There exist two certificates in /etc/ssl/certs that I'd like to permanently remove. However, just deleting the pem files doesn't do it - those are regenerated when ca-certificates is updated. How could I go about permanently marking a certificate as "untrusted"?
-
2See related on Ask Ubuntu– heavydCommented Feb 23, 2015 at 21:09
Add a comment
|
1 Answer
On my Linux Mint 17.1, the /etc/ssl/certs directory contains one actual file (ca-certificates.crt) and about 500 links to files in /usr/share/ca-certificates/mozilla/ . If you went to the target directory and deleted the unwanted files there, you might have slightly more permanent deletion.
But, the ca-certificates package looks like it would just re-create all the files again when it's updated, so you could either stop updating that package, or delete the unwanted files each time after it updates.
Or best looking, the answer linked in the comment above looks like it should work to "de-select" some certificates by running:
sudo dpkg-reconfigure ca-certificates
