Please note, I plan to turn this into a tutorial when I get it solved, which is the reason for the language used. IF YOU ARE READING THIS THREAD, DO NOT DO WHAT I'VE DONE because it doesn't work. (hopefully, I'll be able to post a working tutorial when this thread is closed.)
Also, please note, I'm aware of the privacy and tracking issues inherit in installing this certificate.
I needed to install the Internet Rimon on Ubuntu 20.04 LTS.
Please note, I use “Rimon Classic.”
I did an ISO install of Ubuntu LTS 20.04 and needed to import Internet Rimon’s myca.crt into ca-certificates.conf.
Download the certificate from Internet Rimon:
Code:
foo@foo-ubuntu-lts:~$ wget https://212.76.127.4/stlib/certificate/myca.crt
foo@foo-ubuntu-lts:~$ sudo cp ~/Downloads/myca.crt /usr/share/ca-certificates/extra/myca.crt
foo@foo-ubuntu-lts:~$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Updating Mono key store
Mono Certificate Store Sync - version 6.8.0.105
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
Importing into legacy system store:
I already trust 128, your new list has 128
Import process completed.
Importing into BTLS system store:
I already trust 128, your new list has 128
Import process completed.
Done
done.
Code:
sudo nano /etc/ca-certificates.conf
Make sure the last line reads extra/myca.crt and not !extra/myca.crt
However, when i try to run snap, i get
However,
Code:
foo@foo-ubuntu-lts~$ sudo apt install mlocate
[sudo] password for foo:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
nocache
The following NEW packages will be installed:
mlocate
0 upgraded, 1 newly installed, 0 to remove and 34 not upgraded.
Need to get 0 B/50.1 kB of archives.
After this operation, 258 kB of additional disk space will be used.
Selecting previously unselected package mlocate.
(Reading database ... 188958 files and directories currently installed.)
Preparing to unpack .../mlocate_0.26-3ubuntu3_amd64.deb ...
Unpacking mlocate (0.26-3ubuntu3) ...
Setting up mlocate (0.26-3ubuntu3) ...
update-alternatives: using /usr/bin/mlocate to provide /usr/bin/locate (locate) in auto mode
Adding group `mlocate' (GID 133) ...
Done.
Initializing mlocate database; this may take some time... done
Processing triggers for man-db (2.9.1-1) ...
Try to address "rehash: warning: skipping myca.pem,it does not contain exactly one certificate or CRL”
so
Code:
foo@foo-ubuntu-lts:~$ sudo keytool -printcert -file /etc/ssl/certs/myca.pem
Owner: EMAILADDRESS=support@netspark.com, CN=www.netspark.com, OU=Netspark RIM, O=Netspark, L=New York, ST=New York, C=US
Issuer: EMAILADDRESS=support@netspark.com, CN=www.netspark.com, OU=Netspark RIM, O=Netspark, L=New York, ST=New York, C=US
Serial number: b7484333ebb094c2
Valid from: Thu Jul 14 17:06:50 IDT 2016 until: Wed Jul 09 17:06:50 IDT 2036
Certificate fingerprints:
SHA1: 1E:CF:5F:F1:EC:B6:6B:61:1F:7E:CA:DA:B6:EA:97:9C:02:E2:24:C6
SHA256: 77:61:78:39:F4:EE:DB:0E:79:B9:14:24:51:B5:26:57:0D:01:57:A4:29:3C:EC:C6:7E:B3:32:7D:FA:0C:5D:58
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.netspark.com
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 1D 9D C6 15 93 95 B0 46 02 96 43 56 C0 C6 22 7D .......F..CV..".
0010: C5 03 2F A5 ../.
]
]
#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#4: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1D 9D C6 15 93 95 B0 46 02 96 43 56 C0 C6 22 7D .......F..CV..".
0010: C5 03 2F A5 ../.
]
]
Based on something I read in a forum I tried
Code:
foo@foo-ubuntu-lts~$ sudo apt-get install --reinstall openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 34 not upgraded.
Need to get 621 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://il.archive.ubuntu.com/ubuntu focal/main amd64 openssl amd64 1.1.1f-1ubuntu2 [621 kB]
Fetched 621 kB in 0s (1,641 kB/s)
(Reading database ... 189321 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.1f-1ubuntu2_amd64.deb ...
Unpacking openssl (1.1.1f-1ubuntu2) over (1.1.1f-1ubuntu2) ...
Setting up openssl (1.1.1f-1ubuntu2) ...
Processing triggers for man-db (2.9.1-1) ...
foo@foo-ubuntu-lts:~$ sudo snap install deezer-unofficial-player
error: cannot perform the following tasks:
- Download snap "deezer-unofficial-player" (6) from channel "stable" (Get https://canonical-lcy01.cdn.snapcraf...505f035c2e2f6: x509: certificate signed by unknown authority)
- Download snap "gnome-3-28-1804" (116) from channel "stable" (Get https://canonical-bos01.cdn.snapcraf...interactive=1: x509: certificate signed by unknown authority)up openssl (1.1.1f-1ubuntu2) ...
Processing triggers for man-db (2.9.1-1) ...
foo@foo-ubuntu-lts:~$ sudo snap install deezer-unofficial-player
error: cannot perform the following tasks:
- Download snap "deezer-unofficial-player" (6) from channel "stable" (Get https://canonical-lcy01.cdn.snapcraf...505f035c2e2f6: x509: certificate signed by unknown authority)
- Download snap "gnome-3-28-1804" (116) from channel "stable" (Get https://canonical-bos01.cdn.snapcraf...interactive=1: x509: certificate signed by unknown authority)
Can anyone spot what the issue is?
Adv Reply
Originally Posted by eliyahujerusalem
Bookmarks