Today I got an issue regarding a certificate issued by Sectigo (https://sectigo.com) I don't have issues with chromium, but I'm unable to use tools like curl that uses the system certificates. If I manually add the following certificate I have no problems: https://www.tbs-certificates.co.uk/FAQ/en/SectigoRSADomainValidationSecureServerCA.html Please consider if it should be installed. Thanks
1) We never add any certificates on our own. We use whatever Mozilla is shipping (through Debian). So you would have to ask Mozilla... BUT... I don't think there's a missing certificate: 1) Which app-misc/ca-certificates version are you using? 2) Tell us how you built curl (GnuTLS and OpenSSL for example can pick different certificate paths). 3) Logs! It's still possible that you connect to a different endpoint then I do and that your endpoint is just miss-configured while my endoint works. At least we will need the certificate including chain send by server to you... That said, I cannot reproduce your report with current ca-certificates-20190110.3.43 in ~arch.
There was a missing intermediate certificate. Sorry for the spam
