You misunderstand. I don't want a list of vetted root CAs. I just want a make based wrapper over the OpenSSl commands to make it easier to run a CA. There are a few of them, but if there was a one that is typically recommended instead, I would use that one. On Sat, 2017-04-29 at 12:55 -0700, Kyle Hamilton wrote: > The short answer is "no". > > > The long answer is, OpenSSL is not in the business of vetting trust > roots. Its business is ensuring that TLS-secured communications > happen correctly when it is used. If you want an 'endorsed' set of > roots, you can find such from other projects (that have no relation to > OpenSSL, and for which OpenSSL can take no responsibility). > > > Since I'm not a member of the OpenSSL project, I can tell you that > there is a set of root certificates, vetted by Mozilla, available as > part of Mozilla's NSS (Network Security Services) project. OpenSSL > cannot take any responsibility for that set of roots or any > behavior/misbehavior of any of the CAs represented in that set. I had > also seen a script several years ago to convert Mozilla's format to > OpenSSL format, but I have not needed to look into it and have thus > lost the URL to that script since then. > > > -Kyle H > > > On Sat, Apr 29, 2017 at 10:24 AM, John Lewis <oflameo2@xxxxxxxxx> > wrote: > I am looking for a CA makefile to use with a openvpn tutorial > I am > writing https://github.com/Oflameo/openvpn_ws. Is there one > officially > endorsed by the openssl project? > > -- > openssl-users mailing list > To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-users > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
