System and Network configuration • apt and aptitude don't recognise my CA certificate

I've been running my own certificate authority on my home network for well over ten years now, and it's been working fine. Now it's time to make a new once, since the old one expires soon.
So I created one, just as before, using "openssl ca". Had a little trouble with changing requirements (my old openssl.cnf still mentioned Netscape!), but at last I finished it and used it to create a server certificate. After a lot of fiddling and reading instructions, my iPad works with it, my iPhone works with it, Firefox on Linux likes it, and it even works on Windows.
The only boxes that don't like it are my three Debian boxes (one testing, two stable). Aptitude and "apt-get update" fail on reading my local repository (containing stuff I've written): its server is running Apache2, using the new CA and server certificate. When I run apt-get update, for example, I get

Err:1 https://www.mydomain.net/Debian local InRelease                                                                        Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 192.168.x.x 443]

I've tried lots of suggestions that I've seen on the net. I have the CA certificate in /usr/share/ca-certificates, I've run "dpkg-reconfigure ca-certificates", I've run "update-ca-certificates" (with and without "--fresh"), but nothing seems to help.
Suggestions appreciated.

Statistics: Posted by rjmx — 2024-05-07 03:42 — Replies 0 — Views 27

---