====== Adding root CA certificates to KDE on Debian ======

I've been trying to get ''kaddressbook'' working with the company LDAP server. The LDAP server is accessed over SSL using the standard LDAP SSL port 636.

All I would get is a dialog saying

<code>
Could not connect to host ldaps://cn%3d' [rest of URL omitted].
</code>

This turned out to be a certificate problem. LDAP is fussy. Certificates must be present, and must work correctly.

So first I added the company root CA certificate to the collection of Debian roots. I created a company subdirectory in ''/usr/share/ca-certificates'', copied the 
company CA root certificate into that subdirectory, ran

<code>
# dpkg-reconfigure ca-certificates
</code>

and marked the company CA root certificate as activated.

Today in preference I would just add the certificate to ''/usr/local/share/ca-certificates'' and run ''update-ca-certificates''. All certificates in that directory are activated.

Unfortunately KDE 4 keeps its own set of root certificates. I followed the advice of
[[http://www.mayrhofer.eu.org/node/46|Rene Mayrhofer]] and replaced the KDE root CA file with a link to the Debian one. The combination of adding the company root CA to the Debian list **and** the KDE list gets ''kaddressbook'' working.

<code>
# dpkg-divert --local --rename --add /usr/share/kde4/apps/kssl/ca-bundle.crt
# ln -s /etc/ssl/certs/ca-certificates.crt /usr/share/kde4/apps/kssl/ca-bundle.crt
</code>