Certifs ssl cheloux... normal ou pas? (résolu)

sonador · Février 20, 2016, 6:08pm

hi,

Bon, c’est juste pour êre sûr : dans mon répertoire Certs, j’ai tout une ch… de certificats venus d’on ne sait où. Un extrait :

02b73561.0 Comodo_Secure_Services_root.pem
0481cb65.0 Comodo_Trusted_Services_root.pem
052e396b.0 d2adc77d.0
06d75f4b.0 d537fba6.0
0c364b2d.0 d78a75c7.0
0dbd0096.0 d8274e24.0
0e82f83a.0 d8bcd705.0
10d149a2.0 ddc328ff.0
11a09b38.0 Digital_Signature_Trust_Co._Global_CA_1.pem
11f154d6.0 Digital_Signature_Trust_Co._Global_CA_2.pem
124bbd54.0 Digital_Signature_Trust_Co._Global_CA_3.pem
128b9c8d.0 Digital_Signature_Trust_Co._Global_CA_4.pem
1689a10b.0 e268a4c5.0
19899da5.0 e28f6bbc.0
256fd83b.0 e5662767.0
2edf7016.0 e7b8d656.0
2fb1850a.0 ed049835.0
31044350.0 ed524cf5.0
3ad48a91.0 ed62f4e3.0
3c58f906.0 Entrust.net_Global_Secure_Personal_CA.pem
3e223c08.0 Entrust.net_Global_Secure_Server_CA.pem

Je ne sais pas d’où ça vient, hormis que soit je les ai récupéré en faisant un apt-get update, auquel cas je suppose qu’ils ont leur utilité, soit… soit c’est inquiétant…

Quelqu’un peut me dire à quoi ça corresponds? Merci d’avance (je dormirai mieux quand je saurais). Ca m’est déjà arrivé deux fois, je crois, et je les avais alors dégagé et changé mes mots de passe (trop de café, que voulez-vous… ca rends nerveux).

Merci d’avance pour l’info.

Chris

sonador · Février 20, 2016, 6:08pm

Muarf ! Personne sait? Ca me surprends beaucoup, pour le coup.

Thx,
Chris

mattotop · Février 20, 2016, 6:08pm

C’est ceux là ?[code]roc@ROC:~$ dpkg -L ca-certificates
/.
/usr
/usr/sbin
/usr/sbin/update-ca-certificates
/usr/share
/usr/share/man
/usr/share/man/man8
/usr/share/man/man8/update-ca-certificates.8.gz
/usr/share/doc
/usr/share/doc/ca-certificates
/usr/share/doc/ca-certificates/NEWS.Debian.gz
/usr/share/doc/ca-certificates/README.Debian
/usr/share/doc/ca-certificates/oldpemfiles
/usr/share/doc/ca-certificates/copyright
/usr/share/doc/ca-certificates/changelog.gz
/usr/share/ca-certificates
/usr/share/ca-certificates/cacert.org
/usr/share/ca-certificates/cacert.org/cacert.org.crt
/usr/share/ca-certificates/cacert.org/root.crt
/usr/share/ca-certificates/cacert.org/class3.crt
/usr/share/ca-certificates/telesec.de
/usr/share/ca-certificates/telesec.de/deutsche-telekom-root-ca-2.crt
/usr/share/ca-certificates/quovadis.bm
/usr/share/ca-certificates/quovadis.bm/QuoVadis_Root_Certification_Authority.crt
/usr/share/ca-certificates/brasil.gov.br
/usr/share/ca-certificates/brasil.gov.br/brasil.gov.br.crt
/usr/share/ca-certificates/gouv.fr
/usr/share/ca-certificates/gouv.fr/cert_igca_rsa.crt
/usr/share/ca-certificates/gouv.fr/cert_igca_dsa.crt
/usr/share/ca-certificates/signet.pl
/usr/share/ca-certificates/signet.pl/signet_pca2_pem.crt
/usr/share/ca-certificates/signet.pl/signet_ca1_pem.crt
/usr/share/ca-certificates/signet.pl/signet_ca3_pem.crt
/usr/share/ca-certificates/signet.pl/signet_ca2_pem.crt
/usr/share/ca-certificates/signet.pl/signet_rootca_pem.crt
/usr/share/ca-certificates/signet.pl/signet_ocspklasa3_pem.crt
/usr/share/ca-certificates/signet.pl/signet_ocspklasa2_pem.crt
/usr/share/ca-certificates/signet.pl/signet_pca3_pem.crt
/usr/share/ca-certificates/signet.pl/signet_tsa1_pem.crt
/usr/share/ca-certificates/debconf.org
/usr/share/ca-certificates/debconf.org/ca.crt
/usr/share/ca-certificates/spi-inc.org
/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt
/usr/share/ca-certificates/spi-inc.org/spi-ca-2003.crt
/usr/share/ca-certificates/mozilla
/usr/share/ca-certificates/mozilla/Firmaprofesional_Root_CA.crt
/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
/usr/share/ca-certificates/mozilla/NetLock_Qualified_=Class_QA=Root.crt
/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA-G2.crt
/usr/share/ca-certificates/mozilla/Thawte_Personal_Freemail_CA.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_2_Public_Primary_Certification_Authority-_G2.crt
/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Thawte_Personal_Basic_CA.crt
/usr/share/ca-certificates/mozilla/StartCom_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/Digital_Signature_Trust_Co.Global_CA_1.crt
/usr/share/ca-certificates/mozilla/Equifax_Secure_eBusiness_CA_1.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Global_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/IPS_CLASE1_root.crt
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
/usr/share/ca-certificates/mozilla/America_Online_Root_Certification_Authority_1.crt
/usr/share/ca-certificates/mozilla/NetLock_Notary=Class_A=Root.crt
/usr/share/ca-certificates/mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority-G2.crt
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
/usr/share/ca-certificates/mozilla/ABAecom=sub.__Am._Bankers_Assn.=Root_CA.crt
/usr/share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
/usr/share/ca-certificates/mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt
/usr/share/ca-certificates/mozilla/TC_TrustCenter__Germany__Class_2_CA.crt
/usr/share/ca-certificates/mozilla/GeoTrust_Global_CA_2.crt
/usr/share/ca-certificates/mozilla/Thawte_Time_Stamping_CA.crt
/usr/share/ca-certificates/mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt
/usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/ValiCert_Class_2_VA.crt
/usr/share/ca-certificates/mozilla/RSA_Root_Certificate_1.crt
/usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt
/usr/share/ca-certificates/mozilla/Swisscom_Root_CA_1.crt
/usr/share/ca-certificates/mozilla/AddTrust_Public_Services_Root.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/RSA_Security_2048_v3.crt
/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA-_G2.crt
/usr/share/ca-certificates/mozilla/Wells_Fargo_Root_CA.crt
/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Personal_CA.crt
/usr/share/ca-certificates/mozilla/Camerfirma_Global_Chambersign_Root.crt
/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Global_Secure_Personal_CA.crt
/usr/share/ca-certificates/mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt
/usr/share/ca-certificates/mozilla/Comodo_Trusted_Services_root.crt
/usr/share/ca-certificates/mozilla/RSA_Security_1024_v3.crt
/usr/share/ca-certificates/mozilla/Entrust.net_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
/usr/share/ca-certificates/mozilla/Digital_Signature_Trust_Co.Global_CA_2.crt
/usr/share/ca-certificates/mozilla/beTRUSTed_Root_CA.crt
/usr/share/ca-certificates/mozilla/UTN_USERFirst_Object_Root_CA.crt
/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
/usr/share/ca-certificates/mozilla/Camerfirma_Chambers_of_Commerce_Root.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_4_Public_Primary_Certification_Authority-G3.crt
/usr/share/ca-certificates/mozilla/GTE_CyberTrust_Root_CA.crt
/usr/share/ca-certificates/mozilla/Thawte_Premium_Server_CA.crt
/usr/share/ca-certificates/mozilla/Verisign_RSA_Secure_Server_CA.crt
/usr/share/ca-certificates/mozilla/AddTrust_Low-Value_Services_Root.crt
/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
/usr/share/ca-certificates/mozilla/Certum_Root_CA.crt
/usr/share/ca-certificates/mozilla/Visa_International_Global_Root_2.crt
/usr/share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
/usr/share/ca-certificates/mozilla/beTRUSTed_Root_CA-Entrust_Implementation.crt
/usr/share/ca-certificates/mozilla/UTN_USERFirst_Hardware_Root_CA.crt
/usr/share/ca-certificates/mozilla/IPS_CLASEA3_root.crt
/usr/share/ca-certificates/mozilla/Equifax_Secure_eBusiness_CA_2.crt
/usr/share/ca-certificates/mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt
/usr/share/ca-certificates/mozilla/Comodo_Secure_Services_root.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_2_Public_Primary_Certification_Authority-G3.crt
/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_1_Public_Primary_Certification_Authority-G2.crt
/usr/share/ca-certificates/mozilla/Verisign_Time_Stamping_Authority_CA.crt
/usr/share/ca-certificates/mozilla/NetLock_Business=Class_B=Root.crt
/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA.crt
/usr/share/ca-certificates/mozilla/beTRUSTed_Root_CA-RSA_Implementation.crt
/usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA-R2.crt
/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
/usr/share/ca-certificates/mozilla/StartCom_Ltd…crt
/usr/share/ca-certificates/mozilla/IPS_CLASEA1_root.crt
/usr/share/ca-certificates/mozilla/UTN-USER_First-Network_Applications.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_1_Public_Primary_Certification_Authority-G3.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_4_Public_Primary_Certification_Authority-_G2.crt
/usr/share/ca-certificates/mozilla/IPS_Timestamping_root.crt
/usr/share/ca-certificates/mozilla/AddTrust_Qualified_Certificates_Root.crt
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
/usr/share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
/usr/share/ca-certificates/mozilla/Thawte_Personal_Premium_CA.crt
/usr/share/ca-certificates/mozilla/TDC_OCES_Root_CA.crt
/usr/share/ca-certificates/mozilla/DST_ACES_CA_X6.crt
/usr/share/ca-certificates/mozilla/America_Online_Root_Certification_Authority_2.crt
/usr/share/ca-certificates/mozilla/ValiCert_Class_1_VA.crt
/usr/share/ca-certificates/mozilla/Visa_eCommerce_Root.crt
/usr/share/ca-certificates/mozilla/Digital_Signature_Trust_Co.Global_CA_3.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/Equifax_Secure_Global_eBusiness_CA.crt
/usr/share/ca-certificates/mozilla/SwissSign_Platinum_CA-G2.crt
/usr/share/ca-certificates/mozilla/Thawte_Server_CA.crt
/usr/share/ca-certificates/mozilla/TC_TrustCenter__Germany__Class_3_CA.crt
/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
/usr/share/ca-certificates/mozilla/IPS_Chained_CAs_root.crt
/usr/share/ca-certificates/mozilla/TDC_Internet_Root_CA.crt
/usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority-G3.crt
/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
/usr/share/ca-certificates/mozilla/UTN_DATACorp_SGC_Root_CA.crt
/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
/usr/share/ca-certificates/mozilla/Sonera_Class_1_Root_CA.crt
/usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority-G5.crt
/usr/share/ca-certificates/mozilla/NetLock_Express=Class_C=_Root.crt
/usr/share/ca-certificates/mozilla/IPS_CLASE3_root.crt
/usr/share/ca-certificates/mozilla/IPS_Servidores_root.crt
/usr/share/ca-certificates/mozilla/UTN_USERFirst_Email_Root_CA.crt
/usr/share/ca-certificates/mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt
/usr/share/ca-certificates/mozilla/Taiwan_GRCA.crt
/etc
/etc/ssl
/etc/ssl/certs
/etc/ca-certificates
/etc/ca-certificates/update.d
roc@ROC:~$ aptitude show ca-certificates
Paquet : ca-certificates
État: installé
Automatiquement installé: non
Version : 20080809
Priorité : optionnel
Section : misc
Responsable : Philipp Kern pkern@debian.org
Taille décompressée : 766k
Dépend: openssl, debconf (>= 0.5) | debconf-2.0
Description : Common CA certificates
This package includes PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections.

It includes, among others, certificate authorities used by the Debian infrastructure and those shipped with Mozilla’s browsers.

Please note that certificate authorities whose certificates are included in this package are not in any way audited for trustworthiness and RFC 3647
compliance, and that full responsibility to assess them belongs to the local system administrator.
[/code]Ca te rassure ?

sonador · Février 20, 2016, 6:08pm

Oui!

Je dirai même ca répond à un truc que je ne comprenais pas, initialement. Thank you!