howtos:import_ca_certificates_for_openssl_to_use
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:import_ca_certificates_for_openssl_to_use [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Start out by finding the location for the certificates to be stored: | ||
+ | < | ||
+ | openssl version -d | ||
+ | OPENSSLDIR: "/ | ||
+ | </ | ||
+ | |||
+ | Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW. | ||
+ | |||
+ | Now upload the CA certificates in PEM format into OPENSSLDIR/ | ||
+ | |||
+ | Next use this script to create the symbolic links inside the certs directory: | ||
+ | |||
+ | < | ||
+ | #!/bin/sh | ||
+ | # | ||
+ | # usage: certlink.sh filename [filename ...] | ||
+ | |||
+ | for CERTFILE in $*; do | ||
+ | # make sure file exists and is a valid cert | ||
+ | test -f " | ||
+ | HASH=$(openssl x509 -noout -hash -in " | ||
+ | test -n " | ||
+ | |||
+ | # use lowest available iterator for symlink | ||
+ | for ITER in 0 1 2 3 4 5 6 7 8 9; do | ||
+ | test -f " | ||
+ | ln -s " | ||
+ | test -L " | ||
+ | done | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | Now go into OPENSSLDIR/ | ||
+ | |||
+ | < | ||
+ | certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem | ||
+ | </ | ||
+ | |||
+ | Now openssl will verify certificates signed by these CA's. |
howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1