User Tools

Site Tools


howtos:import_ca_certificates_for_openssl_to_use

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:import_ca_certificates_for_openssl_to_use [d/m/Y H:i] (current)
Line 1: Line 1:
 +Start out by finding the location for the certificates to be stored:
  
 +<code>
 +openssl version -d
 +OPENSSLDIR: "/usr/lib/ssl"
 +</code>
 +
 +Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.
 +
 +Now upload the CA certificates in PEM format into OPENSSLDIR/certs.
 +
 +Next use this script to create the symbolic links inside the certs directory:
 +
 +<file>
 +#!/bin/sh
 +#
 +# usage: certlink.sh filename [filename ...]
 +
 +for CERTFILE in $*; do
 +  # make sure file exists and is a valid cert
 +  test -f "$CERTFILE" || continue
 +  HASH=$(openssl x509 -noout -hash -in "$CERTFILE")
 +  test -n "$HASH" || continue
 +
 +  # use lowest available iterator for symlink
 +  for ITER in 0 1 2 3 4 5 6 7 8 9; do
 +    test -f "${HASH}.${ITER}" && continue
 +    ln -s "$CERTFILE" "${HASH}.${ITER}"
 +    test -L "${HASH}.${ITER}" && break
 +  done
 +done
 +</file>
 +
 +Now go into OPENSSLDIR/certs and run the script:
 +
 +<code>
 +certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem
 +</code>
 +
 +Now openssl will verify certificates signed by these CA's.
howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: d/m/Y H:i (external edit)