Quote:
Originally Posted by mergen3107
So we need to do something like this but on Kindle itself and with Amazon-specific parts too, right? |
*) Similar.
That only adds the root certificates for cacert.org, certificate authority.
You want to replace current with the entire set of current ca root certificates.
*) Need not be done on the Kindle, only the end result needs to be on the Kindle.
*) Do not expect the Kindle to have the Debian/Ubunta certificate installer command available.
*) There is no "Amazon specific" parts.
Amazon is not a root ca, so they purchase the use of an existing certificate authority's root. Just like normal people have to.
= = = = =
Your first step is to do as I advised you to do, download the current Debian package:
https://packages.debian.org/jessie/ca-certificates
(So scroll to the bottom of that page for the link. Click the list of files on the right to see what you will be getting in the package.)
or
https://packages.debian.org/jessie/a...cates/download
(Ignore the advice in the big red box, Kindles are not that similar to Debian/Jessie.)
Download to a directory, your choice of name, for this specific purpose.
Now, in that same directory which now has ONLY the ca-certificates package, make a new directory, your choice of name, to hold the contents.
Open the Debian package with your archive handling tool, and extract the contents to the directory which you just made for the purpose.
On my machine, I just used the path:
ca-cert/20170517-deb/
for the two directories - they don't have to be that name, but that name path will remind you of what to expect when you reach the end.
The lowest level path directory name includes the most recent update date of the package.
Now you archiver will have created the paths included in the archive. In:
ca-cert/20170517-deb/usr/bin
You will find a script file that installs the package on a Debian system.
Use that as a guide to what needs to be translated to a set of Kindle directions, DO NOT use something you stumbled upon on the 'net as your guide.
in ca-cert/20170517-deb/etc/ssl/certs - that is where the symbolic links are at in a Debian system, I expect that in a Amazon system that has not been change.
But it might have, so check it (I don't have a current K4 running so that I can give you specific directions).
in ca-cert/20170517-deb/usr/share/ca-certificates
you will find two directories -
Those have the new content you want to use to replace the existing, out-dated, content on your Kindle.
They probably will not need any processing other than moving.
But first find the location on the Kindle that holds things of similar filename, just to be sure.
Do whatever you find necessary to make what you have, fit into the directory tree structure that the Kindle uses.
For instance: in ca-cert/20170517-deb/usr/share/ca-certificates/mozilla
directory (at end of file tree) has 173 current certificate authority root certificates.
You don't want to rename those files, but you do have to put them on the Kindle's file system (where the old ones now are at) and put symbolic links to them (wherever the Kindle's file system has the links to the old ones currently installed).
Code:
Downloads $ tree ca-cert
ca-cert
├── 20170517-deb
│ ├── DEBIAN
│ │ ├── config
│ │ ├── control
│ │ ├── md5sums
│ │ ├── postinst
│ │ ├── postrm
│ │ ├── templates
│ │ └── triggers
│ ├── etc
│ │ ├── ca-certificates
│ │ │ └── update.d
│ │ └── ssl
│ │ └── certs
│ └── usr
│ ├── sbin
│ │ └── update-ca-certificates
│ └── share
│ ├── ca-certificates
│ │ ├── mozilla
│ │ │ ├── ACCVRAIZ1.crt
│ │ │ ├── ACEDICOM_Root.crt
│ │ │ ├── AC_Raíz_Certicámara_S.A..crt
│ │ │ ├── Actalis_Authentication_Root_CA.crt
│ │ │ ├── AddTrust_External_Root.crt
│ │ │ ├── AddTrust_Low-Value_Services_Root.crt
│ │ │ ├── AddTrust_Public_Services_Root.crt
│ │ │ ├── AddTrust_Qualified_Certificates_Root.crt
│ │ │ ├── AffirmTrust_Commercial.crt
│ │ │ ├── AffirmTrust_Networking.crt
│ │ │ ├── AffirmTrust_Premium.crt
│ │ │ ├── AffirmTrust_Premium_ECC.crt
│ │ │ ├── ApplicationCA_-_Japanese_Government.crt
│ │ │ ├── Atos_TrustedRoot_2011.crt
│ │ │ ├── Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
│ │ │ ├── Baltimore_CyberTrust_Root.crt
│ │ │ ├── Buypass_Class_2_CA_1.crt
│ │ │ ├── Buypass_Class_2_Root_CA.crt
│ │ │ ├── Buypass_Class_3_Root_CA.crt
│ │ │ ├── CA_Disig_Root_R1.crt
│ │ │ ├── CA_Disig_Root_R2.crt
│ │ │ ├── Camerfirma_Chambers_of_Commerce_Root.crt
│ │ │ ├── Camerfirma_Global_Chambersign_Root.crt
│ │ │ ├── CA_WoSign_ECC_Root.crt
│ │ │ ├── Certification_Authority_of_WoSign_G2.crt
│ │ │ ├── Certigna.crt
│ │ │ ├── Certinomis_-_Autorité_Racine.crt
│ │ │ ├── Certinomis_-_Root_CA.crt
│ │ │ ├── Certplus_Class_2_Primary_CA.crt
│ │ │ ├── Certplus_Root_CA_G1.crt
│ │ │ ├── Certplus_Root_CA_G2.crt
│ │ │ ├── certSIGN_ROOT_CA.crt
│ │ │ ├── Certum_Root_CA.crt
│ │ │ ├── Certum_Trusted_Network_CA_2.crt
│ │ │ ├── Certum_Trusted_Network_CA.crt
│ │ │ ├── CFCA_EV_ROOT.crt
│ │ │ ├── Chambers_of_Commerce_Root_-_2008.crt
│ │ │ ├── China_Internet_Network_Information_Center_EV_Certificates_Root.crt
│ │ │ ├── CNNIC_ROOT.crt
│ │ │ ├── Comodo_AAA_Services_root.crt
│ │ │ ├── COMODO_Certification_Authority.crt
│ │ │ ├── COMODO_ECC_Certification_Authority.crt
│ │ │ ├── COMODO_RSA_Certification_Authority.crt
│ │ │ ├── Comodo_Secure_Services_root.crt
│ │ │ ├── Comodo_Trusted_Services_root.crt
│ │ │ ├── ComSign_CA.crt
│ │ │ ├── Cybertrust_Global_Root.crt
│ │ │ ├── Deutsche_Telekom_Root_CA_2.crt
│ │ │ ├── DigiCert_Assured_ID_Root_CA.crt
│ │ │ ├── DigiCert_Assured_ID_Root_G2.crt
│ │ │ ├── DigiCert_Assured_ID_Root_G3.crt
│ │ │ ├── DigiCert_Global_Root_CA.crt
│ │ │ ├── DigiCert_Global_Root_G2.crt
│ │ │ ├── DigiCert_Global_Root_G3.crt
│ │ │ ├── DigiCert_High_Assurance_EV_Root_CA.crt
│ │ │ ├── DigiCert_Trusted_Root_G4.crt
│ │ │ ├── DST_ACES_CA_X6.crt
│ │ │ ├── DST_Root_CA_X3.crt
│ │ │ ├── D-TRUST_Root_Class_3_CA_2_2009.crt
│ │ │ ├── D-TRUST_Root_Class_3_CA_2_EV_2009.crt
│ │ │ ├── EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
│ │ │ ├── EC-ACC.crt
│ │ │ ├── EE_Certification_Centre_Root_CA.crt
│ │ │ ├── Entrust.net_Premium_2048_Secure_Server_CA.crt
│ │ │ ├── Entrust_Root_Certification_Authority.crt
│ │ │ ├── Entrust_Root_Certification_Authority_-_EC1.crt
│ │ │ ├── Entrust_Root_Certification_Authority_-_G2.crt
│ │ │ ├── ePKI_Root_Certification_Authority.crt
│ │ │ ├── Equifax_Secure_CA.crt
│ │ │ ├── Equifax_Secure_eBusiness_CA_1.crt
│ │ │ ├── Equifax_Secure_Global_eBusiness_CA.crt
│ │ │ ├── E-Tugra_Certification_Authority.crt
│ │ │ ├── GeoTrust_Global_CA_2.crt
│ │ │ ├── GeoTrust_Global_CA.crt
│ │ │ ├── GeoTrust_Primary_Certification_Authority.crt
│ │ │ ├── GeoTrust_Primary_Certification_Authority_-_G2.crt
│ │ │ ├── GeoTrust_Primary_Certification_Authority_-_G3.crt
│ │ │ ├── GeoTrust_Universal_CA_2.crt
│ │ │ ├── GeoTrust_Universal_CA.crt
│ │ │ ├── Global_Chambersign_Root_-_2008.crt
│ │ │ ├── GlobalSign_ECC_Root_CA_-_R4.crt
│ │ │ ├── GlobalSign_ECC_Root_CA_-_R5.crt
│ │ │ ├── GlobalSign_Root_CA.crt
│ │ │ ├── GlobalSign_Root_CA_-_R2.crt
│ │ │ ├── GlobalSign_Root_CA_-_R3.crt
│ │ │ ├── Go_Daddy_Class_2_CA.crt
│ │ │ ├── Go_Daddy_Root_Certificate_Authority_-_G2.crt
│ │ │ ├── Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
│ │ │ ├── Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
│ │ │ ├── Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
│ │ │ ├── Hongkong_Post_Root_CA_1.crt
│ │ │ ├── IdenTrust_Commercial_Root_CA_1.crt
│ │ │ ├── IdenTrust_Public_Sector_Root_CA_1.crt
│ │ │ ├── IGC_A.crt
│ │ │ ├── ISRG_Root_X1.crt
│ │ │ ├── Izenpe.com.crt
│ │ │ ├── Juur-SK.crt
│ │ │ ├── Microsec_e-Szigno_Root_CA_2009.crt
│ │ │ ├── Microsec_e-Szigno_Root_CA.crt
│ │ │ ├── NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
│ │ │ ├── Network_Solutions_Certificate_Authority.crt
│ │ │ ├── OISTE_WISeKey_Global_Root_GA_CA.crt
│ │ │ ├── OISTE_WISeKey_Global_Root_GB_CA.crt
│ │ │ ├── OpenTrust_Root_CA_G1.crt
│ │ │ ├── OpenTrust_Root_CA_G2.crt
│ │ │ ├── OpenTrust_Root_CA_G3.crt
│ │ │ ├── PSCProcert.crt
│ │ │ ├── QuoVadis_Root_CA_1_G3.crt
│ │ │ ├── QuoVadis_Root_CA_2.crt
│ │ │ ├── QuoVadis_Root_CA_2_G3.crt
│ │ │ ├── QuoVadis_Root_CA_3.crt
│ │ │ ├── QuoVadis_Root_CA_3_G3.crt
│ │ │ ├── QuoVadis_Root_CA.crt
│ │ │ ├── Root_CA_Generalitat_Valenciana.crt
│ │ │ ├── RSA_Security_2048_v3.crt
│ │ │ ├── Secure_Global_CA.crt
│ │ │ ├── SecureSign_RootCA11.crt
│ │ │ ├── SecureTrust_CA.crt
│ │ │ ├── Security_Communication_EV_RootCA1.crt
│ │ │ ├── Security_Communication_RootCA2.crt
│ │ │ ├── Security_Communication_Root_CA.crt
│ │ │ ├── Sonera_Class_2_Root_CA.crt
│ │ │ ├── Staat_der_Nederlanden_EV_Root_CA.crt
│ │ │ ├── Staat_der_Nederlanden_Root_CA_-_G2.crt
│ │ │ ├── Staat_der_Nederlanden_Root_CA_-_G3.crt
│ │ │ ├── Starfield_Class_2_CA.crt
│ │ │ ├── Starfield_Root_Certificate_Authority_-_G2.crt
│ │ │ ├── Starfield_Services_Root_Certificate_Authority_-_G2.crt
│ │ │ ├── StartCom_Certification_Authority_2.crt
│ │ │ ├── StartCom_Certification_Authority.crt
│ │ │ ├── StartCom_Certification_Authority_G2.crt
│ │ │ ├── S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
│ │ │ ├── S-TRUST_Universal_Root_CA.crt
│ │ │ ├── Swisscom_Root_CA_1.crt
│ │ │ ├── Swisscom_Root_CA_2.crt
│ │ │ ├── Swisscom_Root_EV_CA_2.crt
│ │ │ ├── SwissSign_Gold_CA_-_G2.crt
│ │ │ ├── SwissSign_Platinum_CA_-_G2.crt
│ │ │ ├── SwissSign_Silver_CA_-_G2.crt
│ │ │ ├── SZAFIR_ROOT_CA2.crt
│ │ │ ├── Taiwan_GRCA.crt
│ │ │ ├── TC_TrustCenter_Class_3_CA_II.crt
│ │ │ ├── TeliaSonera_Root_CA_v1.crt
│ │ │ ├── thawte_Primary_Root_CA.crt
│ │ │ ├── thawte_Primary_Root_CA_-_G2.crt
│ │ │ ├── thawte_Primary_Root_CA_-_G3.crt
│ │ │ ├── Trustis_FPS_Root_CA.crt
│ │ │ ├── T-TeleSec_GlobalRoot_Class_2.crt
│ │ │ ├── T-TeleSec_GlobalRoot_Class_3.crt
│ │ │ ├── TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
│ │ │ ├── TURKTRUST_Certificate_Services_Provider_Root_2007.crt
│ │ │ ├── TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt
│ │ │ ├── TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt
│ │ │ ├── TWCA_Global_Root_CA.crt
│ │ │ ├── TWCA_Root_Certification_Authority.crt
│ │ │ ├── USERTrust_ECC_Certification_Authority.crt
│ │ │ ├── USERTrust_RSA_Certification_Authority.crt
│ │ │ ├── UTN_USERFirst_Email_Root_CA.crt
│ │ │ ├── UTN_USERFirst_Hardware_Root_CA.crt
│ │ │ ├── Verisign_Class_1_Public_Primary_Certification_Authority.crt
│ │ │ ├── Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
│ │ │ ├── Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
│ │ │ ├── Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
│ │ │ ├── Verisign_Class_3_Public_Primary_Certification_Authority.crt
│ │ │ ├── Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
│ │ │ ├── VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
│ │ │ ├── VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
│ │ │ ├── VeriSign_Universal_Root_Certification_Authority.crt
│ │ │ ├── Visa_eCommerce_Root.crt
│ │ │ ├── WellsSecure_Public_Root_Certificate_Authority.crt
│ │ │ ├── WoSign_China.crt
│ │ │ ├── WoSign.crt
│ │ │ └── XRamp_Global_CA_Root.crt
│ │ └── spi-inc.org
│ │ └── spi-cacert-2008.crt
│ ├── doc
│ │ └── ca-certificates
│ │ ├── changelog.gz
│ │ ├── copyright
│ │ ├── examples
│ │ │ └── ca-certificates-local
│ │ │ ├── debian
│ │ │ │ ├── ca-certificates-local.triggers
│ │ │ │ ├── changelog
│ │ │ │ ├── compat
│ │ │ │ ├── control
│ │ │ │ ├── copyright
│ │ │ │ ├── postrm
│ │ │ │ ├── rules
│ │ │ │ └── source
│ │ │ │ └── format
│ │ │ ├── local
│ │ │ │ ├── Local_Root_CA.crt
│ │ │ │ └── Makefile
│ │ │ ├── Makefile
│ │ │ └── README
│ │ ├── NEWS.Debian.gz
│ │ └── README.Debian
│ └── man
│ └── man8
│ └── update-ca-certificates.8.gz
└── ca-certificates_20141019+deb8u3_all.deb
You can see by the names that the package has human readable examples, scripts, and other information that may be helpful.
So read them.
Like I posted above, I don't have a K4 running on which to invent a set of key-stroke by key-stroke directions for you.
Note:
If your archive tool can't un-archive a *.deb package -
They are just an ar archive that contain other archives (you will recognize them by name).