[commits] [Wiki] created: openssl
Wiki Guest
wikiguest at horde.org
Thu Feb 9 08:21:57 UTC 2012
guest [85.178.209.162] Thu, 09 Feb 2012 08:21:57 +0000
Created page: http://wiki.horde.org/openssl
If you want to import external data (e.g. calendars) that are stored
on ssl secured servers with non standard root certificates, you'll
have to install these root certificates on your local machine, so your
openssl enabled client (i.e. kronolith) knows how to trust your
external source. Here is an example of how to do this for CACert.org
signed certificates:
cd /etc/ssl/certs
curl http://www.cacert.org/certs/class3.der >import.der
openssl sha1 import.der ### VERIFY THE SHA1
FINGERPRINT ###
openssl md5 import.der ### VERIFY THE MD5
FINGERPRINT ###
openssl x509 -text -inform der -in import.der ### VERIFY THE OWNER
###
openssl x509 -in import.der -inform der -out
CAcert_Class_3_Root_CA.pem -outform pem
rm import.der
c_rehash .
update-ca-certificates
Repeat these steps with the root certificate:
http://www.cacert.org/certs/root.der
Afterwards you can import your external source CACert signed
certificate (using the same method) and the chain of trust is complete.
You can find the current CACert fingerprints (to verify fingerprints
in the above example) on http://www.cacert.org/index.php?id=3
These instructions are valid for most Linux distributions with
standard openssl packaging and have been tested with Debian Unstable.
More information about the commits
mailing list