Bug ID 918944
Summary update-ca-certificates does not add a private CA certificate to system wide certificate store as documented
Classification openSUSE
Product openSUSE Distribution
Version 13.2
Hardware x86-64
OS openSUSE 13.2
Status NEW
Severity Major
Priority P5 - None
Component Basesystem
Assignee bnc-team-screening@forge.provo.novell.com
Reporter bockhold@cmab.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101
Firefox/35.0
Build Identifier: 

Documentation under /usr/share/doc/packages/ca-certificates/README tells me to
copy my private CA certificate to /etc/pki/trust and then run
/usr/sbin/update-ca-certificates to add my certificate to the system wide
certificate store.

Even run with --verbose the script does not add the certificate to any store
and does not show any signs of error or success.

My CA obviously is not added as for example the LDAP-client cannot validate the
server-side certificate signed by this CA.

Reproducible: Always

Steps to Reproduce:
1. create a CA, export the CA-certificate to your client
on the client:
2. cp mycacrt.pem /etc/pki/trust/mycacrt.pem
3. update-ca-certificates --verbose
Actual Results:  
Output:
running /usr/lib/ca-certificates/update.d/50java.run ...
creating /var/lib/ca-certificates/java-cacerts ...
running /usr/lib/ca-certificates/update.d/70openssl.run ...
creating /var/lib/ca-certificates/openssl ...
running /usr/lib/ca-certificates/update.d/80etc_ssl.run ...
running /usr/lib/ca-certificates/update.d/99certbundle.run ...
creating /var/lib/ca-certificates/ca-bundle.pem ...

Expected Results:  
Show that a new certificate is found.
Add it to the system wide certificate store.
Print a corresponding message to console as to inform user.

Problem is reproducible on any openSUSE client. Debian client works like a
charm with cp mycacert.pem /usr/local/share/ca-certificates/mycacert.pem &&
update-ca-certificates.

You are receiving this mail because: