How to fill /etc/ssl/certs?
Manuel Reimer
I didn't find the package, which contains the stuff, which belongs into
the directory /etc/ssl/certs (SSL root certificates). Where may I get a
current set of files? Why does Slackware leave this empty?
CU
Manuel
Lew Pitcher
(mre...@expires-31-12-2009.news-group.org) wrote:
> Hi,
>
> I didn't find the package, which contains the stuff, which belongs into
> the directory /etc/ssl/certs (SSL root certificates).
That's because Slackware doesn't provide a package containing /your/ root
certificates. The job of genning those certificates is part of what you (as
sysadmin of your system) are supposed to do.
> Where may I get a current set of files?
You don't "get" the files for ssl/certs, you /create/ the files. Use the
openssl genrsa and/or gendsa options (see genrsa(1) and/or gendsa(1)) to
generate your certificates.
> Why does Slackware leave this empty?
Because it's your job to generate your certificates?
HTH
--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
Me: http://pitcher.digitalfreehold.ca/ | Just Linux: http://justlinux.ca/
---------- Slackware - Because I know what I'm doing. ------
Robby Workman
Lew Pitcher
Whatever.
Now once again, could you please stop using the name LewPitcher,
which is legally registered to me?
You hijacked justlinux.ca and now you are trying to appropriate
LewPitcher.ca.
Why are you stalking me? I, and I alone, am the only legally
registered user of LewPitcher.ca and LewPitcher.com, as you can see
from the links below. Everybody posting to usenet can see this.
Everybody doing a google search can see this.
Don't you feel foolish? Don't you feel small?
LewPi...@LewPitcher.ca
--
Official Website -->> http://lewpitcher.ca/
Something to look at: -->> http://www.emusclemag.com/
Lonely in Brampton? -->> http://gaypros.meetup.com/cities/ca/on/brampton/
Peel HIV/AIDS Network -->> http://www.phan.ca/home.html
Manuel Reimer
> http://slackware.com/~rworkman/ca-certificates/
Thanks. Yesterday, some time after I noticed where I may find the root
certificates, I also wrote a small SlackBuild, but mine just gets the
certificates from mozilla.org and packages them right into
/etc/ssl/certs.
This worked for me. Maybe I should post this to slackbuilds.org?
CU
Manuel
Robby Workman
Well, I guess I can do that; I was hesitating because I wasn't sure if
it was something that we actually needed in Slackware proper. I don't
recall now what you said needed it, so what was it?
-RW
Manuel Reimer
> Well, I guess I can do that; I was hesitating because I wasn't sure if
> it was something that we actually needed in Slackware proper. I don't
> recall now what you said needed it, so what was it?
A self written perl software, I use to "remote control" a silly
webinterface, I have to use regularly. I needed the root certificates
somewhere to use it while communicating with the remote HTTPS server.
If you want to have a look at my SlackBuild, I could publish this
somewhere. My solution is much simpler, but worked for my usecase. My
"source" is this file:
http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
Anything, I do, is to translate this to pm-files and place them to
etc/ssl/certs in the resulting package. For this translation, I use the
ruby script, which can be found in the debian package. This works for
most HTTPS servers on the web. I don't know what the additional
certificates in this debian package are for and I don't know if I want
to trust them.
IMHO Mozilla has a pretty good policy for accepting new root
certificates.
CU
Manuel