NTS: config and initialization
Hal Murray
hmurray at megapathdsl.net
Sat Mar 9 02:50:11 UTC 2019
man trust may be interesting.
> Is /etc/ssl/certs somewhat standard? at least for the root certs?
That's where they are on Debian - lots of stuff.
It looks like the directory format that libssl is expecting - a hash links to
a sensible name. Example:
67495436.0 -> thawte_Primary_Root_CA_-_G3.pem
On Fedora, it's a symlink to ../pki/tls/certs
I haven't sorted out what's there.
My notes say to add things to /usr/share/pki/ca-trust-source/anchors/
I haven't found them on NetBSD - no /etc/ssl/ at all, so maybe the basic
package doesn't have any certs and I haven't installed the right package yet.
FreeBSD has a symlink to /usr/local/share/certs/ca-root-nss.crt
more says:
##
## ca-root-nss.crt -- Bundle of CA Root Certificates
##
## This is a bundle of X.509 certificates of public Certificate
## Authorities (CA). These were automatically extracted from Mozilla's
## root CA list (the file `certdata.txt').
##
## Extracted from nss-3.41
## with $FreeBSD: branches/2018Q4/security/ca_root_nss/files/MAca-bundle.pl.in
325572 2013-08-29 08:10:09Z mandree $
##
## Untrusted certificates omitted from this bundle: 2
--
These are my opinions. I hate spam.
More information about the devel
mailing list