After my message “Dnf update fails on ssl certificate problem” I decided that the problem is that I need to update the CA certificate. My file (link) /etc/pki/tls/certs/ca-bundle.crt is dated 2024 (when installing AlmaLinux 9).
Previously, the update was done by extracting the certificate file after #update-ca-trust force-enable
then cp it to /etc/pki/ca-trust/source/anchors
But now force-enable cannot be specified at all, and after #update-ca-trust
in the directory /etc/pki/ca-trust/extracted, not a file is created, but 4 subdirectories, including the pem subdirectory.
And which file should now be copied to /etc/pki/ca-trust/source/anchors is unclear.
If I don’t copy anything, the subsequent command #update-ca-trust extract
I must apologize for the inaccurate last sentence in the my message.
It’s just that I haven’t worked as a sysadmin for many years, the results were obtained on my home PC, where I am busy with other work - and there is no free time for the functions of a home sysadmin.
After executing #update-ca-trust extract
there are no EXTERNAL changes - /etc/ssl/cert.pem remains externally unchanged, and
Curl error (60) when working with mirrors.almalinux.org (which is why I updated the entire trusted CA bundle) also remains…
In fact, the situation with trusted CA bundle in AlmaLinux 9.6 is as follows:
/etc/ssl/cert.pem has an unchanged link to the file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/ssl/certs/ca-bundle.crt has an unchanged link to the file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/ssl/ca-bundle.trust.crt has an unchanged link to the file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
But both files /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
and
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
when executing #update-ca-trust extract
new ones are generated.
So everything works according to the RHEL 9 manual