‘ca-certificates’ update error

Since the last “ca-certificates” release for RHEL/CentOS 6 or Fedorar 14 with version stating 2013, there is a roaming error of not being able to update “ca-certificate” version starting from 2010 to the latest 2013. The error is somewhat looks the following through yum:

Running Transaction
Updating : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
Error unpacking rpm package ca-certificates-2013.1.94-65.0.el6.noarch
warning: /etc/pki/java/cacerts created as /etc/pki/java/cacerts.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.crt created as /etc/pki/tls/certs/ca-bundle.crt.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.trust.crt created as /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew
error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename
Verifying : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
ca-certificates-2010.63-3.el6_1.5.noarch was supposed to be removed but is not!
Verifying : ca-certificates-2010.63-3.el6_1.5.noarch 2/2

ca-certificates.noarch 0:2010.63-3.el6_1.5 ca-certificates.noarch 0:2013.1.94-65.0.el6

The following part of the error to be noted:

error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename

It looks like the new “ca-certificate” is using a new structure. In old versions, “certs” is a folder which contains old certificates. While updating with the new one, it is trying to create a symlink with theĀ /etc/pki/tls/certs/ by removing the old directory, which it fails with yum.

To solve the error, run the following:

$ mv /etc/ssl/certs /etc/ssl/certs.back
$ ln -s /etc/pki/tls/certs /etc/ssl/certs
$ yum update ca-certificate*

This should solve the error.