2.0.3.7 on Mac: Missing certificates


#1

Warnings: [ 2018-06-18 07:40:35 +02 - [Warning-Duplicati.Library.Modules.Builtin.CheckMonoSSL-MissingCerts]: No certificates found, you can install some with one of these commands: cert-sync /etc/ssl/certs/ca-certificates.crt #for Debian based systems cert-sync /etc/pki/tls/certs/ca-bundle.crt #for RedHat derivatives Read more: Release Notes Mono 3.12.0 | Mono,

How do I resolve this?
Did not happen on beta version.


Error/ Warning for one Configuration
#2

upgraded mono from 5.10 to 5.12, no difference


#3

appears there were a problem with my mono installation.
Was under the impression that ssl certs would be loaded automatically at installation but does not seem to have happened for me.

Resolved by downloading certs from curl - Extract CA Certs from Mozilla and running:
cert-sync --user cacert.pem

Duplicati warning was correct.


#4

Thanks for sharing your experience with this, I’m not positive when the “No certificates found” message was added to Duplicati but it’s nice to know it’s showing when it should!

I’ve flagged your post as the solution - let me know if you disagree. And thanks for using Duplicati!


#5

Very nice solution! :slight_smile:

I had this happen on my mac as well after upgrading it recently and couldn’t figure out why MacOS isn’t even mentioned on the mono release page where they provide solutions for Debian/RHEL.


#6

This happened for me as well, but wasn’t around any updates. My daily job suddenly started throwing this warning and error at least 5 days after any updates had been done…

Oddly, there was one day where it did NOT throw the warning or error and the job ran successfully leading me to suspect they are related.

@Mikael_Andersson’s solution seems to have worked for me as well so perhaps the message should be updated to add to the Debian and RedHat suggestions something along the lines of:

curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem #for MacOS


In the job log:

2018-07-16 09:34:06 -05 - [Warning-Duplicati.Library.Modules.Builtin.CheckMonoSSL-MissingCerts]: No certificates found, you can install some with one of these commands:
    cert-sync /etc/ssl/certs/ca-certificates.crt #for Debian based systems
    cert-sync /etc/pki/tls/certs/ca-bundle.crt #for RedHat derivatives
Read more: http://www.mono-project.com/docs/about-mono/releases/3.12.0/#cert-sync

In the global log:

ystem.AggregateException: One or more errors occurred. ---> System.AggregateException: Value does not fall within the expected range. ---> System.ArgumentException: Value does not fall within the expected range.
  at Renci.SshNet.Session.WaitOnHandle (System.Threading.WaitHandle waitHandle, System.TimeSpan timeout) [0x00041] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Session.Renci.SshNet.ISession.WaitOnHandle (System.Threading.WaitHandle waitHandle) [0x0000d] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.WaitOnHandle (System.Threading.WaitHandle waitHandle) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Close () [0x00080] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ChannelSession.Close () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Dispose (System.Boolean disposing) [0x0000f] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ClientChannel.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ChannelSession.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Disconnect () [0x00053] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Sftp.SftpSession.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SftpClient.OnDisconnecting () [0x00017] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Disconnect () [0x00006] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SftpClient.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Duplicati.Library.Backend.SSHv2.Dispose () [0x00008] in <e43cdcaec911420ba5f812d5ecc9ca5a>:0 
  at Duplicati.Library.Main.BackendManager.Dispose () [0x00077] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Operation.BackupHandler+<RunAsync>d__19.MoveNext () [0x00fc1] in <0ce58d578b8642d49036dc15fbad38f1>:0 
   --- End of inner exception stack trace ---
  at Duplicati.Library.Main.Operation.BackupHandler+<RunAsync>d__19.MoveNext () [0x0102c] in <0ce58d578b8642d49036dc15fbad38f1>:0 
   --- End of inner exception stack trace ---
  at CoCoL.ChannelExtensions.WaitForTaskOrThrow (System.Threading.Tasks.Task task) [0x0005d] in <6973ce2780de4b28aaa2c5ffc59993b1>:0 
  at Duplicati.Library.Main.Operation.BackupHandler.Run (System.String[] sources, Duplicati.Library.Utility.IFilter filter) [0x00008] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Controller+<>c__DisplayClass13_0.<Backup>b__0 (Duplicati.Library.Main.BackupResults result) [0x00035] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Controller.RunAction[T] (T result, System.String[]& paths, Duplicati.Library.Utility.IFilter& filter, System.Action`1[T] method) [0x0022e] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Controller.Backup (System.String[] inputsources, Duplicati.Library.Utility.IFilter filter) [0x00068] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Server.Runner.Run (Duplicati.Server.Runner+IRunnerData data, System.Boolean fromQueue) [0x00335] in <8486dd191d20467cbf8d627f56ca2e90>:0 
---> (Inner Exception #0) System.AggregateException: Value does not fall within the expected range. ---> System.ArgumentException: Value does not fall within the expected range.
  at Renci.SshNet.Session.WaitOnHandle (System.Threading.WaitHandle waitHandle, System.TimeSpan timeout) [0x00041] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Session.Renci.SshNet.ISession.WaitOnHandle (System.Threading.WaitHandle waitHandle) [0x0000d] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.WaitOnHandle (System.Threading.WaitHandle waitHandle) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Close () [0x00080] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ChannelSession.Close () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Dispose (System.Boolean disposing) [0x0000f] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ClientChannel.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ChannelSession.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Disconnect () [0x00053] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Sftp.SftpSession.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SftpClient.OnDisconnecting () [0x00017] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Disconnect () [0x00006] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SftpClient.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Duplicati.Library.Backend.SSHv2.Dispose () [0x00008] in <e43cdcaec911420ba5f812d5ecc9ca5a>:0 
  at Duplicati.Library.Main.BackendManager.Dispose () [0x00077] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Operation.BackupHandler+<RunAsync>d__19.MoveNext () [0x00fc1] in <0ce58d578b8642d49036dc15fbad38f1>:0 
   --- End of inner exception stack trace ---
  at Duplicati.Library.Main.Operation.BackupHandler+<RunAsync>d__19.MoveNext () [0x0102c] in <0ce58d578b8642d49036dc15fbad38f1>:0 
---> (Inner Exception #0) System.ArgumentException: Value does not fall within the expected range.
  at Renci.SshNet.Session.WaitOnHandle (System.Threading.WaitHandle waitHandle, System.TimeSpan timeout) [0x00041] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Session.Renci.SshNet.ISession.WaitOnHandle (System.Threading.WaitHandle waitHandle) [0x0000d] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.WaitOnHandle (System.Threading.WaitHandle waitHandle) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Close () [0x00080] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ChannelSession.Close () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Dispose (System.Boolean disposing) [0x0000f] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ClientChannel.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.ChannelSession.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Channels.Channel.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Disconnect () [0x00053] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.Sftp.SftpSession.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SubsystemSession.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SftpClient.OnDisconnecting () [0x00017] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Disconnect () [0x00006] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Dispose (System.Boolean disposing) [0x0000c] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.SftpClient.Dispose (System.Boolean disposing) [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Renci.SshNet.BaseClient.Dispose () [0x00000] in <502177f7126d48e4be01a83c8cdb4c79>:0 
  at Duplicati.Library.Backend.SSHv2.Dispose () [0x00008] in <e43cdcaec911420ba5f812d5ecc9ca5a>:0 
  at Duplicati.Library.Main.BackendManager.Dispose () [0x00077] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Operation.BackupHandler+<RunAsync>d__19.MoveNext () [0x00fc1] in <0ce58d578b8642d49036dc15fbad38f1>:0 <---

---> (Inner Exception #1) System.AggregateException: One or more errors occurred. ---> System.Exception: Unable to find log in lookup table, this may be caused by attempting to transport call contexts between AppDomains (eg. with remoting calls)
  at Duplicati.Library.Logging.Log.get_CurrentScope () [0x0004d] in <a0d17c5f1b8942efac55f621de8cc00b>:0 
  at Duplicati.Library.Logging.Log.WriteMessage (Duplicati.Library.Logging.LogMessageType type, System.String tag, System.String id, System.Exception ex, System.String message, System.Object[] arguments) [0x0001e] in <a0d17c5f1b8942efac55f621de8cc00b>:0 
  at Duplicati.Library.Logging.Log.WriteWarningMessage (System.String tag, System.String id, System.Exception ex, System.String message, System.Object[] arguments) [0x00000] in <a0d17c5f1b8942efac55f621de8cc00b>:0 
  at Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess+<>c.<Run>b__1_3 (System.String rootpath, System.String errorpath, System.Exception ex) [0x00000] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Utility.Utility+<EnumerateFileSystemEntries>d__23.MoveNext () [0x001d9] in <5336a8b903594fa5ae5a9692dae4b7fe>:0 
  at System.Linq.Enumerable+SelectManySingleSelectorIterator`2[TSource,TResult].MoveNext () [0x0006f] in <9da65c3aa2654e53b5f11b79677182e0>:0 
  at Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess+<ExpandWorkList>d__4.MoveNext () [0x000da] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess+<>c__DisplayClass1_0+<<Run>b__0>d.MoveNext () [0x00263] in <0ce58d578b8642d49036dc15fbad38f1>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at CoCoL.AutomationExtensions+<RunTask>d__10`1[T].MoveNext () [0x000cc] in <6973ce2780de4b28aaa2c5ffc59993b1>:0 
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.Exception: Unable to find log in lookup table, this may be caused by attempting to transport call contexts between AppDomains (eg. with remoting calls)
  at Duplicati.Library.Logging.Log.get_CurrentScope () [0x0004d] in <a0d17c5f1b8942efac55f621de8cc00b>:0 
  at Duplicati.Library.Logging.Log.WriteMessage (Duplicati.Library.Logging.LogMessageType type, System.String tag, System.String id, System.Exception ex, System.String message, System.Object[] arguments) [0x0001e] in <a0d17c5f1b8942efac55f621de8cc00b>:0 
  at Duplicati.Library.Logging.Log.WriteWarningMessage (System.String tag, System.String id, System.Exception ex, System.String message, System.Object[] arguments) [0x00000] in <a0d17c5f1b8942efac55f621de8cc00b>:0 
  at Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess+<>c.<Run>b__1_3 (System.String rootpath, System.String errorpath, System.Exception ex) [0x00000] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Utility.Utility+<EnumerateFileSystemEntries>d__23.MoveNext () [0x001d9] in <5336a8b903594fa5ae5a9692dae4b7fe>:0 
  at System.Linq.Enumerable+SelectManySingleSelectorIterator`2[TSource,TResult].MoveNext () [0x0006f] in <9da65c3aa2654e53b5f11b79677182e0>:0 
  at Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess+<ExpandWorkList>d__4.MoveNext () [0x000da] in <0ce58d578b8642d49036dc15fbad38f1>:0 
  at Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess+<>c__DisplayClass1_0+<<Run>b__0>d.MoveNext () [0x00263] in <0ce58d578b8642d49036dc15fbad38f1>:0 
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess (System.Threading.Tasks.Task task) [0x0003e] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Threading.Tasks.Task task) [0x00028] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd (System.Threading.Tasks.Task task) [0x00008] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at System.Runtime.CompilerServices.TaskAwaiter.GetResult () [0x00000] in <c9f8153c41de4f8cbafd0e32f9bf6b28>:0 
  at CoCoL.AutomationExtensions+<RunTask>d__10`1[T].MoveNext () [0x000cc] in <6973ce2780de4b28aaa2c5ffc59993b1>:0 <---
<---
<---

#7

For those that are curious, here’s what I saw after running the cert-sync on MacOS High Sierra 10.13.5…

Mono Certificate Store Sync - version 5.2.0.0
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

Importing into legacy user store:
I already trust 0, your new list has 132
Certificate added: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Certificate added: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G3
Certificate added: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
Certificate added: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Certificate added: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Certificate added: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
Certificate added: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
Certificate added: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
Certificate added: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
Certificate added: C=FI, O=Sonera, CN=Sonera Class2 CA
Certificate added: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
Certificate added: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority
Certificate added: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority
Certificate added: C=TW, O=Government Root Certification Authority
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
Certificate added: C=FR, O=Certplus, CN=Class 2 Primary CA
Certificate added: O=Digital Signature Trust Co., CN=DST Root CA X3
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5
Certificate added: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
Certificate added: C=US, O=SecureTrust Corporation, CN=Secure Global CA
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
Certificate added: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
Certificate added: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
Certificate added: C=FR, O=Dhimyotis, CN=Certigna
Certificate added: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
Certificate added: O="Cybertrust, Inc", CN=Cybertrust Global Root
Certificate added: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority
Certificate added: C=RO, O=certSIGN, OU=certSIGN ROOT CA
Certificate added: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
Certificate added: C=US, O="thawte, Inc.", OU="(c) 2007 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G2
Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2008 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G3
Certificate added: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2008 VeriSign, Inc. - For authorized use only", CN=VeriSign Universal Root Certification Authority
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2007 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G4
Certificate added: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
Certificate added: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
Certificate added: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign RootCA11
Certificate added: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info@e-szigno.hu
Certificate added: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
Certificate added: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
Certificate added: C=ES, O=IZENPE S.A., CN=Izenpe.com
Certificate added: C=EU, L=Madrid (see current address at www.camerfirma.com/address), OID.2.5.4.5=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
Certificate added: C=EU, L=Madrid (see current address at www.camerfirma.com/address), OID.2.5.4.5=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
Certificate added: C=US, S=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2
Certificate added: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2
Certificate added: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Networking
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Premium
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
Certificate added: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
Certificate added: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
Certificate added: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2
Certificate added: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
Certificate added: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
Certificate added: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
Certificate added: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
Certificate added: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
Certificate added: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, E=pki@sk.ee
Certificate added: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
Certificate added: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
Certificate added: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
Certificate added: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
Certificate added: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
Certificate added: O=TeliaSonera, CN=TeliaSonera Root CA v1
Certificate added: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
Certificate added: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
Certificate added: CN=Atos TrustedRoot 2011, O=Atos, C=DE
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Certificate added: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Certificate added: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
Certificate added: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
Certificate added: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
Certificate added: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
Certificate added: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
Certificate added: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2
Certificate added: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - EC1
Certificate added: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
Certificate added: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
Certificate added: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
Certificate added: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
Certificate added: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
Certificate added: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015
Certificate added: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015
Certificate added: C=FR, O=Certplus, CN=Certplus Root CA G1
Certificate added: C=FR, O=Certplus, CN=Certplus Root CA G2
Certificate added: C=FR, O=OpenTrust, CN=OpenTrust Root CA G1
Certificate added: C=FR, O=OpenTrust, CN=OpenTrust Root CA G2
Certificate added: C=FR, O=OpenTrust, CN=OpenTrust Root CA G3
Certificate added: C=US, O=Internet Security Research Group, CN=ISRG Root X1
Certificate added: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 1
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 2
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 3
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 4
Certificate added: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2
Certificate added: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
Certificate added: C=CN, O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN=GDCA TrustAUTH R5 ROOT
Certificate added: C=PA, S=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
Certificate added: C=PA, S=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2
Certificate added: C=PA, S=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC
132 new root certificates were added to your trust store.
Import process completed.

Importing into BTLS user store:
I already trust 0, your new list has 132
Certificate added: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Certificate added: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G3
Certificate added: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
Certificate added: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Certificate added: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Certificate added: C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
Certificate added: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
Certificate added: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
Certificate added: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
Certificate added: C=FI, O=Sonera, CN=Sonera Class2 CA
Certificate added: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
Certificate added: C=US, O="The Go Daddy Group, Inc.", OU=Go Daddy Class 2 Certification Authority
Certificate added: C=US, O="Starfield Technologies, Inc.", OU=Starfield Class 2 Certification Authority
Certificate added: C=TW, O=Government Root Certification Authority
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
Certificate added: C=FR, O=Certplus, CN=Class 2 Primary CA
Certificate added: O=Digital Signature Trust Co., CN=DST Root CA X3
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
Certificate added: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
Certificate added: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2006 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2006 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G5
Certificate added: C=US, O=SecureTrust Corporation, CN=SecureTrust CA
Certificate added: C=US, O=SecureTrust Corporation, CN=Secure Global CA
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
Certificate added: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
Certificate added: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
Certificate added: C=FR, O=Dhimyotis, CN=Certigna
Certificate added: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
Certificate added: O="Cybertrust, Inc", CN=Cybertrust Global Root
Certificate added: C=TW, O="Chunghwa Telecom Co., Ltd.", OU=ePKI Root Certification Authority
Certificate added: C=RO, O=certSIGN, OU=certSIGN ROOT CA
Certificate added: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
Certificate added: C=US, O="thawte, Inc.", OU="(c) 2007 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G2
Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2008 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G3
Certificate added: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2008 VeriSign, Inc. - For authorized use only", CN=VeriSign Universal Root Certification Authority
Certificate added: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 2007 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G4
Certificate added: C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
Certificate added: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
Certificate added: C=JP, O="Japan Certification Services, Inc.", CN=SecureSign RootCA11
Certificate added: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info@e-szigno.hu
Certificate added: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
Certificate added: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
Certificate added: C=ES, O=IZENPE S.A., CN=Izenpe.com
Certificate added: C=EU, L=Madrid (see current address at www.camerfirma.com/address), OID.2.5.4.5=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
Certificate added: C=EU, L=Madrid (see current address at www.camerfirma.com/address), OID.2.5.4.5=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
Certificate added: C=US, S=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", CN=Go Daddy Root Certificate Authority - G2
Certificate added: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Root Certificate Authority - G2
Certificate added: C=US, S=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", CN=Starfield Services Root Certificate Authority - G2
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Commercial
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Networking
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Premium
Certificate added: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
Certificate added: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
Certificate added: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
Certificate added: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2
Certificate added: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
Certificate added: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011
Certificate added: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
Certificate added: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
Certificate added: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
Certificate added: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
Certificate added: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, E=pki@sk.ee
Certificate added: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
Certificate added: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
Certificate added: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2
Certificate added: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
Certificate added: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
Certificate added: O=TeliaSonera, CN=TeliaSonera Root CA v1
Certificate added: C=TR, L=Ankara, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority
Certificate added: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
Certificate added: CN=Atos TrustedRoot 2011, O=Atos, C=DE
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
Certificate added: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
Certificate added: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
Certificate added: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Certificate added: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
Certificate added: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
Certificate added: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
Certificate added: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3
Certificate added: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
Certificate added: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
Certificate added: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1
Certificate added: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2009 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - G2
Certificate added: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Root Certification Authority - EC1
Certificate added: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT
Certificate added: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA
Certificate added: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA
Certificate added: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2
Certificate added: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
Certificate added: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015
Certificate added: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015
Certificate added: C=FR, O=Certplus, CN=Certplus Root CA G1
Certificate added: C=FR, O=Certplus, CN=Certplus Root CA G2
Certificate added: C=FR, O=OpenTrust, CN=OpenTrust Root CA G1
Certificate added: C=FR, O=OpenTrust, CN=OpenTrust Root CA G2
Certificate added: C=FR, O=OpenTrust, CN=OpenTrust Root CA G3
Certificate added: C=US, O=Internet Security Research Group, CN=ISRG Root X1
Certificate added: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 1
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 2
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 3
Certificate added: C=US, O=Amazon, CN=Amazon Root CA 4
Certificate added: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2
Certificate added: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
Certificate added: C=CN, O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN=GDCA TrustAUTH R5 ROOT
Certificate added: C=PA, S=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1
Certificate added: C=PA, S=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2
Certificate added: C=PA, S=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
Certificate added: C=US, S=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC
132 new root certificates were added to your trust store.
Import process completed.

#8

I believe the existing message is caused by mono itself and not any specific part of the application, and I don’t think we can modify it.

But we can probably make a check for it and provide that information in a separate warning. Where would that check make sense to run? before starting a backup?


#9

Unless we’re talking about different messages, it’s our text:


I should mention that for me, adding the certs resolved the “No certificates found” warning, but has NOT done anything with the “Value does not fall within the expected range” SshNet error.

So those may not be as related as I assumed they were previously.


#10

Oh, my mistake.

I don’t think they’re related. My cert warning did not cause any actual issues. I just got a warning on every backup.


#11

Do you think the multi-command string I proposed is too long? I’m worried the extra steps of manually downloading (and finding) the certs will be a turn-off for some users.

Also, do you think --user should NOT be used (--user will populate the per-user store in the user’s home directory, instead of the system-wide store.)


#12

Hmm, I did it without --user

I basically did

wget https://curl.haxx.se/ca/cacert.pem; cert-sync cacert.pem; rm -f cacert.pem # For MacOS

#13

I like yours better and have put in a PR for it. :slight_smile:


#14

There might be a typo

https://curl.haxx.se/ca/cacert.pem; cert-sync cacert.pem; rm -f cacert.pem # For MacOS missing the wget :slight_smile:


#15

@JonMikelV’s changes have been merged into master now Merge pull request #3324 from duplicati/JonMikelV-certUpdate-MacOS · duplicati/duplicati@c5e25e7 · GitHub
Should show up in next release.


#16

That may not be a bad thing… I just tested on a Mac I support (10.13.5 High Sierra) and it doesn’t seem to have wget but it does have curl.

Maybe it would be “safer” to use:
curl --remote-name https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm -f cacert.pem # For MacOS

Instead of:
wget https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm -f cacert.pem # For MacOS


Actually, I was thinking - why would we NOT want Duplicati to do this? By having a “fetch latest certificates” button (maybe under global settings) Duplicati could do the fetch and cert-sync which would ensure thy are applied under the correct account.


#17

Hmm, changing to curl might be safe. I must admit it never occurred to me it wouldn’t be on a modern UNIX system (other than small containers).

Building it into Duplicati as a command might be a good idea, making it simpler to resolve for the end user.


#18

Oddly, I’m finding that I have the certs added both for the regular user account and root (which is what the MacOS daemon is using) and I’m still getting the warnings.

Is it possible mono is running under yet a different account?


#19

Running ps aux | grep duplicati should reveal the user that Duplicati is running under on any UNIX system.

# ps aux | grep duplicati
rune             72887   0.0  0.0  4276968   1024 s001  S+   11:44PM   0:00.00 grep --color duplicati
rune             67054   0.0  0.1  4394052  18824   ??  S    Sun09PM   0:06.46 /System/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python /Users/rune/git/duplicati/Duplicati/GUI/Duplicati.GUI.TrayIcon/bin/Debug/OSXTrayHost/osx-trayicon-rumps.py
rune             67050   0.0  0.3  4528480  47972   ??  S    Sun09PM   0:55.64 /Library/Frameworks/Mono.framework/Versions/5.10.1/bin/mono --debug --debugger-agent=transport=dt_socket,address=127.0.0.1:59003 /Users/rune/git/duplicati/Duplicati/GUI/Duplicati.GUI.TrayIcon/bin/Debug/Duplicati.GUI.TrayIcon.exe

On my system Importing the certificates under the correct user worked for both my own user and for root.


#20

For the record, I found that when running Duplicati as daemon / service on MacOS (meaning it was running under root) I needed to run:

sudo -i #interactive login so all following commands execute as root
curl -O https://curl.haxx.se/ca/cacert.pem; cert-sync --user cacert.pem; rm cacert.pem #for MacOS