Re: c_hash/ca-certificates.crt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 23/02/18 14:06, etc@xxxxxxxxxxxxxx wrote:
> Hello!
> 
> Normally I put new certificates into /etc/ssl/certs and create the
> hash-link.
> That workes for me for many years.
> 
> 
> Just found out 2 new things agout that.
> 
> 1. There is c_hash that does the creation of the hash-link for me.
> Great!
> 
> 2. ca-certificates.crt is there too. It has any certificate inside of it
> that is also in the directory but not the ones I added by myself over
> the years.
> Today was the 1st time I had to add a certificate to thefile because a
> tool looked into that file and not into the directory.
> 
> Please what is the relation to the directory and ca-certificates.crt and
> is there a tool/command to that adds new certificates to the file too?

Strictly speaking this isn't an OpenSSL question. OpenSSL does not
create or distribute the contents of /etc/ssl/certs. However it *does*
provide the ability to read a set of CA certs from either a directory or
a file. Applications can choose to work which ever way they want.

I assume that distros have opted to provide both a directory *and* a
file so that they can supply certs for which ever way an application
chooses to work.

My understanding is that you are supposed to put locally added certs in
/usr/local/share/ca-certficates, and then run the update-ca-certificates
tool which updates both the directory and the file.

Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux