howtos:import_ca_certificates_for_openssl_to_use
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| — | howtos:import_ca_certificates_for_openssl_to_use [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | Start out by finding the location for the certificates to be stored: | ||
| + | < | ||
| + | openssl version -d | ||
| + | OPENSSLDIR: "/ | ||
| + | </ | ||
| + | |||
| + | Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW. | ||
| + | |||
| + | Now upload the CA certificates in PEM format into OPENSSLDIR/ | ||
| + | |||
| + | Next use this script to create the symbolic links inside the certs directory: | ||
| + | |||
| + | < | ||
| + | #!/bin/sh | ||
| + | # | ||
| + | # usage: certlink.sh filename [filename ...] | ||
| + | |||
| + | for CERTFILE in $*; do | ||
| + | # make sure file exists and is a valid cert | ||
| + | test -f " | ||
| + | HASH=$(openssl x509 -noout -hash -in " | ||
| + | test -n " | ||
| + | |||
| + | # use lowest available iterator for symlink | ||
| + | for ITER in 0 1 2 3 4 5 6 7 8 9; do | ||
| + | test -f " | ||
| + | ln -s " | ||
| + | test -L " | ||
| + | done | ||
| + | done | ||
| + | </ | ||
| + | |||
| + | Now go into OPENSSLDIR/ | ||
| + | |||
| + | < | ||
| + | certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem | ||
| + | </ | ||
| + | |||
| + | Now openssl will verify certificates signed by these CA's. | ||
howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1