You are not logged in.
Hey all,
What's the purpose of the having the ca-certificates package? Can I run my system just fine without them?
Are they some type of tracking protocol that will monitor who I am on the internet by leaving a digital signature?
Another reason I'm asking is because the Open JAVA (openjdk6) package requires ca-certificates-java, which requires ca-certificates, whereas the Sun JAVA (jre) package doesn't require any ca-certificate package.
I'm leaning towards Sun's implementation instead of the open source one, for that reason.
Last edited by trusktr (2010-02-24 22:14:29)
joe@trusktr.io - joe at true skater dot io.
Offline
jre or openjdk6?
And if openjdk6, what's with ca-certs?
Last edited by trusktr (2010-02-24 22:19:46)
joe@trusktr.io - joe at true skater dot io.
Offline
ca-certificates:
This package includes PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections.
It includes, among others, certificate authorities used by the Debian infrastructure and those shipped with Mozilla's browsers.
Please note that certificate authorities whose certificates are included in this package are not in any way audited for trustworthiness and RFC 3647 compliance, and that full responsibility to assess them belongs to the local system administrator.
ca-certificates-java:
This package uses the hooks of the ca-certificates package to update the cacerts JKS keystore used for many java runtimes.
Its nothing to be paranoid about
Offline
Hmmm... so what exactly is it used for? I red that before, but i don't get it.
Is it for people who run servers and websites off of their machines?
joe@trusktr.io - joe at true skater dot io.
Offline
They're used when you make an SSL connection to a site/server.
Last edited by anonymous_user (2010-02-25 01:10:58)
Offline
The certs verify that the website you're connecting to is actually the one you think it is. Google "man in the middle attack". That's why they're important.
Offline
Hmmmm... so if I install the closed source Sun version of Java, does it put me at risk since it doesn't require the ca-certs?
Any preference over which Java to install?
joe@trusktr.io - joe at true skater dot io.
Offline
Are you aware of the difference between http and https? That's usually where people are first introduced to SSL.
Use whatever you want. A few other programs besides java depend upon ca-certificates.
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
Search engines: What are they? Why not spamming arch forums?
Offline
I think it's a valid question. CA certificates are used as a web of trust sort of thing, where browsers and other apps "trust" the certificate issuer to be legit. of course if this issuer is undermined/spoofed/otherwise hacked we'd all be in trouble, but so far (apparently) they're doing a good job of staying trustworthy.
in a perfect world™ we wouldnt need it, but, alas, we don't live in a perfect world, and we must give in to trusting ca certificates. once google starts becoming the only issuer of certificates, though, i'm disconnecting from the internet permanently
j/k
"I know what you're thinking, 'cause right now I'm thinking the same thing. Actually, I've been thinking it ever since I got here:
Why oh why didn't I take the BLUE pill?"
Offline
The certs verify that the website you're connecting to is actually the one you think it is. Google "man in the middle attack". That's why they're important.
... only if you trust the big corporations with the big pockets
< Daenyth> and he works prolifically
4 8 15 16 23 42
Offline
Hmmm, interesting! Well, you see, indeed this is a Linux oriented question, and I'm asking on here because this is my first time ever using Linux, with Arch Linux. Windows never mentioned CA-certs during install of anything. Everything "just works" in windows so any dummy can just start doing things without knowing anything.
Thanks for the info you guys, especially you toxygen!
joe@trusktr.io - joe at true skater dot io.
Offline
P.S., that's why this is the "newbie corner" corner, bankok! haha.
joe@trusktr.io - joe at true skater dot io.
Offline