27 lines
1 KiB
Text
27 lines
1 KiB
Text
===========================================================================
|
|
$NetBSD: MESSAGE,v 1.3 2011/06/10 16:23:45 drochner Exp $
|
|
|
|
Execute these commands to extract and rehash all CA root certificates
|
|
distributed by the Mozilla Project, so that they can be used by third
|
|
party applications using OpenSSL:
|
|
|
|
# cd /etc/openssl/certs # Default SSLCERTS path for NetBSD
|
|
# mozilla-rootcerts extract
|
|
# mozilla-rootcerts rehash
|
|
|
|
To create a single file certificate bundle in PEM format which can
|
|
be used by applications using GnuTLS, do the following:
|
|
|
|
# mkdir -p /etc/ssl/certs
|
|
# cd /etc/ssl/certs
|
|
# cat ../../openssl/certs/*.pem >ca-certificates.crt
|
|
|
|
To mark these certificates as trusted for users of gnupg2, do
|
|
the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
|
|
|
|
# mkdir /usr/pkg/etc/gnupg
|
|
# cd /usr/pkg/etc/gnupg
|
|
# for c in /etc/openssl/certs/*.pem; do
|
|
> openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
|
|
> done > trustlist.txt
|
|
===========================================================================
|