chaosphere2112/gist:89ee62d4d73632d7dd75

Created September 16, 2014 19:40

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/chaosphere2112/89ee62d4d73632d7dd75.js"></script>
Save chaosphere2112/89ee62d4d73632d7dd75 to your computer and use it in GitHub Desktop.

Download ZIP

CentOS CA Certificate Fix

Raw

gistfile1.txt


	$ yum install ca-certificates
	$ update-ca-trust enable
	$ cp foo.crt /etc/pki/ca-trust/source/anchors/
	$ update-ca-trust extract

Author

chaosphere2112 commented Dec 3, 2014

If you are receiving this error message when running update-ca-trust enable:

update-ca-trust: nss 32 bit is installed. You should install p11-kit-trust 32 bit.
update-ca-trust: aborting, because the nss / p11-kit setup is inconsistent.

then you have something funky in your setup.

The script has what could be considered a bug; if you have 32-bit nss installed, but not 32-bit p11-kit, and you have 64-bit nss & p11-kit, it will spit out errors and quit, even though it can run just fine.

To check if what files you have installed, see what you get from these:

32-bit p11-kit:

which /usr/lib/p11-kit/p11-kit-redhat-setup-trust

64-bit p11-kit:

which /usr/lib64/p11-kit/p11-kit-redhat-setup-trust

32-bit NSS:

which /usr/lib/nss/libnssckbi.so

64-bit NSS:

which /usr/lib64/nss/libnssckbi.so

If you have either 32 or 64 bit of both P11-kit and NSS, you can successfully circumvent this issue by using update-ca-trust force-enable. update-ca-trust extract should work just fine.

bbodenmiller commented Mar 15, 2017

Alternatively rather than force enabling you could install the missing packages: sudo yum install p11-kit.i686 p11-kit-trust.i686

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment