Re: new tls-cert-store and cert-bundle methods

On Mon, Oct 14, 2024 at 09:40:38AM +0200, Dag-Erling Smørgrav wrote:
>void <void@f-m.fm> writes:
>> Now that we have system tls-cert-store, if one needs to reference
>> a tls-cert-bundle like provided by ca_root_nss, do we need
>> to concatenate all of the certs listed in /usr/share/certs/trusted
>> into, for example cert.pem then symlink /etc/ssl/cert.pem to
>> that concatenated file?
>
>This is being worked on.  For now, if you need a bundle, just install
>ca_root_nss, which has the same contents as the system store but in
>bundle form.

Thank you for this info. I have encountered one consequence of the above
situation very recently that stopped a port from initially functioning:
deskutils/nextcloudclient .  

It gave "The issuer certificate of a locally looked up certificate could not be
found" with the cloud's letsencrypt cert. Installation of ca_root-nss allowed
syncing up to the cloud to proceed via nextcloudclient. Access via web browser
was never an issue.
--