如何从系统中删除证书颁发机构的证书?
ca-certificates包刚刚更新,它在我的Xubuntu 13.10系统上引起了以下更改:
Running hooks in /etc/ca-certificates/update.d.... Adding debian:CA_Disig_Root_R1.pem Adding debian:CA_Disig_Root_R2.pem Adding debian:China_Internet_Network_Information_Center_EV_Certificates_Root.pem Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem Adding debian:PSCProcert.pem Adding debian:StartCom_Certification_Authority_2.pem Adding debian:Swisscom_Root_CA_2.pem Adding debian:Swisscom_Root_EV_CA_2.pem Adding debian:TURKTRUST_Certificate_Services_Provider_Root_2007.pem Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem Removing debian:cacert.org_class3.pem Removing debian:cacert.org_root.pem Removing debian:Equifax_Secure_eBusiness_CA_2.pem Removing debian:TC_TrustCenter_Universal_CA_III.pem
我已经决定不相信其中一些CA,我想删除他们的证书。 我怎么做?
跑
sudo dpkg-reconfigure ca-certificates
这应该为您提供一个列表,您可以在其中取消选择CA.
CA列表存储在文件/etc/ca-certificates.conf 。 如果手动编辑此文件,则需要运行
sudo update-ca-certificates
更新/etc/ssl/certs/的实际证书(如果使用自动完成的dpkg-reconfigure )。
有关更多信息,请参阅/usr/share/doc/ca-certificates/README.Debian 。