ca-certificates is broken and needs an update
Alpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I need to add to the list of trusted ones on Alpine for the connection to succeed.
- get their certificate via this command:
openssl s_client -starttls smtp -showcerts -connect mail.amur-cit.ru:587
from the output of that command I copy 1st (well, 0th in terms of that command’s output) certificate from the certificate chain.
-
save it into a file on Alpine node as /usr/local/share/ca-certificates/mail.amur-cit.ru.crt
-
run update-ca-certificates
result:
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
On a Debian-based node that was enough to add the certificate to the list of trusted ones, the output there was the following:
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.
(from redmine: issue id 9935, created on 2019-01-29, closed on 2019-01-29)
- Changesets:
- Revision e52ca18a by Natanael Copa on 2019-01-29T16:26:25Z:
main/ca-certificates: upgrade to 20190108
fixes #9935
- Revision ef889967 by Natanael Copa on 2019-05-27T12:31:10Z:
main/ca-certificates: upgrade to 20190108
fixes #9935
- Revision acbc0e0a by Natanael Copa on 2019-05-27T12:35:15Z:
main/ca-certificates: upgrade to 20190108
fixes #9935