How to run "dpkg-reconfigure ca-certificates" noninteractively?

Question

I would like default to "accept" new certificate. I have tried the following.

$ dpkg-reconfigure -f noninteractive ca-certificates

It runs, but the CA is not added.

If not possible, is it OK to directly modify /etc/ca-certificates.conf?

Thank you for the help.

Answer 1

no this won't work out of the box.

Based on http://blog.sandipb.net/2009/08/08/adding-new-ca-certificates-in-ubuntu-jaunty/, you can do the following sequence that doesn't need interactive selection:

sudo cp my.cert /usr/local/share/ca-certificates/
sudo update-ca-certificates

tested and works on debian 5/6.

Answer 2

Actually, you can specify minimum priority question to show using param -p with valid priorities (low medium high critical). If you set it to critical, should work fine for your scenario.

sudo dpkg-reconfigure -p critical ca-certificates