AIX Open Source

 View Only
Expand all | Collapse all

YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

  • 1.  YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Tue May 17, 2022 10:28 AM

    Hello!

    When I update to the newest ca-certificates the post-install throws the following messages:

    Transaction ID : 18
Begin time     : Mon May 16 05:25:09 2022
Begin rpmdb    : 75:efe729d81eb0a76dbeff4a75b41a289216f3f51c
End time       :            05:25:10 2022 (1 seconds)
End rpmdb      : 75:cd17380a815161619cb997a69d9578c050d4810a
User           : System <unset>
Return-Code    : Success
Command Line   : upgrade -y
Transaction performed with:
    Installed     yum-3.4.3-8.noarch @AIX_Toolbox_noarch
Packages Altered:
    Updated ca-certificates-2020.06.01-2.ppc @?AIX_Toolbox
    Update                  2021.2.52-1.ppc  @AIX_Toolbox
    Updated libpng-1.6.27-3.ppc              @?AIX_Toolbox
    Update         1.6.37-1.ppc              @AIX_Toolbox
Scriptlet output:
   1 Doing /var/ssl/certs
   2 WARNING: objsign-ca-bundle.pem does not contain a certificate or CRL: skipping
   3 email-ca-bundle.pem => a94d09e5.0
   4 WARNING: Skipping duplicate certificate tls-ca-bundle.pem
   5 Doing /var/ssl/64/certs
   6 WARNING: objsign-ca-bundle.pem does not contain a certificate or CRL: skipping
   7 email-ca-bundle.pem => a94d09e5.0
   8 WARNING: Skipping duplicate certificate tls-ca-bundle.pem
   9 /var/ssl/certs exists. Save it as /var/ssl/certs.orig.
  10 warning: file /var/ssl/certs/tls-ca-bundle.pem: remove failed: A file or directory in the path name does not exist.
  11 warning: file /var/ssl/certs/objsign-ca-bundle.pem: remove failed: A file or directory in the path name does not exist.
  12 warning: file /var/ssl/certs/email-ca-bundle.pem: remove failed: A file or directory in the path name does not exist.
  13 warning: file /var/ssl/certs/cacerts: remove failed: A file or directory in the path name does not exist.
  14 warning: file /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.crt: remove failed: A file or directory in the path name does not exist.
  15 warning: file /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.crt: remove failed: A file or directory in the path name does not exist.
  16 warning: file /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
  17 warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt: remove failed: A file or directory in the path name does not exist.
  18 warning: file /opt/freeware/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
  19 warning: file /opt/freeware/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt: remove failed: A file or directory in the path name does not exist.
  20 warning: file /opt/freeware/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt: remove failed: A file or directory in the path name does not exist.
  21 warning: file /opt/freeware/etc/ssl/certs/Trustis_FPS_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
  22 warning: file /opt/freeware/etc/ssl/certs/Taiwan_GRCA.crt: remove failed: A file or directory in the path name does not exist.
  23 warning: file /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.crt: remove failed: A file or directory in the path name does not exist.
  24 warning: file /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.crt: remove failed: A file or directory in the path name does not exist.
  25 warning: file /opt/freeware/etc/ssl/certs/Sonera_Class_2_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
  26 warning: file /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
  27 warning: file /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.crt: remove failed: A file or directory in the path name does not exist.
  28 warning: file /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_F?tan�s�tv�ny.crt: remove failed: A file or directory in the path name does not exist.
  29 warning: file /opt/freeware/etc/ssl/certs/LuxTrust_Global_Root_2.crt: remove failed: A file or directory in the path name does not exist.
  30 warning: file /opt/freeware/etc/ssl/certs/Global_Chambersign_Root_-_2008.crt: remove failed: A file or directory in the path name does not exist.
  31 warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt: remove failed: A file or directory in the path name does not exist.
  32 warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt: remove failed: A file or directory in the path name does not exist.
  33 warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt: remove failed: A file or directory in the path name does not exist.
  34 warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt: remove failed: A file or directory in the path name does not exist.
  35 warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
  36 warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt: remove failed: A file or directory in the path name does not exist.
  37 warning: file /opt/freeware/etc/ssl/certs/EE_Certification_Centre_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
  38 warning: file /opt/freeware/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.crt: remove failed: A file or directory in the path name does not exist.
  39 warning: file /opt/freeware/etc/ssl/certs/AddTrust_External_Root.crt: remove failed: A file or directory in the path name does not exist.
history info

    After that the system can´t use yum because of curl certificate errno 14:

    # yum upgrade
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.2/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.2/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Setting up Upgrade Process
No Packages marked for Update

# yum install zsh
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.2/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.2/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package zsh.ppc 0:5.8-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================================================================
 Package                                                Arch                                                   Version                                                   Repository                                                      Size
==============================================================================================================================================================================================================================================
Installing:
 zsh                                                    ppc                                                    5.8-1                                                     AIX_Toolbox                                                    4.6 M

Transaction Summary
==============================================================================================================================================================================================================================================
Install       1 Package

Total download size: 4.6 M
Installed size: 4.6 M
Is this ok [y/N]: y
Downloading Packages:
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/zsh/zsh-5.8-1.aix6.1.ppc.rpm:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/zsh/zsh-5.8-1.aix6.1.ppc.rpm: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.


Error Downloading Packages:
  zsh-5.8-1.ppc: failure: zsh/zsh-5.8-1.aix6.1.ppc.rpm from AIX_Toolbox: [Errno 256] No more mirrors to try.

    Setting sslverify=false gets rid of the errors and I can install/upgrade again, but reinstalling ca-certificates doesn´t help with the cURL errors, in contrast to this hint in IBM Support

    Please advise how to react to this, I don´t want to switch off the TLS Verification for the YUM transactions, thanks!

    With kind regards,

    Stephan Dietl



    ------------------------------
    Stephan Dietl
    ------------------------------


  • 2.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    IBM Champion
    Posted Wed May 18, 2022 10:29 AM
    It looks like you have an intercepting proxy in your environment:

    SSL certificate problem: self signed certificate in certificate chain​


    It may be that the installation of the new package version removed your proxy certificate/chain. Reinstall it and it should work again.



    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------

    Original Message


  • 3.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Fri May 20, 2022 04:21 AM
    I assume the same, there must be a proxy in between which breaks up ssl.

    You can see that the old chain of trust is removed in the yum log:
    ...
   9 /var/ssl/certs exists. Save it as /var/ssl/certs.orig.
​...

    Would it be possible to have a rpm provided trusted certs path and a user provided one.
    Both should then be "scraped" by c_rehash to set the needed links.
    On Linux systems this is usaually this way:

    rpm provided: /usr/share/ca-certificates
    user provided: /usr/local/share/ca-certificates

    Otherwise one would always have to re-add used needed certificates after a new ca-certificates version.



    ------------------------------
    Henk Wiedig
    ------------------------------

    Original Message


  • 4.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Mon May 23, 2022 03:58 AM
    Edited by Stephan Dietl Mon May 23, 2022 04:00 AM

    Hello @Andrey Klyachkin !

    We don´t install anything in /var/ssl/64 or /var/ssl/certs except the package:

    Path: /etc/objrepos
    openssl.base 1.1.1.1200
    /var/ssl/misc/CA.pl
    /var/ssl/misc/CA.sh
    /var/ssl/misc/c_name
    /var/ssl/misc/c_hash
    /var/ssl/misc/tsget
    /var/ssl/openssl.cnf
    /var/ssl/misc/c_info
    /var/ssl/misc/c_issuer

    No package of us places files into /var/ssl/* !

    I also tried to move the old symlinks from /var/ssl/certs.orig to /var/ssl/certs (removing the symlink created by the upgrade) but to no avail.

    Here is how the /var/ssl looks like on an AIX 7.2 machine where the upgrade hasn´t been installed:

    [root@r3f1z01q:/var/ssl]> ls -alrt
total 96
-rw-r--r--    1 root     system        11485 Dec 11 2019  openssl.cnf
drwxr-xr-x    2 root     system          256 Aug 09 2021  64
drwxr-xr-x    2 root     system        28672 Aug 09 2021  certs
drwxr-xr-x    2 root     system          256 Jan 19 12:37 misc
drwxr-xr-x    5 root     system          256 Jan 19 12:37 .
drwxr-xr-x   29 bin      bin            4096 Apr 26 10:10 ..
[root@r3f1z01q:/var/ssl]> cd certs
[root@r3f1z01q:/var/ssl/certs]> ls -alrt
total 64
lrwxrwxrwx    1 root     system           41 Aug 09 2021  ACCVRAIZ1.crt -> /opt/freeware/etc/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  Actalis_Authentication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  AC_RAIZ_FNMT-RCM.crt -> /opt/freeware/etc/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  AffirmTrust_Premium_ECC.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  AffirmTrust_Premium.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  AffirmTrust_Networking.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  AffirmTrust_Commercial.crt -> /opt/freeware/etc/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  AddTrust_External_Root.crt -> /opt/freeware/etc/ssl/certs/AddTrust_External_Root.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  Amazon_Root_CA_4.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  Amazon_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  Amazon_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  Amazon_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx    1 root     system           89 Aug 09 2021  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt -> /opt/freeware/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx    1 root     system           53 Aug 09 2021  Atos_TrustedRoot_2011.crt -> /opt/freeware/etc/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  CA_Disig_Root_R2.crt -> /opt/freeware/etc/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  Buypass_Class_3_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  Buypass_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     system           57 Aug 09 2021  Baltimore_CyberTrust_Root.crt -> /opt/freeware/etc/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx    1 root     system           44 Aug 09 2021  CFCA_EV_ROOT.crt -> /opt/freeware/etc/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  Certigna_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx    1 root     system           40 Aug 09 2021  Certigna.crt -> /opt/freeware/etc/ssl/certs/Certigna.crt
lrwxrwxrwx    1 root     system           66 Aug 09 2021  COMODO_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     system           66 Aug 09 2021  COMODO_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  COMODO_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  Certum_Trusted_Network_CA_2.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx    1 root     system           57 Aug 09 2021  Certum_Trusted_Network_CA.crt -> /opt/freeware/etc/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx    1 root     system           65 Aug 09 2021  D-TRUST_Root_Class_3_CA_2_EV_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  D-TRUST_Root_Class_3_CA_2_2009.crt -> /opt/freeware/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  Cybertrust_Global_Root.crt -> /opt/freeware/etc/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx    1 root     system           56 Aug 09 2021  Comodo_AAA_Services_root.crt -> /opt/freeware/etc/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx    1 root     system           64 Aug 09 2021  Chambers_of_Commerce_Root_-_2008.crt -> /opt/freeware/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx    1 root     system           46 Aug 09 2021  DST_Root_CA_X3.crt -> /opt/freeware/etc/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  DigiCert_Global_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  DigiCert_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  DigiCert_Assured_ID_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  DigiCert_Assured_ID_Root_G2.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  DigiCert_Assured_ID_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx    1 root     system           66 Aug 09 2021  DigiCert_High_Assurance_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  DigiCert_Global_Root_G3.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  EE_Certification_Centre_Root_CA.crt -> /opt/freeware/etc/ssl/certs/EE_Certification_Centre_Root_CA.crt
lrwxrwxrwx    1 root     system           38 Aug 09 2021  EC-ACC.crt -> /opt/freeware/etc/ssl/certs/EC-ACC.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  E-Tugra_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx    1 root     system           56 Aug 09 2021  DigiCert_Trusted_Root_G4.crt -> /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx    1 root     system           68 Aug 09 2021  Entrust_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           73 Aug 09 2021  Entrust.net_Premium_2048_Secure_Server_CA.crt -> /opt/freeware/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx    1 root     system           43 Aug 09 2021  GTS_Root_R1.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  GDCA_TrustAUTH_R5_ROOT.crt -> /opt/freeware/etc/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx    1 root     system           73 Aug 09 2021  Entrust_Root_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx    1 root     system           73 Aug 09 2021  Entrust_Root_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           74 Aug 09 2021  Entrust_Root_Certification_Authority_-_EC1.crt -> /opt/freeware/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx    1 root     system           43 Aug 09 2021  GTS_Root_R2.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx    1 root     system           77 Aug 09 2021  GeoTrust_Primary_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           72 Aug 09 2021  GeoTrust_Primary_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  GeoTrust_Global_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt
lrwxrwxrwx    1 root     system           43 Aug 09 2021  GTS_Root_R4.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx    1 root     system           43 Aug 09 2021  GTS_Root_R3.crt -> /opt/freeware/etc/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx    1 root     system           77 Aug 09 2021  GeoTrust_Primary_Certification_Authority_-_G3.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  GlobalSign_Root_CA.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  GlobalSign_ECC_Root_CA_-_R5.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  GlobalSign_ECC_Root_CA_-_R4.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  GeoTrust_Universal_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt
lrwxrwxrwx    1 root     system           53 Aug 09 2021  GeoTrust_Universal_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  GlobalSign_Root_CA_-_R2.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  GlobalSign_Root_CA_-_R3.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx    1 root     system           72 Aug 09 2021  Go_Daddy_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  Go_Daddy_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  Global_Chambersign_Root_-_2008.crt -> /opt/freeware/etc/ssl/certs/Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  GlobalSign_Root_CA_-_R6.crt -> /opt/freeware/etc/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx    1 root     system           87 Aug 09 2021  Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx    1 root     system           91 Aug 09 2021  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx    1 root     system           87 Aug 09 2021  Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt -> /opt/freeware/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  IdenTrust_Commercial_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx    1 root     system           44 Aug 09 2021  ISRG_Root_X1.crt -> /opt/freeware/etc/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  Hongkong_Post_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  Hongkong_Post_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx    1 root     system           42 Aug 09 2021  Izenpe.com.crt -> /opt/freeware/etc/ssl/certs/Izenpe.com.crt
lrwxrwxrwx    1 root     system           65 Aug 09 2021  IdenTrust_Public_Sector_Root_CA_1.crt -> /opt/freeware/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx    1 root     system           71 Aug 09 2021  Network_Solutions_Certificate_Authority.crt -> /opt/freeware/etc/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx    1 root     system           76 Aug 09 2021  NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt -> /opt/freeware/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  Microsec_e-Szigno_Root_CA_2009.crt -> /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  LuxTrust_Global_Root_2.crt -> /opt/freeware/etc/ssl/certs/LuxTrust_Global_Root_2.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  OISTE_WISeKey_Global_Root_GB_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  OISTE_WISeKey_Global_Root_GA_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.crt
lrwxrwxrwx    1 root     system           53 Aug 09 2021  QuoVadis_Root_CA_2_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  QuoVadis_Root_CA_2.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx    1 root     system           53 Aug 09 2021  QuoVadis_Root_CA_1_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  QuoVadis_Root_CA.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  OISTE_WISeKey_Global_Root_GC_CA.crt -> /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx    1 root     system           53 Aug 09 2021  QuoVadis_Root_CA_3_G3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  QuoVadis_Root_CA_3.crt -> /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx    1 root     system           72 Aug 09 2021  SSL.com_Root_Certification_Authority_RSA.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx    1 root     system           72 Aug 09 2021  SSL.com_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     system           78 Aug 09 2021  SSL.com_EV_Root_Certification_Authority_RSA_R2.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx    1 root     system           75 Aug 09 2021  SSL.com_EV_Root_Certification_Authority_ECC.crt -> /opt/freeware/etc/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     system           47 Aug 09 2021  SZAFIR_ROOT_CA2.crt -> /opt/freeware/etc/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  Security_Communication_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx    1 root     system           62 Aug 09 2021  Security_Communication_RootCA2.crt -> /opt/freeware/etc/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  Secure_Global_CA.crt -> /opt/freeware/etc/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx    1 root     system           46 Aug 09 2021  SecureTrust_CA.crt -> /opt/freeware/etc/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  SecureSign_RootCA11.crt -> /opt/freeware/etc/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx    1 root     system           64 Aug 09 2021  Staat_der_Nederlanden_EV_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  Sonera_Class_2_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Sonera_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     system           66 Aug 09 2021  Staat_der_Nederlanden_Root_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.crt
lrwxrwxrwx    1 root     system           52 Aug 09 2021  Starfield_Class_2_CA.crt -> /opt/freeware/etc/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx    1 root     system           66 Aug 09 2021  Staat_der_Nederlanden_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     system           73 Aug 09 2021  Starfield_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  SwissSign_Gold_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx    1 root     system           82 Aug 09 2021  Starfield_Services_Root_Certificate_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           77 Aug 09 2021  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt -> /opt/freeware/etc/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx    1 root     system           60 Aug 09 2021  T-TeleSec_GlobalRoot_Class_3.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx    1 root     system           60 Aug 09 2021  T-TeleSec_GlobalRoot_Class_2.crt -> /opt/freeware/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx    1 root     system           56 Aug 09 2021  SwissSign_Silver_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx    1 root     system           65 Aug 09 2021  TWCA_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  TWCA_Global_Root_CA.crt -> /opt/freeware/etc/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  TrustCor_RootCert_CA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx    1 root     system           46 Aug 09 2021  TrustCor_ECA-1.crt -> /opt/freeware/etc/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  TeliaSonera_Root_CA_v1.crt -> /opt/freeware/etc/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx    1 root     system           43 Aug 09 2021  Taiwan_GRCA.crt -> /opt/freeware/etc/ssl/certs/Taiwan_GRCA.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  TrustCor_RootCert_CA-2.crt -> /opt/freeware/etc/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx    1 root     system           60 Aug 09 2021  UCA_Extended_Validation_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  Trustis_FPS_Root_CA.crt -> /opt/freeware/etc/ssl/certs/Trustis_FPS_Root_CA.crt
lrwxrwxrwx    1 root     system           92 Aug 09 2021  VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt -> /opt/freeware/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
lrwxrwxrwx    1 root     system           69 Aug 09 2021  USERTrust_RSA_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     system           69 Aug 09 2021  USERTrust_ECC_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  UCA_Global_G2_Root.crt -> /opt/freeware/etc/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx    1 root     system           92 Aug 09 2021  VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt -> /opt/freeware/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
lrwxrwxrwx    1 root     system           79 Aug 09 2021  VeriSign_Universal_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           65 Aug 09 2021  ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/extracted/openssl/ca-bundle.trust.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  ca-bundle.crt -> /opt/freeware/etc/ssl/certs/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx    1 root     system           52 Aug 09 2021  XRamp_Global_CA_Root.crt -> /opt/freeware/etc/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx    1 root     system           92 Aug 09 2021  Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt -> /opt/freeware/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  certSIGN_ROOT_CA.crt -> /opt/freeware/etc/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  cacerts -> /opt/freeware/etc/ssl/certs/extracted/java/cacerts
lrwxrwxrwx    1 root     system           55 Aug 09 2021  emSign_ECC_Root_CA_-_C3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx    1 root     system           65 Aug 09 2021  ePKI_Root_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  emSign_Root_CA_-_C1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx    1 root     system           55 Aug 09 2021  emSign_ECC_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     system           61 Aug 09 2021  email-ca-bundle.pem -> /opt/freeware/etc/ssl/certs/extracted/pem/email-ca-bundle.pem
lrwxrwxrwx    1 root     system           51 Aug 09 2021  emSign_Root_CA_-_G1.crt -> /opt/freeware/etc/ssl/certs/emSign_Root_CA_-_G1.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  objsign-ca-bundle.pem -> /opt/freeware/etc/ssl/certs/extracted/pem/objsign-ca-bundle.pem
lrwxrwxrwx    1 root     system           59 Aug 09 2021  thawte_Primary_Root_CA_-_G3.crt -> /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  thawte_Primary_Root_CA_-_G2.crt -> /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  thawte_Primary_Root_CA.crt -> /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  tls-ca-bundle.pem -> /opt/freeware/etc/ssl/certs/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx    1 root     system           13 Aug 09 2021  a94d09e5.0 -> ACCVRAIZ1.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  930ac5d2.0 -> Actalis_Authentication_Root_CA.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  157753a5.0 -> AddTrust_External_Root.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  2b349938.0 -> AffirmTrust_Commercial.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  93bc0acc.0 -> AffirmTrust_Networking.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  b727005e.0 -> AffirmTrust_Premium.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  9c8dfbd4.0 -> AffirmTrust_Premium_ECC.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  ce5e74ef.0 -> Amazon_Root_CA_1.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  6d41d539.0 -> Amazon_Root_CA_2.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  8cb5ee0f.0 -> Amazon_Root_CA_3.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  de6d66f3.0 -> Amazon_Root_CA_4.crt
lrwxrwxrwx    1 root     system           25 Aug 09 2021  e36a6752.0 -> Atos_TrustedRoot_2011.crt
lrwxrwxrwx    1 root     system           61 Aug 09 2021  3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx    1 root     system           29 Aug 09 2021  653b494a.0 -> Baltimore_CyberTrust_Root.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  54657681.0 -> Buypass_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  e8de2f56.0 -> Buypass_Class_3_Root_CA.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  2ae6433e.0 -> CA_Disig_Root_R2.crt
lrwxrwxrwx    1 root     system           16 Aug 09 2021  0b1b94ef.0 -> CFCA_EV_ROOT.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  40547a79.0 -> COMODO_Certification_Authority.crt
lrwxrwxrwx    1 root     system           38 Aug 09 2021  eed8c118.0 -> COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     system           38 Aug 09 2021  d6325660.0 -> COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     system           12 Aug 09 2021  e113c810.0 -> Certigna.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  f51bb24c.0 -> Certigna_Root_CA.crt
lrwxrwxrwx    1 root     system           29 Aug 09 2021  48bec511.0 -> Certum_Trusted_Network_CA.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  40193066.0 -> Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx    1 root     system           36 Aug 09 2021  c47d9980.0 -> Chambers_of_Commerce_Root_-_2008.crt
lrwxrwxrwx    1 root     system           28 Aug 09 2021  ee64a828.0 -> Comodo_AAA_Services_root.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  76cb8f92.0 -> Cybertrust_Global_Root.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx    1 root     system           37 Aug 09 2021  d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx    1 root     system           18 Aug 09 2021  2e5ac55d.0 -> DST_Root_CA_X3.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  9d04f354.0 -> DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  3513523f.0 -> DigiCert_Global_Root_CA.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  607986c7.0 -> DigiCert_Global_Root_G2.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  dd8e9d41.0 -> DigiCert_Global_Root_G3.crt
lrwxrwxrwx    1 root     system           38 Aug 09 2021  244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx    1 root     system           28 Aug 09 2021  75d1b2ed.0 -> DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx    1 root     system           35 Aug 09 2021  5273a94c.0 -> E-Tugra_Certification_Authority.crt
lrwxrwxrwx    1 root     system           10 Aug 09 2021  349f2832.0 -> EC-ACC.crt
lrwxrwxrwx    1 root     system           35 Aug 09 2021  128805a3.0 -> EE_Certification_Centre_Root_CA.crt
lrwxrwxrwx    1 root     system           45 Aug 09 2021  aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx    1 root     system           40 Aug 09 2021  6b99d060.0 -> Entrust_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           46 Aug 09 2021  106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx    1 root     system           45 Aug 09 2021  02265526.0 -> Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           45 Aug 09 2021  5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx    1 root     system           15 Aug 09 2021  1001acf7.0 -> GTS_Root_R1.crt
lrwxrwxrwx    1 root     system           15 Aug 09 2021  626dceaf.0 -> GTS_Root_R2.crt
lrwxrwxrwx    1 root     system           15 Aug 09 2021  0a775a30.0 -> GTS_Root_R3.crt
lrwxrwxrwx    1 root     system           15 Aug 09 2021  a3418fda.0 -> GTS_Root_R4.crt
lrwxrwxrwx    1 root     system           22 Aug 09 2021  2c543cd1.0 -> GeoTrust_Global_CA.crt
lrwxrwxrwx    1 root     system           44 Aug 09 2021  480720ec.0 -> GeoTrust_Primary_Certification_Authority.crt
lrwxrwxrwx    1 root     system           49 Aug 09 2021  116bf586.0 -> GeoTrust_Primary_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           49 Aug 09 2021  e2799e36.0 -> GeoTrust_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx    1 root     system           25 Aug 09 2021  ad088e1d.0 -> GeoTrust_Universal_CA.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  8867006a.0 -> GeoTrust_Universal_CA_2.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx    1 root     system           22 Aug 09 2021  5ad8a5d6.0 -> GlobalSign_Root_CA.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  4a6481c9.0 -> GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  062cdee6.0 -> GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  0c4c9b6c.0 -> Global_Chambersign_Root_-_2008.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  f081611a.0 -> Go_Daddy_Class_2_CA.crt
lrwxrwxrwx    1 root     system           44 Aug 09 2021  cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           63 Aug 09 2021  7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  1636090b.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx    1 root     system           59 Aug 09 2021  32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  3e45d192.0 -> Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  68dd7389.0 -> Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx    1 root     system           16 Aug 09 2021  4042bcee.0 -> ISRG_Root_X1.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx    1 root     system           37 Aug 09 2021  1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx    1 root     system           14 Aug 09 2021  cc450945.0 -> Izenpe.com.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  def36a68.0 -> LuxTrust_Global_Root_2.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx    1 root     system           48 Aug 09 2021  988a38cb.0 -> NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
lrwxrwxrwx    1 root     system           43 Aug 09 2021  4304c5e5.0 -> Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx    1 root     system           35 Aug 09 2021  b1b8a7f3.0 -> OISTE_WISeKey_Global_Root_GA_CA.crt
lrwxrwxrwx    1 root     system           35 Aug 09 2021  e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx    1 root     system           35 Aug 09 2021  773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  080911ac.0 -> QuoVadis_Root_CA.crt
lrwxrwxrwx    1 root     system           25 Aug 09 2021  749e9e03.0 -> QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx    1 root     system           22 Aug 09 2021  d7e8dc79.0 -> QuoVadis_Root_CA_2.crt
lrwxrwxrwx    1 root     system           25 Aug 09 2021  064e0aa9.0 -> QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx    1 root     system           22 Aug 09 2021  76faf6c0.0 -> QuoVadis_Root_CA_3.crt
lrwxrwxrwx    1 root     system           25 Aug 09 2021  e18bfb83.0 -> QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx    1 root     system           47 Aug 09 2021  f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     system           50 Aug 09 2021  06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx    1 root     system           44 Aug 09 2021  0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     system           44 Aug 09 2021  6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx    1 root     system           19 Aug 09 2021  fe8a2cd8.0 -> SZAFIR_ROOT_CA2.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  18856ac4.0 -> SecureSign_RootCA11.crt
lrwxrwxrwx    1 root     system           18 Aug 09 2021  f39fc864.0 -> SecureTrust_CA.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  b66938e9.0 -> Secure_Global_CA.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  cd58d51e.0 -> Security_Communication_RootCA2.crt
lrwxrwxrwx    1 root     system           34 Aug 09 2021  f3377b1b.0 -> Security_Communication_Root_CA.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  9c2e7d30.0 -> Sonera_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     system           36 Aug 09 2021  03179a64.0 -> Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx    1 root     system           38 Aug 09 2021  5c44d531.0 -> Staat_der_Nederlanden_Root_CA_-_G2.crt
lrwxrwxrwx    1 root     system           38 Aug 09 2021  5a4d6896.0 -> Staat_der_Nederlanden_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     system           24 Aug 09 2021  f387163d.0 -> Starfield_Class_2_CA.crt
lrwxrwxrwx    1 root     system           45 Aug 09 2021  4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           54 Aug 09 2021  09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  4f316efb.0 -> SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx    1 root     system           28 Aug 09 2021  57bcb2da.0 -> SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx    1 root     system           32 Aug 09 2021  1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx    1 root     system           32 Aug 09 2021  5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx    1 root     system           49 Aug 09 2021  ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  5f15c80c.0 -> TWCA_Global_Root_CA.crt
lrwxrwxrwx    1 root     system           37 Aug 09 2021  b7a5b843.0 -> TWCA_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           15 Aug 09 2021  6410666e.0 -> Taiwan_GRCA.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  5cd81ad7.0 -> TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx    1 root     system           18 Aug 09 2021  7aaf71c0.0 -> TrustCor_ECA-1.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  5d3033c5.0 -> TrustCor_RootCert_CA-1.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  3e44d2f7.0 -> TrustCor_RootCert_CA-2.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  d853d49e.0 -> Trustis_FPS_Root_CA.crt
lrwxrwxrwx    1 root     system           32 Aug 09 2021  0f5dc4f3.0 -> UCA_Extended_Validation_Root.crt
lrwxrwxrwx    1 root     system           22 Aug 09 2021  c01eb047.0 -> UCA_Global_G2_Root.crt
lrwxrwxrwx    1 root     system           41 Aug 09 2021  f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     system           41 Aug 09 2021  fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     system           64 Aug 09 2021  7d0b38bd.0 -> VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
lrwxrwxrwx    1 root     system           64 Aug 09 2021  b204d74a.0 -> VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
lrwxrwxrwx    1 root     system           51 Aug 09 2021  c01cdfa2.0 -> VeriSign_Universal_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           64 Aug 09 2021  c0ff1f52.0 -> Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx    1 root     system           24 Aug 09 2021  706f604c.0 -> XRamp_Global_CA_Root.crt
lrwxrwxrwx    1 root     system           20 Aug 09 2021  8d86cdd1.0 -> certSIGN_ROOT_CA.crt
lrwxrwxrwx    1 root     system           37 Aug 09 2021  ca6e4ad9.0 -> ePKI_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx    1 root     system           27 Aug 09 2021  14bc7599.0 -> emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  406c9bb1.0 -> emSign_Root_CA_-_C1.crt
lrwxrwxrwx    1 root     system           23 Aug 09 2021  2923b3f9.0 -> emSign_Root_CA_-_G1.crt
lrwxrwxrwx    1 root     system           26 Aug 09 2021  2e4eed3c.0 -> thawte_Primary_Root_CA.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  c089bbbd.0 -> thawte_Primary_Root_CA_-_G2.crt
lrwxrwxrwx    1 root     system           31 Aug 09 2021  ba89ed3b.0 -> thawte_Primary_Root_CA_-_G3.crt
drwxr-xr-x    2 root     system        28672 Aug 09 2021  .
drwxr-xr-x    5 root     system          256 Jan 19 12:37 ..

    and this is how it looks like on a different machine after the upgrade:

    [die@HOST2:/home/USER]> ls -alrt /var/ssl
total 96
-rw-r--r--    1 root     system        11485 Oct 14 2020  openssl.cnf
drwxr-xr-x    2 root     system          256 Mar 11 16:43 misc
drwxr-xr-x   33 bin      bin            4096 May 08 10:13 ..
drwxr-xr-x    2 root     system        28672 May 13 12:46 certs.orig
lrwxrwxrwx    1 root     system           41 May 13 14:49 cert.pem -> /opt/freeware/etc/ssl/certs/ca-bundle.crt
drwxr-xr-x    2 root     system          256 May 13 14:49 64
lrwxrwxrwx    1 root     system           27 May 13 14:49 certs -> /opt/freeware/etc/ssl/certs
drwxr-xr-x    5 root     system          256 May 13 14:49 .
[die@HOST2:/home/USER]>

    Thanks,

    With kind regards,

    Stephan Dietl


    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message


  • 5.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Thu May 19, 2022 01:57 AM
    Edited by Emanuel Reisinger Thu May 19, 2022 01:57 AM
    Hi Stephan,

    see yum update - no longer can reach IBM.

    @IBM, please check ca-certificate.

    BR

    ------------------------------
    Emanuel Reisinger
    ------------------------------

    Original Message


  • 6.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Fri May 20, 2022 10:09 AM
    We are having the same problem when using dnf. Setting "sslverify=0" in the main section of /opt/freeware/etc/dnf/dnf.conf provides a workaround, but I think something is wrong with the ca-certificates-2021.2.52-1.ppc RPM.

    ------------------------------
    Robert Wood
    ------------------------------

    Original Message


  • 7.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Mon May 23, 2022 03:57 AM
    Edited by Philip Krab Mon May 23, 2022 04:01 AM
    IBM AIX: Import CA certificate steps 6 and 7 provide the solution. I'm afraid you have to follow this procedure every time you perform an update of ca-certificates. For our own convenience we have automated the procedure in Ansible.

    ------------------------------
    Philip Krab
    ------------------------------

    Original Message


  • 8.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Mon May 23, 2022 04:05 AM

    Hello @Philip Krab !

    Thanks for the pointer! Since I´m also using Ansible for my AIX environment --> would you please be so kind and share your playbook for this (anonymized where needed)?

    Many thanks in advance,

    With kind regards,

    Stephan Dietl​



    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message


  • 9.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Mon May 23, 2022 04:36 AM
    Edited by Stephan Dietl Mon May 23, 2022 04:37 AM

    Hello @Philip Krab !

    Just performed the steps in your link (after reinstalling the "faulty" ca-certificates to bring it to the state after the upgrade) and it doesn´t change anything:

    lrwxrwxrwx    1 root     system           19 May 23 10:25 a94d09e5.0 -> email-ca-bundle.pem
lrwxrwxrwx    1 root     system           58 May 23 10:31 HASH1.0 -> /opt/freeware/etc/ssl/certs/MY_COMPANY-RootCA.crt.pem
lrwxrwxrwx    1 root     system           62 May 23 10:31 HASH2.0 -> /opt/freeware/etc/ssl/certs/MY_COMPANY-IssuingCA1.crt.pem
drwxr-xr-x    3 root     system        20480 May 23 10:31 .

# /var/ssl/certs/ is a symlink to /opt/freeware/etc/ssl/certs/

[root@HOST1:/var/ssl/certs]> yum upgrade
Loaded plugins: allowdowngrade, changelog, filter-data, merge-conf, ps, versionlock
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.2/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.2/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Skipping filters plugin, no data
Setting up Upgrade Process
No Packages marked for Update

    Also putting them under extracted/pem/ doesn´t help!

    Thanks for your information,

    With kind regards,

    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message


  • 10.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Mon May 23, 2022 04:50 AM

    Hello all!

    Here the comparison between the server which was not updated and one which was:

    Not updated:

    /opt/freeware/bin/curl -vvvvvv anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml
*   Trying 170.225.15.112:443...
* Connected to public.dhe.ibm.com (170.225.15.112) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*  CAfile: none
*  CApath: /var/ssl/certs/
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=New York; L=Armonk; O=International Business Machines Corporation; CN=public.dhe.ibm.com
*  start date: Mar  7 00:00:00 2022 GMT
*  expire date: Mar  7 23:59:59 2023 GMT
*  subjectAltName: host "public.dhe.ibm.com" matched cert's "public.dhe.ibm.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Server auth using Basic with user 'anonymous'
> GET /aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml HTTP/1.1
> Host: public.dhe.ibm.com
> Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Mon, 23 May 2022 08:44:11 GMT
< Last-Modified: Fri, 06 May 2022 13:03:30 GMT
< ETag: "4a4a7-a98-5de577c26ec80"
< Accept-Ranges: bytes
< Content-Length: 2712
< Strict-Transport-Security: max-age=31536000
< Content-Type: application/xml
< 
<?xml version="1.0" encoding="UTF-8"?>
<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
  <revision>1651840271</revision>

    Updated server (where I performed the CA import as described by  @Philip Krab ):

    curl -vvvvvv anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/repodata/repomd.xml
*   Trying 170.225.15.112:443...
* Connected to public.dhe.ibm.com (170.225.15.112) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*  CAfile: none
*  CApath: /var/ssl/certs/
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

    Since I never had to put any pem files from our company into /var/ssl/certs it seems that the fix has to come from @Rishita Saha !

    "ca-certificates-2021.2.52-1.ppc installed
    * Thu Nov 4 13:00:00 2021 Rishita Saha <risaha16@in.ibm.com> - 2021.2.52-1
    - Update to latest version"

    Thanks,

    With kind regards,​



    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message


  • 11.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Mon May 23, 2022 05:12 AM
    Edited by Stephan Dietl Mon May 23, 2022 05:20 AM
    Hello!

    FIX for USERS (package ca-certificates still needs to be corrected!):

    Since finding out via openssl and curl that IBM servers use the DigiCert certificates and seeing that the update wiped / didn´t create the appropriate .0 files I just, for testing purposes, recreated only those:

    1193    openssl s_client -showcerts -connect public.dhe.ibm.com:443 -tls1_2
1194    ls -alrt *Digi*
1198    ls -alrt /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
1199    openssl x509 -noout -hash -in  /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
1200    openssl x509 -noout -hash -in  /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt
1201    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_CA.crt 3513523f.0
1203    ln -s /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt 607986c7.0
1204    ls -alrt /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G2.crt
1206    openssl x509 -noout -hash -in /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt
1207    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_Global_Root_G3.crt dd8e9d41.0
1208    openssl x509 -noout -hash -in /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
1209    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt 244b5494.0
1210    openssl x509 -noout -hash -in /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt
1211    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_Trusted_Root_G4.crt 75d1b2ed.0
1213    ls -alrt  /opt/freeware/etc/ssl/certs/*Digi*
1214    openssl x509 -noout -hash -in /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
1215    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.crt 7f3d5d1d.0
1216    openssl x509 -noout -hash -in /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
1217    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.crt 9d04f354.0
1218    openssl x509 -noout -hash -in /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
1219    ln -s  /opt/freeware/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.crt b1159c4c.0
1220    vi /opt/freeware/etc/yum/yum.conf # sslverify=false removed
1221    yum upgrade # works
1222    yum clean all
1223    yum upgrade # works
1224    yum install zsh # just to test, works!
​

    So I think another workaround is to use the ansible job by @Philip Krab (Thanks a lot!) or to manually create the hashes and symlinks and it should be ok again.

    # TEST on SECOND BROKEN HOST:

    for i in $(find /var/ssl/certs/ -type f -name "*.crt"|grep -v extracted)
    do
    ln -s $i `openssl x509 -noout -hash -in $i`.0
    done

    --> yum works again!

    But still this needs to be done by the post task of the upgrade of ca-certificates and to re-iterate --> it had a problem with the chain of IBM servers not my proxy environment!

    Please fix the ca-certifcates package,

    Thanks to everyone helping,

    With kind regards,



    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message


  • 12.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Tue May 24, 2022 03:32 AM
    Isn't that what /usr/bin/c_rehash is for ?

    ------------------------------
    Henk Wiedig
    ------------------------------

    Original Message


  • 13.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Tue May 24, 2022 04:00 AM

    Hello @Henk Wiedig !

    Good point, it seems​ that in this case it wasn´t triggered in the post-install?

    I never had to manually use it before and therefore was unsure if it was the right response to the situation presented...

    A new installation of an AIX 7.2 machine worked fine by directly going from ca-certificates-2016.10.7-2 (haven´t moved to dnf yet) to the new ca-certificates, so it seems an issue in the upgrade process from *-2020.* to the new one?

    ---> Package ca-certificates.ppc 0:2016.10.7-2 will be updated
---> Package ca-certificates.ppc 0:2021.2.52-1 will be an update
...
^M  Cleanup    : readline-6.1-2.ppc                                         61/62 
^M  Cleanup    : ca-certificates-2016.10.7-2.ppc                            62/62 
warning: file /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/thawte_Primary_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/WoSign_China.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/WoSign.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/WellsSecure_Public_Root_Certificate_Authority.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Visa_eCommerce_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/UTN_USERFirst_Email_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Trustis_FPS_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Taiwan_GRCA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/TURKTRUST_Elektronik_Sertifika_Hizmet_Saglaycs_H6.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/TURKTRUST_Elektronik_Sertifika_Hizmet_Saglaycs_H5.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_2007.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/TUBITAK_UEKAE_Kok_Sertifika_Hizmet_Saglaycs_-_Surum_3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/TC_TrustCenter_Class_3_CA_II.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Swisscom_Root_EV_CA_2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Swisscom_Root_CA_2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Swisscom_Root_CA_1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/SwissSign_Platinum_CA_-_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/StartCom_Certification_Authority_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/StartCom_Certification_Authority_2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/StartCom_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Sonera_Class_2_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Security_Communication_EV_RootCA1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/S-TRUST_Universal_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Root_CA_Generalitat_Valenciana.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/RSA_Security_2048_v3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/QuoVadis_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/PSCProcert.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/OpenTrust_Root_CA_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/OpenTrust_Root_CA_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/OpenTrust_Root_CA_G1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Microsec_e-Szigno_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Juur-SK.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/IGC_A.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Global_Chambersign_Root_-_2008.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA_2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Equifax_Secure_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/EE_Certification_Centre_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Saglaycs.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/DST_ACES_CA_X6.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Comodo_Trusted_Services_root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Comodo_Secure_Services_root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/ComSign_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/China_Internet_Network_Information_Center_EV_Certificates_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certum_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certplus_Root_CA_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certplus_Root_CA_G1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certplus_Class_2_Primary_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certinomis_-_Root_CA.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certinomis_-_Autorite_Racine.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Certification_Authority_of_WoSign_G2.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Camerfirma_Global_Chambersign_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/CNNIC_ROOT.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/CA_WoSign_ECC_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/CA_Disig_Root_R1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/Buypass_Class_2_CA_1.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/ApplicationCA_-_Japanese_Government.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/AddTrust_Qualified_Certificates_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/AddTrust_Public_Services_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/AddTrust_Low-Value_Services_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/AddTrust_External_Root.crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/AC_Raiz_Certicamara_S.A..crt: remove failed: A file or directory in the path name does not exist.
warning: file /opt/freeware/etc/ssl/certs/ACEDICOM_Root.crt: remove failed: A file or directory in the path name does not exist."

    But still the hashes are created correctly...

    Thanks for the pointer to c_rehash, I´ll look into it!

    With kind regards,



    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message


  • 14.  RE: YUM unusable after ca-certificates upgrade to 2021.2.52-1, breaks chain of trust

    Posted Wed May 25, 2022 03:35 AM

    Hello @Henk Wiedig !

    I´ve now tested it on a machine which is in decommission and it seems that /usr/bin/c_rehash is the culprit. At first there are the *.0 files which I created via my repair job, after calling the c_rehash they are gone and yum breaks...:

    [root@HOST:/]> ls -alrt /var/ssl/certs/
total 1104
-rw-r--r--    1 root     system           98 Nov 04 2021  README
-rw-r--r--    1 root     system         1302 Nov 04 2021  emSign_Root_CA_-_G1.crt
-rw-r--r--    1 root     system         1257 Nov 04 2021  emSign_Root_CA_-_C1.crt
-rw-r--r--    1 root     system          859 Nov 04 2021  emSign_ECC_Root_CA_-_G3.crt
-rw-r--r--    1 root     system          814 Nov 04 2021  emSign_ECC_Root_CA_-_C3.crt
-rw-r--r--    1 root     system         2033 Nov 04 2021  ePKI_Root_Certification_Authority.crt
-rw-r--r--    1 root     system          843 Nov 04 2021  e-Szigno_Root_CA_2017.crt
-rw-r--r--    1 root     system         1891 Nov 04 2021  certSIGN_Root_CA_G2.crt
-rw-r--r--    1 root     system         1176 Nov 04 2021  certSIGN_ROOT_CA.crt
-rw-r--r--    1 root     system         1513 Nov 04 2021  XRamp_Global_CA_Root.crt
-rw-r--r--    1 root     system         2094 Nov 04 2021  USERTrust_RSA_Certification_Authority.crt
-rw-r--r--    1 root     system          948 Nov 04 2021  USERTrust_ECC_Certification_Authority.crt
-rw-r--r--    1 root     system         1891 Nov 04 2021  UCA_Global_G2_Root.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  UCA_Extended_Validation_Root.crt
-rw-r--r--    1 root     system         2037 Nov 04 2021  TunTrust_Root_CA.crt
-rw-r--r--    1 root     system          969 Nov 04 2021  Trustwave_Global_ECC_P384_Certification_Authority.crt
-rw-r--r--    1 root     system          883 Nov 04 2021  Trustwave_Global_ECC_P256_Certification_Authority.crt
-rw-r--r--    1 root     system         2090 Nov 04 2021  Trustwave_Global_Certification_Authority.crt
-rw-r--r--    1 root     system         2204 Nov 04 2021  TrustCor_RootCert_CA-2.crt
-rw-r--r--    1 root     system         1513 Nov 04 2021  TrustCor_RootCert_CA-1.crt
-rw-r--r--    1 root     system         1493 Nov 04 2021  TrustCor_ECA-1.crt
-rw-r--r--    1 root     system         1870 Nov 04 2021  TeliaSonera_Root_CA_v1.crt
-rw-r--r--    1 root     system         1269 Nov 04 2021  TWCA_Root_Certification_Authority.crt
-rw-r--r--    1 root     system         1883 Nov 04 2021  TWCA_Global_Root_CA.crt
-rw-r--r--    1 root     system         1582 Nov 04 2021  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  T-TeleSec_GlobalRoot_Class_3.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  T-TeleSec_GlobalRoot_Class_2.crt
-rw-r--r--    1 root     system         2049 Nov 04 2021  SwissSign_Silver_CA_-_G2.crt
-rw-r--r--    1 root     system         2045 Nov 04 2021  SwissSign_Gold_CA_-_G2.crt
-rw-r--r--    1 root     system         1424 Nov 04 2021  Starfield_Services_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     system         1399 Nov 04 2021  Starfield_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     system         1468 Nov 04 2021  Starfield_Class_2_CA.crt
-rw-r--r--    1 root     system         1948 Nov 04 2021  Staat_der_Nederlanden_EV_Root_CA.crt
-rw-r--r--    1 root     system         1224 Nov 04 2021  Security_Communication_Root_CA.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  Security_Communication_RootCA2.crt
-rw-r--r--    1 root     system         1354 Nov 04 2021  Secure_Global_CA.crt
-rw-r--r--    1 root     system         1350 Nov 04 2021  SecureTrust_CA.crt
-rw-r--r--    1 root     system         1249 Nov 04 2021  SecureSign_RootCA11.crt
-rw-r--r--    1 root     system         1257 Nov 04 2021  SZAFIR_ROOT_CA2.crt
-rw-r--r--    1 root     system         2094 Nov 04 2021  SSL.com_Root_Certification_Authority_RSA.crt
-rw-r--r--    1 root     system          944 Nov 04 2021  SSL.com_Root_Certification_Authority_ECC.crt
-rw-r--r--    1 root     system         2114 Nov 04 2021  SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
-rw-r--r--    1 root     system          956 Nov 04 2021  SSL.com_EV_Root_Certification_Authority_ECC.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  QuoVadis_Root_CA_3_G3.crt
-rw-r--r--    1 root     system         2354 Nov 04 2021  QuoVadis_Root_CA_3.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  QuoVadis_Root_CA_2_G3.crt
-rw-r--r--    1 root     system         2041 Nov 04 2021  QuoVadis_Root_CA_2.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  QuoVadis_Root_CA_1_G3.crt
-rw-r--r--    1 root     system          895 Nov 04 2021  OISTE_WISeKey_Global_Root_GC_CA.crt
-rw-r--r--    1 root     system         1346 Nov 04 2021  OISTE_WISeKey_Global_Root_GB_CA.crt
-rw-r--r--    1 root     system         1411 Nov 04 2021  Network_Solutions_Certificate_Authority.crt
-rw-r--r--    1 root     system         1476 Nov 04 2021  NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
-rw-r--r--    1 root     system         2013 Nov 04 2021  NAVER_Global_Root_Certification_Authority.crt
-rw-r--r--    1 root     system         2021 Nov 04 2021  Microsoft_RSA_Root_Certificate_Authority_2017.crt
-rw-r--r--    1 root     system          875 Nov 04 2021  Microsoft_ECC_Root_Certificate_Authority_2017.crt
-rw-r--r--    1 root     system         1460 Nov 04 2021  Microsec_e-Szigno_Root_CA_2009.crt
-rw-r--r--    1 root     system         2122 Nov 04 2021  Izenpe.com.crt
-rw-r--r--    1 root     system         1931 Nov 04 2021  IdenTrust_Public_Sector_Root_CA_1.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  IdenTrust_Commercial_Root_CA_1.crt
-rw-r--r--    1 root     system         1939 Nov 04 2021  ISRG_Root_X1.crt
-rw-r--r--    1 root     system         2074 Nov 04 2021  Hongkong_Post_Root_CA_3.crt
-rw-r--r--    1 root     system         1168 Nov 04 2021  Hongkong_Post_Root_CA_1.crt
-rw-r--r--    1 root     system         2155 Nov 04 2021  Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
-rw-r--r--    1 root     system         1513 Nov 04 2021  Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
-rw-r--r--    1 root     system         1017 Nov 04 2021  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
-rw-r--r--    1 root     system         2017 Nov 04 2021  HARICA_TLS_RSA_Root_CA_2021.crt
-rw-r--r--    1 root     system          867 Nov 04 2021  HARICA_TLS_ECC_Root_CA_2021.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  Go_Daddy_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     system         1448 Nov 04 2021  Go_Daddy_Class_2_CA.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  GlobalSign_Root_R46.crt
-rw-r--r--    1 root     system          769 Nov 04 2021  GlobalSign_Root_E46.crt
-rw-r--r--    1 root     system         1972 Nov 04 2021  GlobalSign_Root_CA_-_R6.crt
-rw-r--r--    1 root     system         1229 Nov 04 2021  GlobalSign_Root_CA_-_R3.crt
-rw-r--r--    1 root     system         1354 Nov 04 2021  GlobalSign_Root_CA_-_R2.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  GlobalSign_Root_CA.crt
-rw-r--r--    1 root     system          794 Nov 04 2021  GlobalSign_ECC_Root_CA_-_R5.crt
-rw-r--r--    1 root     system          713 Nov 04 2021  GlobalSign_ECC_Root_CA_-_R4.crt
-rw-r--r--    1 root     system          769 Nov 04 2021  GTS_Root_R4.crt
-rw-r--r--    1 root     system          769 Nov 04 2021  GTS_Root_R3.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  GTS_Root_R2.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  GTS_Root_R1.crt
-rw-r--r--    1 root     system         1972 Nov 04 2021  GLOBALTRUST_2020.crt
-rw-r--r--    1 root     system         1980 Nov 04 2021  GDCA_TrustAUTH_R5_ROOT.crt
-rw-r--r--    1 root     system         2244 Nov 04 2021  Entrust_Root_Certification_Authority_-_G4.crt
-rw-r--r--    1 root     system         1533 Nov 04 2021  Entrust_Root_Certification_Authority_-_G2.crt
-rw-r--r--    1 root     system         1090 Nov 04 2021  Entrust_Root_Certification_Authority_-_EC1.crt
-rw-r--r--    1 root     system         1643 Nov 04 2021  Entrust_Root_Certification_Authority.crt
-rw-r--r--    1 root     system         1505 Nov 04 2021  Entrust.net_Premium_2048_Secure_Server_CA.crt
-rw-r--r--    1 root     system         1911 Nov 04 2021  EC-ACC.crt
-rw-r--r--    1 root     system         2244 Nov 04 2021  E-Tugra_Certification_Authority.crt
-rw-r--r--    1 root     system         1988 Nov 04 2021  DigiCert_Trusted_Root_G4.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  DigiCert_High_Assurance_EV_Root_CA.crt
-rw-r--r--    1 root     system          839 Nov 04 2021  DigiCert_Global_Root_G3.crt
-rw-r--r--    1 root     system         1294 Nov 04 2021  DigiCert_Global_Root_G2.crt
-rw-r--r--    1 root     system         1338 Nov 04 2021  DigiCert_Global_Root_CA.crt
-rw-r--r--    1 root     system          851 Nov 04 2021  DigiCert_Assured_ID_Root_G3.crt
-rw-r--r--    1 root     system         1306 Nov 04 2021  DigiCert_Assured_ID_Root_G2.crt
-rw-r--r--    1 root     system         1350 Nov 04 2021  DigiCert_Assured_ID_Root_CA.crt
-rw-r--r--    1 root     system         1200 Nov 04 2021  DST_Root_CA_X3.crt
-rw-r--r--    1 root     system         1537 Nov 04 2021  D-TRUST_Root_Class_3_CA_2_EV_2009.crt
-rw-r--r--    1 root     system         1517 Nov 04 2021  D-TRUST_Root_Class_3_CA_2_2009.crt
-rw-r--r--    1 root     system         1318 Nov 04 2021  Cybertrust_Global_Root.crt
-rw-r--r--    1 root     system         1517 Nov 04 2021  Comodo_AAA_Services_root.crt
-rw-r--r--    1 root     system         2053 Nov 04 2021  Certum_Trusted_Root_CA.crt
-rw-r--r--    1 root     system         2078 Nov 04 2021  Certum_Trusted_Network_CA_2.crt
-rw-r--r--    1 root     system         1354 Nov 04 2021  Certum_Trusted_Network_CA.crt
-rw-r--r--    1 root     system          891 Nov 04 2021  Certum_EC-384_CA.crt
-rw-r--r--    1 root     system         2264 Nov 04 2021  Certigna_Root_CA.crt
-rw-r--r--    1 root     system         1330 Nov 04 2021  Certigna.crt
-rw-r--r--    1 root     system         2086 Nov 04 2021  COMODO_RSA_Certification_Authority.crt
-rw-r--r--    1 root     system          940 Nov 04 2021  COMODO_ECC_Certification_Authority.crt
-rw-r--r--    1 root     system         1489 Nov 04 2021  COMODO_Certification_Authority.crt
-rw-r--r--    1 root     system         1984 Nov 04 2021  CFCA_EV_ROOT.crt
-rw-r--r--    1 root     system         1935 Nov 04 2021  CA_Disig_Root_R2.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  Buypass_Class_3_Root_CA.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  Buypass_Class_2_Root_CA.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  Baltimore_CyberTrust_Root.crt
-rw-r--r--    1 root     system         2167 Nov 04 2021  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  Atos_TrustedRoot_2011.crt
-rw-r--r--    1 root     system          737 Nov 04 2021  Amazon_Root_CA_4.crt
-rw-r--r--    1 root     system          656 Nov 04 2021  Amazon_Root_CA_3.crt
-rw-r--r--    1 root     system         1883 Nov 04 2021  Amazon_Root_CA_2.crt
-rw-r--r--    1 root     system         1188 Nov 04 2021  Amazon_Root_CA_1.crt
-rw-r--r--    1 root     system          753 Nov 04 2021  AffirmTrust_Premium_ECC.crt
-rw-r--r--    1 root     system         1891 Nov 04 2021  AffirmTrust_Premium.crt
-rw-r--r--    1 root     system         1204 Nov 04 2021  AffirmTrust_Networking.crt
-rw-r--r--    1 root     system         1204 Nov 04 2021  AffirmTrust_Commercial.crt
-rw-r--r--    1 root     system         2049 Nov 04 2021  Actalis_Authentication_Root_CA.crt
-rw-r--r--    1 root     system         2118 Nov 04 2021  ANF_Secure_Server_Root_CA.crt
-rw-r--r--    1 root     system          904 Nov 04 2021  AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
-rw-r--r--    1 root     system         1972 Nov 04 2021  AC_RAIZ_FNMT-RCM.crt
-rw-r--r--    1 root     system         2772 Nov 04 2021  ACCVRAIZ1.crt
drwxr-xr-x    4 root     system          256 Nov 04 2021  ..
drwxr-xr-x    6 root     system         4096 May 23 12:28 extracted
lrwxrwxrwx    1 root     system           65 May 23 12:28 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/extracted/openssl/ca-bundle.trust.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx    1 root     system           28 May 23 12:28 a94d09e5.0 -> /var/ssl/certs/ACCVRAIZ1.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 cd8c0d63.0 -> /var/ssl/certs/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx    1 root     system           54 May 23 12:28 b81b93f0.0 -> /var/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx    1 root     system           44 May 23 12:28 b433981b.0 -> /var/ssl/certs/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 930ac5d2.0 -> /var/ssl/certs/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 2b349938.0 -> /var/ssl/certs/AffirmTrust_Commercial.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 93bc0acc.0 -> /var/ssl/certs/AffirmTrust_Networking.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 b727005e.0 -> /var/ssl/certs/AffirmTrust_Premium.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 9c8dfbd4.0 -> /var/ssl/certs/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 ce5e74ef.0 -> /var/ssl/certs/Amazon_Root_CA_1.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 6d41d539.0 -> /var/ssl/certs/Amazon_Root_CA_2.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 8cb5ee0f.0 -> /var/ssl/certs/Amazon_Root_CA_3.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 de6d66f3.0 -> /var/ssl/certs/Amazon_Root_CA_4.crt
lrwxrwxrwx    1 root     system           40 May 23 12:28 e36a6752.0 -> /var/ssl/certs/Atos_TrustedRoot_2011.crt
lrwxrwxrwx    1 root     system           76 May 23 12:28 3bde41ac.0 -> /var/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx    1 root     system           44 May 23 12:28 653b494a.0 -> /var/ssl/certs/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 54657681.0 -> /var/ssl/certs/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 e8de2f56.0 -> /var/ssl/certs/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 2ae6433e.0 -> /var/ssl/certs/CA_Disig_Root_R2.crt
lrwxrwxrwx    1 root     system           31 May 23 12:28 0b1b94ef.0 -> /var/ssl/certs/CFCA_EV_ROOT.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 40547a79.0 -> /var/ssl/certs/COMODO_Certification_Authority.crt
lrwxrwxrwx    1 root     system           53 May 23 12:28 eed8c118.0 -> /var/ssl/certs/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     system           53 May 23 12:28 d6325660.0 -> /var/ssl/certs/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     system           27 May 23 12:28 e113c810.0 -> /var/ssl/certs/Certigna.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 f51bb24c.0 -> /var/ssl/certs/Certigna_Root_CA.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 9482e63a.0 -> /var/ssl/certs/Certum_EC-384_CA.crt
lrwxrwxrwx    1 root     system           44 May 23 12:28 48bec511.0 -> /var/ssl/certs/Certum_Trusted_Network_CA.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 40193066.0 -> /var/ssl/certs/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 e35234b1.0 -> /var/ssl/certs/Certum_Trusted_Root_CA.crt
lrwxrwxrwx    1 root     system           43 May 23 12:28 ee64a828.0 -> /var/ssl/certs/Comodo_AAA_Services_root.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 76cb8f92.0 -> /var/ssl/certs/Cybertrust_Global_Root.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 c28a8a30.0 -> /var/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx    1 root     system           52 May 23 12:28 d4dae3dd.0 -> /var/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx    1 root     system           33 May 23 12:28 2e5ac55d.0 -> /var/ssl/certs/DST_Root_CA_X3.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 b1159c4c.0 -> /var/ssl/certs/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 9d04f354.0 -> /var/ssl/certs/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 7f3d5d1d.0 -> /var/ssl/certs/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 3513523f.0 -> /var/ssl/certs/DigiCert_Global_Root_CA.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 607986c7.0 -> /var/ssl/certs/DigiCert_Global_Root_G2.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 dd8e9d41.0 -> /var/ssl/certs/DigiCert_Global_Root_G3.crt
lrwxrwxrwx    1 root     system           53 May 23 12:28 244b5494.0 -> /var/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx    1 root     system           43 May 23 12:28 75d1b2ed.0 -> /var/ssl/certs/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx    1 root     system           50 May 23 12:28 5273a94c.0 -> /var/ssl/certs/E-Tugra_Certification_Authority.crt
lrwxrwxrwx    1 root     system           25 May 23 12:28 349f2832.0 -> /var/ssl/certs/EC-ACC.crt
lrwxrwxrwx    1 root     system           60 May 23 12:28 aee5f10d.0 -> /var/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx    1 root     system           55 May 23 12:28 6b99d060.0 -> /var/ssl/certs/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           61 May 23 12:28 106f3e4d.0 -> /var/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx    1 root     system           60 May 23 12:28 02265526.0 -> /var/ssl/certs/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           60 May 23 12:28 5e98733a.0 -> /var/ssl/certs/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 0f6fa695.0 -> /var/ssl/certs/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 fa5da96b.0 -> /var/ssl/certs/GLOBALTRUST_2020.crt
lrwxrwxrwx    1 root     system           30 May 23 12:28 1001acf7.0 -> /var/ssl/certs/GTS_Root_R1.crt
lrwxrwxrwx    1 root     system           30 May 23 12:28 626dceaf.0 -> /var/ssl/certs/GTS_Root_R2.crt
lrwxrwxrwx    1 root     system           30 May 23 12:28 0a775a30.0 -> /var/ssl/certs/GTS_Root_R3.crt
lrwxrwxrwx    1 root     system           30 May 23 12:28 a3418fda.0 -> /var/ssl/certs/GTS_Root_R4.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 b0e59380.0 -> /var/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 1d3472b9.0 -> /var/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx    1 root     system           37 May 23 12:28 5ad8a5d6.0 -> /var/ssl/certs/GlobalSign_Root_CA.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 4a6481c9.0 -> /var/ssl/certs/GlobalSign_Root_CA_-_R2.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 062cdee6.0 -> /var/ssl/certs/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 dc4d6a89.0 -> /var/ssl/certs/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 feffd413.0 -> /var/ssl/certs/GlobalSign_Root_E46.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 002c0b4f.0 -> /var/ssl/certs/GlobalSign_Root_R46.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 f081611a.0 -> /var/ssl/certs/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 cbf06781.0 -> /var/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 ecccd8db.0 -> /var/ssl/certs/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx    1 root     system           46 May 23 12:28 9f727ac7.0 -> /var/ssl/certs/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx    1 root     system           78 May 23 12:28 7719f463.0 -> /var/ssl/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx    1 root     system           74 May 23 12:28 1636090b.0 -> /var/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx    1 root     system           74 May 23 12:28 32888f65.0 -> /var/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 3e45d192.0 -> /var/ssl/certs/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 68dd7389.0 -> /var/ssl/certs/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx    1 root     system           31 May 23 12:28 4042bcee.0 -> /var/ssl/certs/ISRG_Root_X1.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 ef954a4e.0 -> /var/ssl/certs/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx    1 root     system           52 May 23 12:28 1e08bfd1.0 -> /var/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx    1 root     system           29 May 23 12:28 cc450945.0 -> /var/ssl/certs/Izenpe.com.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 8160b96c.0 -> /var/ssl/certs/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx    1 root     system           64 May 23 12:28 8d89cda1.0 -> /var/ssl/certs/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx    1 root     system           64 May 23 12:28 bf53fb88.0 -> /var/ssl/certs/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx    1 root     system           60 May 23 12:28 3fb36b73.0 -> /var/ssl/certs/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 988a38cb.0 -> /var/ssl/certs/NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
lrwxrwxrwx    1 root     system           58 May 23 12:28 4304c5e5.0 -> /var/ssl/certs/Network_Solutions_Certificate_Authority.crt
lrwxrwxrwx    1 root     system           50 May 23 12:28 e73d606e.0 -> /var/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx    1 root     system           50 May 23 12:28 773e07ad.0 -> /var/ssl/certs/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx    1 root     system           40 May 23 12:28 749e9e03.0 -> /var/ssl/certs/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx    1 root     system           37 May 23 12:28 d7e8dc79.0 -> /var/ssl/certs/QuoVadis_Root_CA_2.crt
lrwxrwxrwx    1 root     system           40 May 23 12:28 064e0aa9.0 -> /var/ssl/certs/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx    1 root     system           37 May 23 12:28 76faf6c0.0 -> /var/ssl/certs/QuoVadis_Root_CA_3.crt
lrwxrwxrwx    1 root     system           40 May 23 12:28 e18bfb83.0 -> /var/ssl/certs/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx    1 root     system           62 May 23 12:28 f0c70a8d.0 -> /var/ssl/certs/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     system           65 May 23 12:28 06dc52d5.0 -> /var/ssl/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 0bf05006.0 -> /var/ssl/certs/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 6fa5da56.0 -> /var/ssl/certs/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx    1 root     system           34 May 23 12:28 fe8a2cd8.0 -> /var/ssl/certs/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 18856ac4.0 -> /var/ssl/certs/SecureSign_RootCA11.crt
lrwxrwxrwx    1 root     system           33 May 23 12:28 f39fc864.0 -> /var/ssl/certs/SecureTrust_CA.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 b66938e9.0 -> /var/ssl/certs/Secure_Global_CA.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 cd58d51e.0 -> /var/ssl/certs/Security_Communication_RootCA2.crt
lrwxrwxrwx    1 root     system           49 May 23 12:28 f3377b1b.0 -> /var/ssl/certs/Security_Communication_Root_CA.crt
lrwxrwxrwx    1 root     system           51 May 23 12:28 03179a64.0 -> /var/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.crt
lrwxrwxrwx    1 root     system           39 May 23 12:28 f387163d.0 -> /var/ssl/certs/Starfield_Class_2_CA.crt
lrwxrwxrwx    1 root     system           60 May 23 12:28 4bfab552.0 -> /var/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           69 May 23 12:28 09789157.0 -> /var/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 4f316efb.0 -> /var/ssl/certs/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx    1 root     system           43 May 23 12:28 57bcb2da.0 -> /var/ssl/certs/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx    1 root     system           47 May 23 12:28 1e09d511.0 -> /var/ssl/certs/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx    1 root     system           47 May 23 12:28 5443e9e3.0 -> /var/ssl/certs/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx    1 root     system           64 May 23 12:28 ff34af3f.0 -> /var/ssl/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 5f15c80c.0 -> /var/ssl/certs/TWCA_Global_Root_CA.crt
lrwxrwxrwx    1 root     system           52 May 23 12:28 b7a5b843.0 -> /var/ssl/certs/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 5cd81ad7.0 -> /var/ssl/certs/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx    1 root     system           33 May 23 12:28 7aaf71c0.0 -> /var/ssl/certs/TrustCor_ECA-1.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 5d3033c5.0 -> /var/ssl/certs/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx    1 root     system           41 May 23 12:28 3e44d2f7.0 -> /var/ssl/certs/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 f249de83.0 -> /var/ssl/certs/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx    1 root     system           68 May 23 12:28 9b5697b0.0 -> /var/ssl/certs/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx    1 root     system           68 May 23 12:28 d887a5bb.0 -> /var/ssl/certs/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 fd64f3fc.0 -> /var/ssl/certs/TunTrust_Root_CA.crt
lrwxrwxrwx    1 root     system           47 May 23 12:28 0f5dc4f3.0 -> /var/ssl/certs/UCA_Extended_Validation_Root.crt
lrwxrwxrwx    1 root     system           37 May 23 12:28 c01eb047.0 -> /var/ssl/certs/UCA_Global_G2_Root.crt
lrwxrwxrwx    1 root     system           56 May 23 12:28 f30dd6ad.0 -> /var/ssl/certs/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx    1 root     system           56 May 23 12:28 fc5a8f99.0 -> /var/ssl/certs/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx    1 root     system           39 May 23 12:28 706f604c.0 -> /var/ssl/certs/XRamp_Global_CA_Root.crt
lrwxrwxrwx    1 root     system           35 May 23 12:28 8d86cdd1.0 -> /var/ssl/certs/certSIGN_ROOT_CA.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 5f618aec.0 -> /var/ssl/certs/certSIGN_Root_CA_G2.crt
lrwxrwxrwx    1 root     system           40 May 23 12:28 e868b802.0 -> /var/ssl/certs/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx    1 root     system           52 May 23 12:28 ca6e4ad9.0 -> /var/ssl/certs/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 4b718d9b.0 -> /var/ssl/certs/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx    1 root     system           42 May 23 12:28 14bc7599.0 -> /var/ssl/certs/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 406c9bb1.0 -> /var/ssl/certs/emSign_Root_CA_-_C1.crt
lrwxrwxrwx    1 root     system           38 May 23 12:28 2923b3f9.0 -> /var/ssl/certs/emSign_Root_CA_-_G1.crt
drwxr-xr-x    3 root     system        20480 May 23 12:28 .

[root@HOST:/]> /usr/bin/c_rehash 
Doing /var/ssl/certs

[root@HOST:/]> ls -alrt /var/ssl/certs/
total 1104
-rw-r--r--    1 root     system           98 Nov 04 2021  README
-rw-r--r--    1 root     system         1302 Nov 04 2021  emSign_Root_CA_-_G1.crt
-rw-r--r--    1 root     system         1257 Nov 04 2021  emSign_Root_CA_-_C1.crt
-rw-r--r--    1 root     system          859 Nov 04 2021  emSign_ECC_Root_CA_-_G3.crt
-rw-r--r--    1 root     system          814 Nov 04 2021  emSign_ECC_Root_CA_-_C3.crt
-rw-r--r--    1 root     system         2033 Nov 04 2021  ePKI_Root_Certification_Authority.crt
-rw-r--r--    1 root     system          843 Nov 04 2021  e-Szigno_Root_CA_2017.crt
-rw-r--r--    1 root     system         1891 Nov 04 2021  certSIGN_Root_CA_G2.crt
-rw-r--r--    1 root     system         1176 Nov 04 2021  certSIGN_ROOT_CA.crt
-rw-r--r--    1 root     system         1513 Nov 04 2021  XRamp_Global_CA_Root.crt
-rw-r--r--    1 root     system         2094 Nov 04 2021  USERTrust_RSA_Certification_Authority.crt
-rw-r--r--    1 root     system          948 Nov 04 2021  USERTrust_ECC_Certification_Authority.crt
-rw-r--r--    1 root     system         1891 Nov 04 2021  UCA_Global_G2_Root.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  UCA_Extended_Validation_Root.crt
-rw-r--r--    1 root     system         2037 Nov 04 2021  TunTrust_Root_CA.crt
-rw-r--r--    1 root     system          969 Nov 04 2021  Trustwave_Global_ECC_P384_Certification_Authority.crt
-rw-r--r--    1 root     system          883 Nov 04 2021  Trustwave_Global_ECC_P256_Certification_Authority.crt
-rw-r--r--    1 root     system         2090 Nov 04 2021  Trustwave_Global_Certification_Authority.crt
-rw-r--r--    1 root     system         2204 Nov 04 2021  TrustCor_RootCert_CA-2.crt
-rw-r--r--    1 root     system         1513 Nov 04 2021  TrustCor_RootCert_CA-1.crt
-rw-r--r--    1 root     system         1493 Nov 04 2021  TrustCor_ECA-1.crt
-rw-r--r--    1 root     system         1870 Nov 04 2021  TeliaSonera_Root_CA_v1.crt
-rw-r--r--    1 root     system         1269 Nov 04 2021  TWCA_Root_Certification_Authority.crt
-rw-r--r--    1 root     system         1883 Nov 04 2021  TWCA_Global_Root_CA.crt
-rw-r--r--    1 root     system         1582 Nov 04 2021  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  T-TeleSec_GlobalRoot_Class_3.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  T-TeleSec_GlobalRoot_Class_2.crt
-rw-r--r--    1 root     system         2049 Nov 04 2021  SwissSign_Silver_CA_-_G2.crt
-rw-r--r--    1 root     system         2045 Nov 04 2021  SwissSign_Gold_CA_-_G2.crt
-rw-r--r--    1 root     system         1424 Nov 04 2021  Starfield_Services_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     system         1399 Nov 04 2021  Starfield_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     system         1468 Nov 04 2021  Starfield_Class_2_CA.crt
-rw-r--r--    1 root     system         1948 Nov 04 2021  Staat_der_Nederlanden_EV_Root_CA.crt
-rw-r--r--    1 root     system         1224 Nov 04 2021  Security_Communication_Root_CA.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  Security_Communication_RootCA2.crt
-rw-r--r--    1 root     system         1354 Nov 04 2021  Secure_Global_CA.crt
-rw-r--r--    1 root     system         1350 Nov 04 2021  SecureTrust_CA.crt
-rw-r--r--    1 root     system         1249 Nov 04 2021  SecureSign_RootCA11.crt
-rw-r--r--    1 root     system         1257 Nov 04 2021  SZAFIR_ROOT_CA2.crt
-rw-r--r--    1 root     system         2094 Nov 04 2021  SSL.com_Root_Certification_Authority_RSA.crt
-rw-r--r--    1 root     system          944 Nov 04 2021  SSL.com_Root_Certification_Authority_ECC.crt
-rw-r--r--    1 root     system         2114 Nov 04 2021  SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
-rw-r--r--    1 root     system          956 Nov 04 2021  SSL.com_EV_Root_Certification_Authority_ECC.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  QuoVadis_Root_CA_3_G3.crt
-rw-r--r--    1 root     system         2354 Nov 04 2021  QuoVadis_Root_CA_3.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  QuoVadis_Root_CA_2_G3.crt
-rw-r--r--    1 root     system         2041 Nov 04 2021  QuoVadis_Root_CA_2.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  QuoVadis_Root_CA_1_G3.crt
-rw-r--r--    1 root     system          895 Nov 04 2021  OISTE_WISeKey_Global_Root_GC_CA.crt
-rw-r--r--    1 root     system         1346 Nov 04 2021  OISTE_WISeKey_Global_Root_GB_CA.crt
-rw-r--r--    1 root     system         1411 Nov 04 2021  Network_Solutions_Certificate_Authority.crt
-rw-r--r--    1 root     system         1476 Nov 04 2021  NetLock_Arany_=Class_Gold=_Fotanusitvany.crt
-rw-r--r--    1 root     system         2013 Nov 04 2021  NAVER_Global_Root_Certification_Authority.crt
-rw-r--r--    1 root     system         2021 Nov 04 2021  Microsoft_RSA_Root_Certificate_Authority_2017.crt
-rw-r--r--    1 root     system          875 Nov 04 2021  Microsoft_ECC_Root_Certificate_Authority_2017.crt
-rw-r--r--    1 root     system         1460 Nov 04 2021  Microsec_e-Szigno_Root_CA_2009.crt
-rw-r--r--    1 root     system         2122 Nov 04 2021  Izenpe.com.crt
-rw-r--r--    1 root     system         1931 Nov 04 2021  IdenTrust_Public_Sector_Root_CA_1.crt
-rw-r--r--    1 root     system         1923 Nov 04 2021  IdenTrust_Commercial_Root_CA_1.crt
-rw-r--r--    1 root     system         1939 Nov 04 2021  ISRG_Root_X1.crt
-rw-r--r--    1 root     system         2074 Nov 04 2021  Hongkong_Post_Root_CA_3.crt
-rw-r--r--    1 root     system         1168 Nov 04 2021  Hongkong_Post_Root_CA_1.crt
-rw-r--r--    1 root     system         2155 Nov 04 2021  Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
-rw-r--r--    1 root     system         1513 Nov 04 2021  Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
-rw-r--r--    1 root     system         1017 Nov 04 2021  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
-rw-r--r--    1 root     system         2017 Nov 04 2021  HARICA_TLS_RSA_Root_CA_2021.crt
-rw-r--r--    1 root     system          867 Nov 04 2021  HARICA_TLS_ECC_Root_CA_2021.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  Go_Daddy_Root_Certificate_Authority_-_G2.crt
-rw-r--r--    1 root     system         1448 Nov 04 2021  Go_Daddy_Class_2_CA.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  GlobalSign_Root_R46.crt
-rw-r--r--    1 root     system          769 Nov 04 2021  GlobalSign_Root_E46.crt
-rw-r--r--    1 root     system         1972 Nov 04 2021  GlobalSign_Root_CA_-_R6.crt
-rw-r--r--    1 root     system         1229 Nov 04 2021  GlobalSign_Root_CA_-_R3.crt
-rw-r--r--    1 root     system         1354 Nov 04 2021  GlobalSign_Root_CA_-_R2.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  GlobalSign_Root_CA.crt
-rw-r--r--    1 root     system          794 Nov 04 2021  GlobalSign_ECC_Root_CA_-_R5.crt
-rw-r--r--    1 root     system          713 Nov 04 2021  GlobalSign_ECC_Root_CA_-_R4.crt
-rw-r--r--    1 root     system          769 Nov 04 2021  GTS_Root_R4.crt
-rw-r--r--    1 root     system          769 Nov 04 2021  GTS_Root_R3.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  GTS_Root_R2.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  GTS_Root_R1.crt
-rw-r--r--    1 root     system         1972 Nov 04 2021  GLOBALTRUST_2020.crt
-rw-r--r--    1 root     system         1980 Nov 04 2021  GDCA_TrustAUTH_R5_ROOT.crt
-rw-r--r--    1 root     system         2244 Nov 04 2021  Entrust_Root_Certification_Authority_-_G4.crt
-rw-r--r--    1 root     system         1533 Nov 04 2021  Entrust_Root_Certification_Authority_-_G2.crt
-rw-r--r--    1 root     system         1090 Nov 04 2021  Entrust_Root_Certification_Authority_-_EC1.crt
-rw-r--r--    1 root     system         1643 Nov 04 2021  Entrust_Root_Certification_Authority.crt
-rw-r--r--    1 root     system         1505 Nov 04 2021  Entrust.net_Premium_2048_Secure_Server_CA.crt
-rw-r--r--    1 root     system         1911 Nov 04 2021  EC-ACC.crt
-rw-r--r--    1 root     system         2244 Nov 04 2021  E-Tugra_Certification_Authority.crt
-rw-r--r--    1 root     system         1988 Nov 04 2021  DigiCert_Trusted_Root_G4.crt
-rw-r--r--    1 root     system         1367 Nov 04 2021  DigiCert_High_Assurance_EV_Root_CA.crt
-rw-r--r--    1 root     system          839 Nov 04 2021  DigiCert_Global_Root_G3.crt
-rw-r--r--    1 root     system         1294 Nov 04 2021  DigiCert_Global_Root_G2.crt
-rw-r--r--    1 root     system         1338 Nov 04 2021  DigiCert_Global_Root_CA.crt
-rw-r--r--    1 root     system          851 Nov 04 2021  DigiCert_Assured_ID_Root_G3.crt
-rw-r--r--    1 root     system         1306 Nov 04 2021  DigiCert_Assured_ID_Root_G2.crt
-rw-r--r--    1 root     system         1350 Nov 04 2021  DigiCert_Assured_ID_Root_CA.crt
-rw-r--r--    1 root     system         1200 Nov 04 2021  DST_Root_CA_X3.crt
-rw-r--r--    1 root     system         1537 Nov 04 2021  D-TRUST_Root_Class_3_CA_2_EV_2009.crt
-rw-r--r--    1 root     system         1517 Nov 04 2021  D-TRUST_Root_Class_3_CA_2_2009.crt
-rw-r--r--    1 root     system         1318 Nov 04 2021  Cybertrust_Global_Root.crt
-rw-r--r--    1 root     system         1517 Nov 04 2021  Comodo_AAA_Services_root.crt
-rw-r--r--    1 root     system         2053 Nov 04 2021  Certum_Trusted_Root_CA.crt
-rw-r--r--    1 root     system         2078 Nov 04 2021  Certum_Trusted_Network_CA_2.crt
-rw-r--r--    1 root     system         1354 Nov 04 2021  Certum_Trusted_Network_CA.crt
-rw-r--r--    1 root     system          891 Nov 04 2021  Certum_EC-384_CA.crt
-rw-r--r--    1 root     system         2264 Nov 04 2021  Certigna_Root_CA.crt
-rw-r--r--    1 root     system         1330 Nov 04 2021  Certigna.crt
-rw-r--r--    1 root     system         2086 Nov 04 2021  COMODO_RSA_Certification_Authority.crt
-rw-r--r--    1 root     system          940 Nov 04 2021  COMODO_ECC_Certification_Authority.crt
-rw-r--r--    1 root     system         1489 Nov 04 2021  COMODO_Certification_Authority.crt
-rw-r--r--    1 root     system         1984 Nov 04 2021  CFCA_EV_ROOT.crt
-rw-r--r--    1 root     system         1935 Nov 04 2021  CA_Disig_Root_R2.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  Buypass_Class_3_Root_CA.crt
-rw-r--r--    1 root     system         1915 Nov 04 2021  Buypass_Class_2_Root_CA.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  Baltimore_CyberTrust_Root.crt
-rw-r--r--    1 root     system         2167 Nov 04 2021  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
-rw-r--r--    1 root     system         1261 Nov 04 2021  Atos_TrustedRoot_2011.crt
-rw-r--r--    1 root     system          737 Nov 04 2021  Amazon_Root_CA_4.crt
-rw-r--r--    1 root     system          656 Nov 04 2021  Amazon_Root_CA_3.crt
-rw-r--r--    1 root     system         1883 Nov 04 2021  Amazon_Root_CA_2.crt
-rw-r--r--    1 root     system         1188 Nov 04 2021  Amazon_Root_CA_1.crt
-rw-r--r--    1 root     system          753 Nov 04 2021  AffirmTrust_Premium_ECC.crt
-rw-r--r--    1 root     system         1891 Nov 04 2021  AffirmTrust_Premium.crt
-rw-r--r--    1 root     system         1204 Nov 04 2021  AffirmTrust_Networking.crt
-rw-r--r--    1 root     system         1204 Nov 04 2021  AffirmTrust_Commercial.crt
-rw-r--r--    1 root     system         2049 Nov 04 2021  Actalis_Authentication_Root_CA.crt
-rw-r--r--    1 root     system         2118 Nov 04 2021  ANF_Secure_Server_Root_CA.crt
-rw-r--r--    1 root     system          904 Nov 04 2021  AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
-rw-r--r--    1 root     system         1972 Nov 04 2021  AC_RAIZ_FNMT-RCM.crt
-rw-r--r--    1 root     system         2772 Nov 04 2021  ACCVRAIZ1.crt
drwxr-xr-x    4 root     system          256 Nov 04 2021  ..
drwxr-xr-x    6 root     system         4096 May 23 12:28 extracted
lrwxrwxrwx    1 root     system           65 May 23 12:28 ca-bundle.trust.crt -> /opt/freeware/etc/ssl/certs/extracted/openssl/ca-bundle.trust.crt
lrwxrwxrwx    1 root     system           59 May 23 12:28 ca-bundle.crt -> /opt/freeware/etc/ssl/certs/extracted/pem/tls-ca-bundle.pem
drwxr-xr-x    3 root     system        20480 May 25 09:29 .

[root@HOST:/]> yum clean all
Cleaning repos: AIX_Toolbox AIX_Toolbox_72 AIX_Toolbox_noarch
Cleaning up Everything

[root@HOST:/]> yum upgrade
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml:">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again

    Will analyse further!

    With kind regards,



    ------------------------------
    Stephan Dietl
    ------------------------------

    Original Message