User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

howtos:import_ca_certificates_for_openssl_to_use [d/m/Y H:i] (current)
Line 1: Line 1:
 +Start out by finding the location for the certificates to be stored:
 +openssl version -d
 +OPENSSLDIR: "/​usr/​lib/​ssl"​
 +Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.
 +Now upload the CA certificates in PEM format into OPENSSLDIR/​certs.
 +Next use this script to create the symbolic links inside the certs directory:
 +# usage: filename [filename ...]
 +for CERTFILE in $*; do
 +  # make sure file exists and is a valid cert
 +  test -f "​$CERTFILE"​ || continue
 +  HASH=$(openssl x509 -noout -hash -in "​$CERTFILE"​)
 +  test -n "​$HASH"​ || continue
 +  # use lowest available iterator for symlink
 +  for ITER in 0 1 2 3 4 5 6 7 8 9; do
 +    test -f "​${HASH}.${ITER}"​ && continue
 +    ln -s "​$CERTFILE"​ "​${HASH}.${ITER}"​
 +    test -L "​${HASH}.${ITER}"​ && break
 +  done
 +Now go into OPENSSLDIR/​certs and run the script:
 +<​code>​ CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem
 +Now openssl will verify certificates signed by these CA's.
howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: d/m/Y H:i (external edit)