|
|||
How to install CA cert?
Hello,
Can anyone instruct me to install CA cert on NetBSD? |
|
|||
Installing mozilla-rootcerts-openssl solved the problem. Thank you for the help.
|
|
||||
Just a heads-up for the fact that starting with NetBSD 10.0, Mozilla certificates and TLS trust anchors are included the base system and mozilla-rootcerts/ca-certificates packages are no longer required (at least, on NetBSD hosts). To handle base certificates, the new certctl(8) utility has been introduced.
Transitioning to the new system from 9.x is described in in the wiki at certctl-transition. Also, since certctl landed in 10.0_BETA, older 10.0 beta snapshots aren't compatible with recent binary packages for 10.0, so user are invited to upgrade to the latest stable snapshot.
__________________
“Mi casa tendrá dos piernas y mis sueños no tendrán fronteras„ Last edited by Sehnsucht94; 5th October 2023 at 02:32 PM. |
|
|||
I know this has been solved but I'd like to do what I can to help demystify TLS certificates as they are without the use of platform-specific tools which does nothing but cause further confusion on this topic. This will only be an extremely simple "summary" on what it means to "install" a TLS certificate.
To "install" a TLS certificate just means to append a copy of it to your system's cert.pem file. You could also save certificates as separate files in a specific directory, but I'll only discuss cert.pem since it's cleaner. All certificates that you trust are in this plain text cert.pem file. When you append a new certificate to it, you are telling all programs that make use of TLS, and thus utilize cert.pem, that you hereby trust this new certificate. The cert.pem is (and should be) located under the standard location /etc/ssl. When programs establish TLS connections, they load all certificates that you trust from /etc/ssl/cert.pem. Those programs will generally be configurable so that you can specify which file, or directory, contains all your trusted certificates. That means you can store your certificates anywhere you'd like, but there's really no reason to over-complicate things. Keep a /etc/ssl/cert.pem and call it a day. There are indeed systems that like to do their own thing with stuff like this, which I think should be kept simple, but you can trust this is how installing, and therefore trusting, TLS certificates works fundamentally. |
|
|||
Quote:
Seems a lot of items depend upon it (like firefox115-115.2.0). Do you know if that will still be needed for NetBSD 10.0 ?
__________________
[t]csh(1) - "An elegant shell, for a more... civilized age." - Paraphrasing Star Wars (tvtropes.org) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Cant install anything after fresh install | bsd007 | OpenBSD Installation and Upgrading | 3 | 9th October 2017 09:32 PM |
BSDA cert exam now available at IQT testing centers | nilsgecko | News | 21 | 12th May 2011 12:08 AM |
How - To install GNOME vile I install OpenBSD ? | looop | OpenBSD Installation and Upgrading | 6 | 24th April 2010 08:58 PM |
US-CERT: Broadcom NetXtreme network cards vulnerable | J65nko | News | 0 | 27th March 2010 09:42 PM |