如何从系统中删除证书颁发机构的证书?


15

ca-certificates软件包刚刚更新,它对我的​​Xubuntu 13.10系统造成了以下更改:

Running hooks in /etc/ca-certificates/update.d....
Adding debian:CA_Disig_Root_R1.pem
Adding debian:CA_Disig_Root_R2.pem
Adding debian:China_Internet_Network_Information_Center_EV_Certificates_Root.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_2009.pem
Adding debian:D-TRUST_Root_Class_3_CA_2_EV_2009.pem
Adding debian:PSCProcert.pem
Adding debian:StartCom_Certification_Authority_2.pem
Adding debian:Swisscom_Root_CA_2.pem
Adding debian:Swisscom_Root_EV_CA_2.pem
Adding debian:TURKTRUST_Certificate_Services_Provider_Root_2007.pem
Adding debian:Verisign_Class_3_Public_Primary_Certification_Authority_2.pem
Removing debian:cacert.org_class3.pem
Removing debian:cacert.org_root.pem
Removing debian:Equifax_Secure_eBusiness_CA_2.pem
Removing debian:TC_TrustCenter_Universal_CA_III.pem

我已经决定我不信任其中一些CA,并且希望删除其证书。我怎么做?

Answers:


27

sudo dpkg-reconfigure ca-certificates

那应该给您一个列表,您可以在其中取消选择CA。

CA列表存储在文件中/etc/ca-certificates.conf。如果您手动编辑此文件,则需要运行

sudo update-ca-certificates

更新实际的证书/etc/ssl/certs/(如果使用dpkg-reconfigure,则自动完成)。

请参阅/usr/share/doc/ca-certificates/README.Debian以获取更多信息。


1
这项工作完美无缺,并且比我预期的要容易得多。Debian贡献者因使它如此简单而值得称赞。感谢您的回答!
John Feminella 2014年

确保您没有打开包管理器。
philcolbourn 2015年

我下载了一个证书,当我双击它时,gcr-viewer打开,并允许我使用root密码导入它。但是导入后,文件/etc/ca-certificates.conf中不包含该文件,您知道吗?这里的问题是:askubuntu.com/questions/749073/...
水瓶座电
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.