Untrusted but not blacklisted certificate found

xiaomeimei 8 декабря, 2015 - 15:03

Общие вопросы

Меня беспокоят вот эти вот, выделенные восклицательными знаками, фразы капсом UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND при емерже ca-certificates.
Что это? Кто виноват? Что делать? Как заблеклистить эти сертификаты?

Гугл выдал около трёх тем на форумах с таким же вопросом без ответов.

# emerge -1 ca-certificates
Calculating dependencies... done!

>>> Verifying ebuild manifests

>>> Emerging (1 of 1) app-misc/ca-certificates-20150426.3.20-r1::gentoo
 * ca-certificates_20150426.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...  [ ok ]
 * nss-3.20.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                  [ ok ]
 * nss-3.14.1-add_spi+cacerts_ca_certs.patch SHA256 SHA512 WHIRLPOOL size ;-) ...        [ ok ]
>>> Unpacking source...
>>> Unpacking ca-certificates_20150426.tar.xz to /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work
>>> Unpacking nss-3.20.tar.gz to /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work
>>> Unpacking nss-3.14.1-add_spi+cacerts_ca_certs.patch to /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work
unpack nss-3.14.1-add_spi+cacerts_ca_certs.patch: file format not recognized. Ignoring.
>>> Source unpacked in /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work
>>> Preparing source in /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work ...
 * Applying nss-3.14.1-add_spi+cacerts_ca_certs.patch ...                [ ok ]
 * Applying ca-certificates-20150426-root.patch ...                      [ ok ]
 * Applying ca-certificates-20150426-nss-certdata2pem-py3.patch ...      [ ok ]
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work ...
>>> Source configured.
>>> Compiling source in /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work ...
make -j3 -C /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work/ca-certificates/mozilla
make: Entering directory '/var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work/ca-certificates/mozilla'
python certdata2pem.py
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust a pb.com certificate that does not comply with the baseline requirements."
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "UTN-USER First-Network Applications".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Ignoring certificate "UTN USERFirst Object Root CA".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Certificate "MD5 Collisions Forged Rogue CA 25c3" blacklisted, ignoring.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrusted AC DG Tresor SSL"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "ComSign Secured CA".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Ignoring certificate "TC TrustCenter Universal CA III".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Mozilla Addons"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Global Trustee"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus GMail"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Google"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Skype"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Yahoo 1"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Yahoo 2"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Yahoo 3"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus live.com"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Root CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Services 1024 CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Cyber CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Cyber CA 2nd"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted DigiNotar PKIoverheid"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted DigiNotar PKIoverheid G2"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "MITM subCA 1 issued by Trustwave"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "MITM subCA 2 issued by Trustwave"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "TURKTRUST Mis-issued Intermediate CA 1"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "TURKTRUST Mis-issued Intermediate CA 2"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "USERTrust-temporary-intermediate-after-1024bit-removal".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Ignoring certificate "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted MCSHOLDING CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Found duplicate certificate name Verisign_Class_3_Public_Primary_Certification_Authority.crt, renaming.
Found duplicate certificate name StartCom_Certification_Authority.crt, renaming.
make: Leaving directory '/var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work/ca-certificates/mozilla'
Updating certificates in /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work/image/etc/ssl/certs...
178 added, 0 removed; done.
Running hooks in /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/work/image/etc/ca-certificates/update.d...
done.
>>> Source compiled.
>>> Test phase [not enabled]: app-misc/ca-certificates-20150426.3.20-r1

>>> Install ca-certificates-20150426.3.20-r1 into /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/image/ category app-misc
>>> Completed installing ca-certificates-20150426.3.20-r1 into /var/tmp/portage/app-misc/ca-certificates-20150426.3.20-r1/image/

ecompressdir: bzip2 -9 /usr/share/man
ecompressdir: bzip2 -9 /usr/share/doc

>>> Installing (1 of 1) app-misc/ca-certificates-20150426.3.20-r1::gentoo
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.

 * GNU info directory index is up-to-date.

Для комментирования войдите или зарегистрируйтесь

А какие флаги стоят? emerge

Автор SysA, дата создания 8 декабря, 2015 - 16:27.

А какие флаги стоят?

emerge -pv ca-certificates

Для комментирования войдите или зарегистрируйтесь

Никаких особенных: [ebuild

Автор xiaomeimei, дата создания 10 декабря, 2015 - 06:58.

Никаких особенных:
[ebuild R ] app-misc/ca-certificates-20150426.3.20-r1::gentoo USE="cacert" 0 KiB
cacert : Include root certs from CAcert (http://www.cacert.org/) and Software in the Public Interest (http://www.spi-inc.org/)
При отключенном флаге - всё равно пишет про недоверенные сертификаты.

Для комментирования войдите или зарегистрируйтесь

Настройки просмотра комментариев

Выберите нужный метод показа комментариев и нажмите "Сохранить установки".

Вход в аккаунт

Меню

Навигация

Обсуждаемые темы

Новые записи в блогах

Сейчас на сайте

Сбор новостей

Untrusted but not blacklisted certificate found

А какие флаги стоят? emerge

Никаких особенных: [ebuild

Настройки просмотра комментариев