On 26/07/2016 16:09, Piotr Panasewicz wrote:
Hi,
There’s seems to be no good explanation on the website on how to build OpenSSL
with CA certificates so I thought I’ll give a try here.
I’ve copied all the CA certs I have to the certs folder and built,
unfortunately I still get certificate validation errors with the library I uses
(it links to OpenSSL dynamically).
I have all the CA certs in pem format, should I include some kind of flag or do
something else?
Thanks in advance,
Peter
You also need to create the relevant symlinks with the c_rehash
script or equivalent. This is documented in the c_rehash manpage
included in OpenSSL (in doc/apps/c_rehash.pod before compiling).
If a single /etc/cert directory is shared by OpenSSL 0.9.x and
OpenSSL 1.0.x, you will need symlinks for both the old and new
digest formulas. Like this:
c_rehash /etc/certs
# Only do this second step if OpenSSL 0.9.x is sharing the directory
with 1.0.x
# (Situation with OpenSSL 1.1.x is unknown):
c_rehash -n -old /etc/certs
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
