User Tools

Site Tools


howtos:import_ca_certificates_for_openssl_to_use

Start out by finding the location for the certificates to be stored:

openssl version -d
OPENSSLDIR: "/usr/lib/ssl"

Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.

Now upload the CA certificates in PEM format into OPENSSLDIR/certs.

Next use this script to create the symbolic links inside the certs directory:

#!/bin/sh
#
# usage: certlink.sh filename [filename ...]

for CERTFILE in $*; do
  # make sure file exists and is a valid cert
  test -f "$CERTFILE" || continue
  HASH=$(openssl x509 -noout -hash -in "$CERTFILE")
  test -n "$HASH" || continue

  # use lowest available iterator for symlink
  for ITER in 0 1 2 3 4 5 6 7 8 9; do
    test -f "${HASH}.${ITER}" && continue
    ln -s "$CERTFILE" "${HASH}.${ITER}"
    test -L "${HASH}.${ITER}" && break
  done
done

Now go into OPENSSLDIR/certs and run the script:

certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem

Now openssl will verify certificates signed by these CA's.

howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: 02/12/2018 20:34 by 127.0.0.1