[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] installing ssl certs?

From: Ian Collier
Subject: Re: [Lynx-dev] installing ssl certs?
Date: Mon, 14 Mar 2005 14:16:23 +0000

On Mon, Mar 14, 2005 at 03:21:14AM -0800, Walter Ian Kaye wrote:
> At 09:59a +0000 03/14/2005, Thorsten Glaser didst inscribe upon an 
> electronic papyrus:
> >address@hidden:/home/tg $ ls -l /etc/ssl/certs/

> Hmm... I don't have that directory. Will it automatically be 
> recognized (by Lynx, Firefox, etc), or do I have to somehow 
> advertise/register that as the repository?

> I just downloaded something called "cacert.crt" and have no idea what 
> to do with it. <g>

$ openssl version -d
OPENSSLDIR: "/usr/share/ssl"

This should give you the name of the parent directory where OpenSSL
looks for its certificates.  For a more explicit answer you can probably
delve into the binary of

$ strings - /usr/lib/|less -j 3

Shows this on screen:


Whatever the value of the environment variable SSL_CERT_FILE is
(where the default on my system is /usr/share/ssl/cert.pem) points
to a file containing a bunch of globally-recognised certificates.
This is probably also what your downloaded cacert.crt file is, though it
may or may not be in the correct format, and you may find that there
is one already installed when you have found the proper location for it.

Whatever the value of the environment variable SSL_CERT_DIR is (where
the default on my system is /usr/share/ssl/certs) points to a directory
containing individual certificate files.  For each certificate there
must be a symlink of the form 12345678.0 pointing to it, where 0 is
just a sequence number and 12345678 is the hash of the certificate
subject which can be found by the command:

openssl x509 -hash -noout -in {filename.pem}

The c_rehash command which comes with some distributions of OpenSSL is
basically a fancy script for finding out the hash of each certificate
in a particular directory and creating the appropriate symlink.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]