Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
"untrusted but not blacklisted certificate found"
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Dzierzymiecz
n00b
n00b


Joined: 14 Mar 2010
Posts: 9

PostPosted: Thu Aug 10, 2017 11:38 am    Post subject: "untrusted but not blacklisted certificate found" Reply with quote

Hey, just updated ca-certs and i got:

Code:

>>> Emerging (1 of 1) app-misc/ca-certificates-20161130.3.30.2::gentoo
 * ca-certificates_20161130.tar.xz SHA256 SHA512 WHIRLPOOL size ;-) ...                                                        [ ok ]
 * nss-3.30.2.tar.gz SHA256 SHA512 WHIRLPOOL size ;-) ...                                                                      [ ok ]
>>> Downloading 'http://distfiles.gentoo.org/distfiles/nss-cacert-class1-class3.patch'
--2017-08-10 13:34:16--  http://distfiles.gentoo.org/distfiles/nss-cacert-class1-class3.patch
Resolving distfiles.gentoo.org... 216.165.129.135, 140.211.166.134, 64.50.236.52, ...
Connecting to distfiles.gentoo.org|216.165.129.135|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22950 (22K) [text/plain]
Saving to: ‘/var/repo/gentoo/distfiles/nss-cacert-class1-class3.patch’

/var/repo/gentoo/di 100%[===================>]  22,41K  48,6KB/s    in 0,5s   

2017-08-10 13:34:17 (48,6 KB/s) - ‘/var/repo/gentoo/distfiles/nss-cacert-class1-class3.patch’ saved [22950/22950]

 * nss-cacert-class1-class3.patch SHA256 SHA512 WHIRLPOOL size ;-) ...                                                         [ ok ]
>>> Unpacking source...
>>> Unpacking ca-certificates_20161130.tar.xz to /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work
>>> Unpacking nss-3.30.2.tar.gz to /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work
>>> Unpacking nss-cacert-class1-class3.patch to /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work
unpack nss-cacert-class1-class3.patch: file format not recognized. Ignoring.
>>> Source unpacked in /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work
>>> Preparing source in /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work ...
 * Applying nss-cacert-class1-class3.patch ...                                                                                 [ ok ]
 * Applying ca-certificates-20150426-root.patch ...                                                                            [ ok ]
>>> Source prepared.
>>> Configuring source in /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work ...
>>> Source configured.
>>> Compiling source in /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work ...
make -j4 -C /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work/ca-certificates/mozilla
make: Entering directory '/var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work/ca-certificates/mozilla'
python certdata2pem.py
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust a pb.com certificate that does not comply with the baseline requirements."
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "UTN USERFirst Object Root CA".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
Certificate "MD5 Collisions Forged Rogue CA 25c3" blacklisted, ignoring.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrusted AC DG Tresor SSL"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "ComSign Secured CA".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Mozilla Addons"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Global Trustee"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus GMail"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Google"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Skype"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Yahoo 1"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Yahoo 2"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus Yahoo 3"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Bogus live.com"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Root CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Services 1024 CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Cyber CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrust DigiNotar Cyber CA 2nd"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted DigiNotar PKIoverheid"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted DigiNotar PKIoverheid G2"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "MITM subCA 1 issued by Trustwave"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "MITM subCA 2 issued by Trustwave"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "TURKTRUST Mis-issued Intermediate CA 1"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "TURKTRUST Mis-issued Intermediate CA 2"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ignoring certificate "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal".  SAUTH=CKT_NSS_MUST_VERIFY_TRUST, EPROT=CKT_NSS_MUST_VERIFY_TRUST
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Explicitly Distrusted MCSHOLDING CA"
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Found duplicate certificate name b'StartCom_Certification_Authority', renaming.
Found duplicate certificate name b'CAcert_Inc.', renaming.
make: Leaving directory '/var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work/ca-certificates/mozilla'
 * To prevent applications relying on system's trusted root certificate store
 * from using CAs where at least one major browser vendor Gentoo is following
 * has decided to apply trust level restrictions, the following
 * certificate(s) were removed:
 * mozilla/StartCom_Certification_Authority_2.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/WoSign_China.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/StartCom_Certification_Authority.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/Certification_Authority_of_WoSign_G2.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/StartCom_Certification_Authority_G2.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/WoSign.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/CA_WoSign_ECC_Root.crt removed; see https://bugs.gentoo.org/598072 for details
Updating certificates in /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work/image/etc/ssl/certs...
163 added, 0 removed; done.
Running hooks in /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/work/image/etc/ca-certificates/update.d...
done.
>>> Source compiled.
>>> Test phase [not enabled]: app-misc/ca-certificates-20161130.3.30.2

>>> Install ca-certificates-20161130.3.30.2 into /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/image/ category app-misc
>>> Completed installing ca-certificates-20161130.3.30.2 into /var/tmp/portage/app-misc/ca-certificates-20161130.3.30.2/image/

 * Final size of build directory: 54432 KiB
 * Final size of installed tree: 1704 KiB

ecompressdir: bzip2 -9 /usr/share/man
ecompressdir: bzip2 -9 /usr/share/doc

>>> Installing (1 of 1) app-misc/ca-certificates-20161130.3.30.2::gentoo

 * Messages for package app-misc/ca-certificates-20161130.3.30.2:

 * To prevent applications relying on system's trusted root certificate store
 * from using CAs where at least one major browser vendor Gentoo is following
 * has decided to apply trust level restrictions, the following
 * certificate(s) were removed:
 * mozilla/StartCom_Certification_Authority_2.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/WoSign_China.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/StartCom_Certification_Authority.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/Certification_Authority_of_WoSign_G2.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/StartCom_Certification_Authority_G2.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/WoSign.crt removed; see https://bugs.gentoo.org/598072 for details
 * mozilla/CA_WoSign_ECC_Root.crt removed; see https://bugs.gentoo.org/598072 for details
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.


Is this normal?
Back to top
View user's profile Send private message
jonys
n00b
n00b


Joined: 13 Dec 2016
Posts: 4

PostPosted: Sun Feb 04, 2018 6:43 am    Post subject: Re: "untrusted but not blacklisted certificate found&qu Reply with quote

Dzierzymiecz wrote:
Hey, just updated ca-certs and i got:

Code:
[…]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: "Distrust a pb.com certificate that does not comply with the baseline requirements."
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[…]


Is this normal?


According to this other thread, you can safely ignore these errors.

I'm replying here, because this question is the first result in Google for this problem.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum