Re: [blfs-support] SSL certificates

Sun, 27 Jan 2013 04:18:47 -0800 

Hi,

Thanks very much for the information. I probably didn't understand everything
in the process, anyway. Indeed, in make-ca.sh, I replaced
BUNDLE="BLFS-ca-bundle-${VERSION}.crt" with AddTrustExternalCARoot.crt.
Then I ran script. I also updated mozilla's certs, through the proces described
in the book and also with mozilla-root.crtŒ.

So .pem are all updated and generated. Is it enough? Should the ca-bundle.crt
be updated itself? Because with such process, fetchmail displays the same
thing.

Did I misunderstand something in this process of certificates?

Thanks very much and sorry to disturb but I've to say that this security 
concepts
are not natural for me.

Best regards,

On Saturday 26 Jan 2013 à 20:23:02 (-0600), DJ Lucas wrote:
> On 01/26/2013 09:46 AM, Jean-Philippe MENGUAL wrote:
> > Hi,
> >
> > How could I get rid of this warning/error from fetchmail:
> > http://sprunge.us/YIUJ
> >
> > This seems to make a output code different from 0, which prevents a script 
> > from
> > running properly, so I'd like to fix the problem. I didn't find any way to
> > make fetchmail pass without problem (even quiet displays this). How can it 
> > accept
> > these certs?
> >
> > I could add them to CA-certs, following: 
> > http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html
> > but I have not understood how I can fetch the non-trusted certificate.
> > Finally, I must write not properly my search, I don't find any tutorial for
> > this on the Internet.
> 
> You won't, other than what is in the BLFS book because everyone does it 
> differently. Being BLFS, you are expected to do it manually. The root 
> you seek is available here:
> 
> https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=87
> 
> 1st link from a Google search for "AddTrust external ca root".
> 
> Anyway, steps are exactly what is in the book now. Probably best to 
> first update with current Mozilla certs, then download the one above and 
> drop it into /etc/ssl/certs, run c_rehash, and finally recreate 
> /etc/ssl/ca-bundle.crt from the newly installed certs. Might not even be 
> a bad idea to create a directory for other trusted certs in /etc/ssl and 
> include them in the original script from the book.
> 
> -- DJ
> 
> -- 
> http://linuxfromscratch.org/mailman/listinfo/blfs-support
> FAQ: http://www.linuxfromscratch.org/blfs/faq.html
> Unsubscribe: See the above information page
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to