[Solved] Https/SSL certificates missing

jamjarman · 2016-04-04 01:24:16

Yesterday I opened google chrome only to find that every site which used https was blocked with the chrome warning about the sites key being invalid. When I checked the settings menu I found that I had no CA root certs (honestly not sure if this is normal, I've never looked at it before).

Using nss and certutils I ran certutil -d sql:$HOME/.pki/nssdb -L and got nothing. I then added a few root CA's so that I could do things like google search and access my password manager. I added these through google chrome and they now show up when I run certutil -d sql:$HOME/.pki/nssdb -L.

I have already checked that my clock is correct, it is off by less than a minute. I have also checked my packages with pacman -Qk and I had no errors. Finally I did an update with pacman -Syu and again had no errors.

I'm not sure what happened as I didn't do anything the day that all my certs dissapeared. I have been looking for a way to simply add all of them back. I did find a file of the mozilla approved root CA's but google chrome won't load them (It throws an unkown error for each one). I'm not sure at this point what the best way to get all the certs back as securely as possible is but given that I can't access large portions of the internet it's definitely a problem. Any help would be appreciated.

Last edited by jamjarman (2016-04-06 14:40:14)

x33a · 2016-04-04 06:29:06

So, this problem only happens with chrome? Have you tried re-installing nss.

jamjarman · 2016-04-04 12:58:04

This problem occurs in chrome, firefox, and chromium. I have tried re-installing nss, it didn't make any difference. Will pacman -Rdd remove all the files or will it leave stuff that's going to be kept by the re installation?

loqs · 2016-04-04 18:51:49

What is the status of the ca-certificates package?

jamjarman · 2016-04-04 20:11:02

loqs wrote:

What is the status of the ca-certificates package?

Turns out it wasn't installed. After installing that and rebooting everything seems fine. I have no idea now if I somehow removed them or if not how I got on for the past 3 months without them, but thank you for such an easy fix!

x33a · 2016-04-05 05:16:38

This happened probably because of

pacman -Rdd

Where did you learn to use it? It skips dependency checks and you can easily remove an important package which might come back to bite you in the future. As for ca-certificates not being installed, check your pacman.log file, it was probably installed previously.

jamjarman · 2016-04-05 22:12:48

Yep that would be the issue. I think I found it in a thread somewhere that recommended it for cleaning up your root directory. It definitely helped with that but obviously I'll have to be more careful in the future.

x33a · 2016-04-06 04:53:34

Please mark the thread as solved.

Arch Linux

#1 2016-04-04 01:24:16

[Solved] Https/SSL certificates missing

#2 2016-04-04 06:29:06

Re: [Solved] Https/SSL certificates missing

#3 2016-04-04 12:58:04

Re: [Solved] Https/SSL certificates missing

#4 2016-04-04 18:51:49

Re: [Solved] Https/SSL certificates missing

#5 2016-04-04 20:11:02

Re: [Solved] Https/SSL certificates missing

#6 2016-04-05 05:16:38

Re: [Solved] Https/SSL certificates missing

#7 2016-04-05 22:12:48

Re: [Solved] Https/SSL certificates missing

#8 2016-04-06 04:53:34

Re: [Solved] Https/SSL certificates missing

Board footer