There exist two certificates in /etc/ssl/certs
that I'd like to permanently remove. However, just deleting the pem files doesn't do it - those are regenerated when ca-certificates
is updated. How could I go about permanently marking a certificate as "untrusted"?
-
2See related on Ask Ubuntu– heavydCommented Feb 23, 2015 at 21:09
1 Answer
On my Linux Mint 17.1, the /etc/ssl/certs
directory contains one actual file (ca-certificates.crt
) and about 500 links to files in /usr/share/ca-certificates/mozilla/
. If you went to the target directory and deleted the unwanted files there, you might have slightly more permanent deletion.
But, the ca-certificates
package looks like it would just re-create all the files again when it's updated, so you could either stop updating that package, or delete the unwanted files each time after it updates.
Or best looking, the answer linked in the comment above looks like it should work to "de-select" some certificates by running:
sudo dpkg-reconfigure ca-certificates