Where can I add a system CA certificate
Where can I add a system CA certificate ( cacert )? the directory path for system CA certificates?
eg: my website is signed by it, and same thing with my mailserver (smtp, imap).
GUI question is here
We have moved to a new Sailfish OS Forum. Please start new discussions there.
Where can I add a system CA certificate ( cacert )? the directory path for system CA certificates?
eg: my website is signed by it, and same thing with my mailserver (smtp, imap).
GUI question is here
Hello!
Now do not necessarily need to install openssl.
Here are the contents of the file README(in /etc/pki/ca-trust/source/README) what to do.
This directory /etc/pki/ca-trust/source/ contains CA certificates and
trust settings in the PEM file format. The trust settings found here will be
interpreted with a high priority - higher than the ones found in
/usr/share/pki/ca-trust-source/.
=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
list of CAs trusted on the system:
Copy it to the
/etc/pki/ca-trust/source/anchors/
subdirectory, and run the
update-ca-trust
command.
If your certificate is in the extended BEGIN TRUSTED file format,
then place it into the main source/ directory instead.
=============================================================================
Please refer to the update-ca-trust(8) manual page for additional information.
Instead of using the lengthy and awkward ln -s [...]
you can use multi_c_rehash
which is a quite convenient tool that came out of the mer project and can be used to create the hash-symlinks in the /etc/pki/tls/certs directory.
so... just place the (ca) certificate in the directory /etc/pki/tls/certs
in pem format and run multi_c_rehash
afterwards.
- don't forget to devel_su
first :-)
Make sure you're root on your device, with devmode and devel-su
, then first install openssl:
pkcon install openssl
Then go the CA path, fetch the root certificate and install it:
cd /etc/pki/tls/certs/
curl http://www.cacert.org/certs/root.crt -o ca-cert-root.pem
ln -s ca-cert-root.pem $( openssl x509 -hash -noout -in ca-cert-root.pem )".0"
Testing it with openssl:
openssl s_client -connect www.cacert.org:443 -CApath /etc/pki/tls/certs
unfortunately, the native browser doesn't seem to use the CA certificates, so, next you can follow this post.
I have followed the above to add Class 1 PKI Key Root Certificate and the below Class 3 PKI Key Intermediate Certificate but I am still getting in the web browser "This Connection is Untrusted" msg. when trying to access https page secured by CAcert.org certificates I have generated for the site (Error code is: sec_error_unknown_issuer).
m2 ( 2014-04-25 20:13:46 +0300 )edit@m2 follow the link at the end of this answer! Repeating it here for clarity: https://together.jolla.com/question/835/browser-personal-certificates-import/?answer=8170#post-id-8170 This answer is NOT about importing certificates to be used by the browser!
tbr ( 2014-04-25 21:48:08 +0300 )editIs the "browser step" still needed with 1.1.7?
From the release notes: Introduce certificate handling middleware (p11-kit). All crypto libraries now share one CA store.
ilpianista ( 2015-07-15 14:01:37 +0300 )editFirst, install openssl: pkcon install openssl
Go to /etc/pki/tls/certs
Then, download the ca-cert certificate: curl http://www.cacert.org/certs/class3.crt -o ca-cert-c3.pem
Get the required hash link using openssl:
ln -s ca-cert-c3.pem $( openssl x509 -hash -noout -in ca-cert-c3.pem )".0"
That should be it.
tried that, but did not solve the original problem with XMPP with my own jabber server (see http://talk.maemo.org/showthread.php?t=92053). With "bool:ignore-ssl-errors=false" the native im-client does not connect.
thessy ( 2013-12-27 21:44:33 +0300 )editThis thread is public, all members of Together.Jolla.Com can read this page.
Asked: 2013-12-26 21:52:24 +0300
Seen: 7,214 times
Last updated: Oct 14 '15
CA installed and working for OpenSSL but fails with Email app [answered]
self-signed SSL certificates should be accepted for Exchange sync [answered]
certificate details in Browser
Do not automatically accept all SSL certificates [released]
certificate manager [duplicate]
accepting (self-signed) certificates
Email certificate issue (dovecot) [answered]
Certificates seem to be in /etc/pki/tls/certs
onion ( 2013-12-26 22:00:34 +0300 )editRelated: https://together.jolla.com/question/835/browser-personal-certificates-import/
Tanghus ( 2013-12-26 22:03:58 +0300 )edit@onion the CA ones too?
AL13N ( 2013-12-26 22:04:47 +0300 )edit