[OmniOS-discuss] ssl root CA certs
Paul B. Henson
henson at acm.org
Thu Oct 11 18:36:30 EDT 2012
I noticed omnios installs a standard set of root CA certs in
/etc/certs/CA; however, openssl is looking for them in /usr/ssl/certs,
which was empty. I ended up running
for f in /etc/certs/CA/* ; do ln -s $f /usr/ssl/certs/`openssl x509 -hash -noout -in $f`.0; done
to make the hashed symlinks so openssl based apps (such as wget) would
find the root CA's.
If there's an intention for openssl to recognize root CA's out of the
box, perhaps these symlinks can be made during the install? Or perhaps
openssl should be configured to look in /etc/certs/CA instead of
/usr/ssl/certs (which would still need hash symlinks, but just in that
directory instead). Or if the intention is for an admin to need to setup
this up themselves after an install, ignore the noise ;)...
Thanks...
More information about the OmniOS-discuss
mailing list