User Tools

Site Tools


howtos:import_ca_certificates_for_openssl_to_use

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howtos:import_ca_certificates_for_openssl_to_use [d/m/Y H:i] (current)
Line 1: Line 1:
 +Start out by finding the location for the certificates to be stored:
  
 +<​code>​
 +openssl version -d
 +OPENSSLDIR: "/​usr/​lib/​ssl"​
 +</​code>​
 +
 +Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.
 +
 +Now upload the CA certificates in PEM format into OPENSSLDIR/​certs.
 +
 +Next use this script to create the symbolic links inside the certs directory:
 +
 +<​file>​
 +#!/bin/sh
 +#
 +# usage: certlink.sh filename [filename ...]
 +
 +for CERTFILE in $*; do
 +  # make sure file exists and is a valid cert
 +  test -f "​$CERTFILE"​ || continue
 +  HASH=$(openssl x509 -noout -hash -in "​$CERTFILE"​)
 +  test -n "​$HASH"​ || continue
 +
 +  # use lowest available iterator for symlink
 +  for ITER in 0 1 2 3 4 5 6 7 8 9; do
 +    test -f "​${HASH}.${ITER}"​ && continue
 +    ln -s "​$CERTFILE"​ "​${HASH}.${ITER}"​
 +    test -L "​${HASH}.${ITER}"​ && break
 +  done
 +done
 +</​file>​
 +
 +Now go into OPENSSLDIR/​certs and run the script:
 +
 +<​code>​
 +certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem
 +</​code>​
 +
 +Now openssl will verify certificates signed by these CA's.
howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: d/m/Y H:i (external edit)