep 05 10:04 Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 63 Sep 05 10:04 OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 75 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 78 Sep 05 10:04 SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 62 Sep 05 10:04 Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 64 Sep 05 10:04 Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 73 Sep 05 10:04 Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 82 Sep 05 10:04 Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root system 56 Sep 05 10:04 SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root system 77 Sep 05 10:04 TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root system 46 Sep 05 10:04 TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root system 54 Sep 05 10:04 TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root system 72 Sep 05 10:04 Trustwave_Global_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P256_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root system 81 Sep 05 10:04 Trustwave_Global_ECC_P384_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 TunTrust_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 60 Sep 05 10:04 UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root system 50 Sep 05 10:04 UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 69 Sep 05 10:04 USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 52 Sep 05 10:04 XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root system 15 Sep 05 10:04 a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx 1 root system 13 Sep 05 10:04 a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx 1 root system 45 Sep 05 10:04 aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root system 29 Sep 05 10:04 b433981b.0 -> ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 39 Sep 05 10:04 b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/ca-bundle.trust.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root system 14 Sep 05 10:04 cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root system 48 Sep 05 10:04 certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 certSIGN_Root_CA_G2.crt -> /opt/freeware/etc/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root system 37 Sep 05 10:04 d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 22 Sep 05 10:04 d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root system 53 Sep 05 10:04 e-Szigno_Root_CA_2017.crt -> /opt/freeware/etc/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 12 Sep 05 10:04 e113c810.0 -> Certigna.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root system 26 Sep 05 10:04 e35234b1.0 -> Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root system 35 Sep 05 10:04 e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root system 25 Sep 05 10:04 e868b802.0 -> e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root system 27 Sep 05 10:04 e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root system 65 Sep 05 10:04 ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root system 31 Sep 05 10:04 ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root system 28 Sep 05 10:04 ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root system 38 Sep 05 10:04 eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root system 55 Sep 05 10:04 emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root system 51 Sep 05 10:04 emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root system 47 Sep 05 10:04 f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root system 44 Sep 05 10:04 f249de83.0 -> Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root system 34 Sep 05 10:04 f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root system 24 Sep 05 10:04 f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root system 18 Sep 05 10:04 f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fa5da96b.0 -> GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root system 41 Sep 05 10:04 fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root system 20 Sep 05 10:04 fd64f3fc.0 -> TunTrust_Root_CA.crt
lrwxrwxrwx 1 root system 19 Sep 05 10:04 fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root system 23 Sep 05 10:04 feffd413.0 -> GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root system 49 Sep 05 10:04 ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt

------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 09:08 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Can you share the below two outputs ? 

ls -l /var/ssl
ls -l /var/ssl/certs

------------------------------
Ayappan P

Original Message:
Sent: Wed September 07, 2022 08:45 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello Ayappan,

We checked the hashes created , seems to be ok:

Hash file a94d09e5.0 correpond to the following cert
        - /var/ssl/certs/ca-bundle.crt
        - /var/ssl/certs/ACCVRAIZ1.crt
        - /var/ssl/certs/ca-bundle.trust.crt


------------------------------
Nicolas KAPLIN

Original Message:
Sent: Wed September 07, 2022 04:45 AM
From: Ayappan P
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Users had issues with ca-certificates sometime back. We fixed those issues with the ca-certificates version 2021.2.52-3.
So I am not sure what is the problem here. Please check whether the hashes are created in /var/ssl/certs directory.

------------------------------
Ayappan P

Original Message:
Sent: Mon September 05, 2022 04:55 AM
From: Nicolas KAPLIN
Subject: YUM error in https : [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"

Hello,

When we try yum list sudo for example, we have an error:

anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again


We can bypass this error with http (instead of https) or sslverify=false

So We tried to reinstall CA: 


yum reinstall ca-certificates -y
Setting up Reinstall Process
AIX_Toolbox | 2.7 kB 00:00:00
AIX_Toolbox/primary_db | 3.1 MB 00:00:00
AIX_Toolbox_72 | 2.7 kB 00:00:00
AIX_Toolbox_72/primary_db | 375 kB 00:00:00
AIX_Toolbox_noarch | 2.6 kB 00:00:00
AIX_Toolbox_noarch/primary_db | 111 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package ca-certificates.ppc 0:2021.2.52-3 will be reinstalled
--> Finished Dependency Resolution

yum clean all

but we still have the error...

When we try ssl connection:
/usr/bin/openssl s_client -showcerts -connect public.dhe.ibm.com:443

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662362491
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

we have a code 19


We tried to replace the CA-bundle.crt with a one who works and we have a code zero with ssl conection: 

openssl s_client -connect github.com:443 = OK

openssl s_client -connect 129.35.224.112/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata.xml:443 = OK

Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1662366043
Timeout : 300 (sec)
Verify return code: 0 (ok)



We made a yum clean all after that but we still have an error with yum list sudo
yum -t list sudo
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again



Why, do we have an ssl problem, with the CA-bundle.crt , it is generated with ca-certificates from IBM ? 


Thank you for your help

regards


Nicolas




------------------------------
Nicolas KAPLIN
------------------------------