howtos:import_ca_certificates_for_openssl_to_use
Start out by finding the location for the certificates to be stored:
openssl version -d OPENSSLDIR: "/usr/lib/ssl"
Directories inside OPENSSLDIR is usually a symbolic link to /etc/ssl, but YMMW.
Now upload the CA certificates in PEM format into OPENSSLDIR/certs.
Next use this script to create the symbolic links inside the certs directory:
#!/bin/sh
#
# usage: certlink.sh filename [filename ...]
for CERTFILE in $*; do
# make sure file exists and is a valid cert
test -f "$CERTFILE" || continue
HASH=$(openssl x509 -noout -hash -in "$CERTFILE")
test -n "$HASH" || continue
# use lowest available iterator for symlink
for ITER in 0 1 2 3 4 5 6 7 8 9; do
test -f "${HASH}.${ITER}" && continue
ln -s "$CERTFILE" "${HASH}.${ITER}"
test -L "${HASH}.${ITER}" && break
done
done
Now go into OPENSSLDIR/certs and run the script:
certlink.sh CA-certificate1.pem CA-certificate2.pem CA-certificate3.pem
Now openssl will verify certificates signed by these CA's.
howtos/import_ca_certificates_for_openssl_to_use.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1