| 1 | | 1) Curl is missing a runtime dependency libwww-perl. Need for mk-ca-bundle.pl . |
| 2 | | |
| 3 | | 2) If libwww-perl is not installed and /etc/ssl/ca-bundle.crt already exists, then make-ca.sh does not update the certificates and returns a success return code. i.e. processes the old existing certificates instead. |
| 4 | | |
| 5 | | Also, perhaps a Note is in order on the Certificate Authority Certificates page about the libwww-perl dependency? |
| | 1 | Do not use mk-ca-bundle.pl, instead revive old method without external dependencies. Combine all functionality into single script with out of band trust contained in both /etc/pki/nssdb and /etc/ssl/certs. Add /etc/pki/anchors as trusted source for p11-kit and use libp11-kit.so as a replacement for libnssckbi.so (NSS and p11-kit instructions) via symlink to provide complete PKI setup from single source. Note that RedHat and SUSE use NSS version of file rather than latest release branch, and provide multiple sources for certdata.txt. |
