It'll be replacing them because of Heartbleed. And it'll be slow because everyone else in the world is doing the same thing.

 

Yeah, I figured. The download wasn't slow, it was the onboard re-compiling that was killer (it's on a G4 ppc). So... do I need 'em or no?

I don't know, sorry. That's a side of things I know absolutely fuck all about.

My *guess* would be that, given that it's a staging thing and I don't suppose many people will be using it, get everyone who uses it to add a security exception? And maybe self-sign as a little tiny bit of protection.

It's not a certificate for my server (which I don't run https on), it's a bunch of certificates that mostly appear to be for online transactions (e.g. thawte, a bunch of banks &ct). *I guess*

https://launchpad.net/ubuntu/+source/ca-certificates

"PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections."

You can still self-sign. But yeah, whether it'll actually work is another matter. But then I guess you don't actually need that part to work so...?

You want them. CA Certificates are those used by the certificate vendors to verify other SSL certificates, they're not just used for HTTPS but lots of other SSL transports. Without up to date CA certificates your ability to communicate securely over SSL is as good as non existent.

OK, thanks. I can't remember if they were onboard the original ubuntu server installation, a package dependency, or I deliberately installed them. Maybe they're using stronger encryption, which could explain why they seemed so slow today. Apparently they're not updated very frequently.