[Unbound-users] SSL certificate warning

Robert Edmonds edmonds at debian.org
Wed Mar 19 20:16:40 UTC 2014


Updating from the SVN repository results in this prompt on Debian

    Error validating server certificate for 'https://unbound.nlnetlabs.nl:443':
     - The certificate is not issued by a trusted authority. Use the
       fingerprint to validate the certificate manually!
    Certificate information:
     - Hostname: *.nlnetlabs.nl
     - Valid: from May 21 08:07:03 2013 GMT until May 21 08:07:03 2015 GMT
     - Issuer: http://www.CAcert.org, CAcert Inc.
     - Fingerprint: DA:7B:71:F4:FB:A1:D8:BA:9C:DB:F4:0F:2D:76:69:27:0D:79:F4:DE
    Certificate problem.
    (R)eject, accept (t)emporarily or accept (p)ermanently?

The cause is the CAcert.org root certificate being removed from the
default CA certificate bundle in Debian:


(There is an LWN article about this -- http://lwn.net/Articles/590879/
-- but it is subscriber-only.)

Apparently Ubuntu and FreeBSD have also removed the CAcert.org
certificate from their default certificate bundles, too.

Robert Edmonds
edmonds at debian.org

More information about the Unbound-users mailing list