Arch Linux

trusktr

Banned

From: .earth

Registered: 2010-02-18

Posts: 907

Website

CA Certificates: What are they? Why install package?

Hey all,

What's the purpose of the having the ca-certificates package?  Can I run my system just fine without them?

Are they some type of tracking protocol that will monitor who I am on the internet by leaving a digital signature?

Another reason I'm asking is because the Open JAVA (openjdk6) package requires ca-certificates-java, which requires ca-certificates, whereas the Sun JAVA (jre) package doesn't require any ca-certificate package.

I'm leaning towards Sun's implementation instead of the open source one, for that reason.

Last edited by trusktr (2010-02-24 22:14:29)

---

joe@trusktr.io - joe at true skater dot io.

trusktr

Banned

From: .earth

Registered: 2010-02-18

Posts: 907

Website

Re: CA Certificates: What are they? Why install package?

jre or openjdk6?

And if openjdk6, what's with ca-certs?

Last edited by trusktr (2010-02-24 22:19:46)

---

joe@trusktr.io - joe at true skater dot io.

anonymous_user

Member

Registered: 2009-08-28

Posts: 3,059

Re: CA Certificates: What are they? Why install package?

ca-certificates:

This package includes PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections.

It includes, among others, certificate authorities used by the Debian infrastructure and those shipped with Mozilla's browsers.

Please note that certificate authorities whose certificates are included in this package are not in any way audited for trustworthiness and RFC 3647 compliance, and that full responsibility to assess them belongs to the local system administrator.

ca-certificates-java:

This package uses the hooks of the ca-certificates package to update the cacerts JKS keystore used for many java runtimes.

Its nothing to be paranoid about

trusktr

Banned

From: .earth

Registered: 2010-02-18

Posts: 907

Website

Re: CA Certificates: What are they? Why install package?

Hmmm... so what exactly is it used for? I red that before, but i don't get it.

Is it for people who run servers and websites off of their machines?

---

joe@trusktr.io - joe at true skater dot io.

anonymous_user

Member

Registered: 2009-08-28

Posts: 3,059

Re: CA Certificates: What are they? Why install package?

They're used when you make an SSL connection to a site/server.

Last edited by anonymous_user (2010-02-25 01:10:58)

brianhanna

Member

Registered: 2009-10-30

Posts: 157

Re: CA Certificates: What are they? Why install package?

The certs verify that the website you're connecting to is actually the one you think it is.  Google "man in the middle attack".  That's why they're important.

trusktr

Banned

From: .earth

Registered: 2010-02-18

Posts: 907

Website

Re: CA Certificates: What are they? Why install package?

Hmmmm... so if I install the closed source Sun version of Java, does it put me at risk since it doesn't require the ca-certs?

Any preference over which Java to install?

---

joe@trusktr.io - joe at true skater dot io.

fsckd

Forum Fellow

Registered: 2009-06-15

Posts: 4,173

Re: CA Certificates: What are they? Why install package?

Are you aware of the difference between http and https? That's usually where people are first introduced to SSL.

Use whatever you want. A few other programs besides java depend upon ca-certificates.

---

aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

bangkok_manouel

Member

From: indicates a starting point

Registered: 2005-02-07

Posts: 1,556

Re: CA Certificates: What are they? Why install package?

Search engines: What are they? Why not spamming arch forums?

toxygen

Member

Registered: 2008-08-22

Posts: 713

Re: CA Certificates: What are they? Why install package?

I think it's a valid question.  CA certificates are used as a web of trust sort of thing, where browsers and other apps "trust" the certificate issuer to be legit.  of course if this issuer is undermined/spoofed/otherwise hacked we'd all be in trouble, but so far (apparently) they're doing a good job of staying trustworthy.

in a perfect world™ we wouldnt need it, but, alas, we don't live in a perfect world, and we must give in to trusting ca certificates.  once google starts becoming the only issuer of certificates, though, i'm disconnecting from the internet permanently

j/k

---

"I know what you're thinking, 'cause right now I'm thinking the same thing. Actually, I've been thinking it ever since I got here:
Why oh why didn't I take the BLUE pill?"

Dieter@be

Forum Fellow

From: Belgium

Registered: 2006-11-05

Posts: 2,001

Website

Re: CA Certificates: What are they? Why install package?

The certs verify that the website you're connecting to is actually the one you think it is.  Google "man in the middle attack".  That's why they're important.

... only if you trust the big corporations with the big pockets

---

< Daenyth> and he works prolifically
4 8 15 16 23 42

trusktr

Banned

From: .earth

Registered: 2010-02-18

Posts: 907

Website

Re: CA Certificates: What are they? Why install package?

Hmmm, interesting! Well, you see, indeed this is a Linux oriented question, and I'm asking on here because this is my first time ever using Linux, with Arch Linux. Windows never mentioned CA-certs during install of anything. Everything "just works" in windows so any dummy can just start doing things without knowing anything.

Thanks for the info you guys, especially you toxygen!

---

joe@trusktr.io - joe at true skater dot io.

trusktr

Banned

From: .earth

Registered: 2010-02-18

Posts: 907

Website

Re: CA Certificates: What are they? Why install package?

P.S., that's why this is the "newbie corner" corner, bankok! haha.

---

joe@trusktr.io - joe at true skater dot io.