On 23/02/18 14:06, etc@xxxxxxxxxxxxxx wrote: > Hello! > > Normally I put new certificates into /etc/ssl/certs and create the > hash-link. > That workes for me for many years. > > > Just found out 2 new things agout that. > > 1. There is c_hash that does the creation of the hash-link for me. > Great! > > 2. ca-certificates.crt is there too. It has any certificate inside of it > that is also in the directory but not the ones I added by myself over > the years. > Today was the 1st time I had to add a certificate to thefile because a > tool looked into that file and not into the directory. > > Please what is the relation to the directory and ca-certificates.crt and > is there a tool/command to that adds new certificates to the file too? Strictly speaking this isn't an OpenSSL question. OpenSSL does not create or distribute the contents of /etc/ssl/certs. However it *does* provide the ability to read a set of CA certs from either a directory or a file. Applications can choose to work which ever way they want. I assume that distros have opted to provide both a directory *and* a file so that they can supply certs for which ever way an application chooses to work. My understanding is that you are supposed to put locally added certs in /usr/local/share/ca-certficates, and then run the update-ca-certificates tool which updates both the directory and the file. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
