Hi, this is something that has bothered me for a while. How can the root CA certificates that come with mozilla PSM be converted/exported to a format that is usable with openssl?
Background. I want to use fetchmail-ssl with SSL encrypted IMAP (port 993) and verify the server certificate against man-in-the-middle. But the server certificate is chained to the Verisign/RSA root, and Verisign doesn't seem to provide any way to download the root (at least I haven't found any during my interminable journey through their $$$ oriented Web maze). Mozilla has all the roots built in, but not in the DER or PEM formats that openssl groks; in fact the mozilla roots are linked into libnssckbi.so as C structures, it seems. I downloaded the mozilla source (really!) and determined that the bits of the roots originate in the file certdata.txt. But even this file's format is a far cry from something that can be fed into openssl. Can somebody give me a hint how to convert it? I am not familiar with DER; I guess a reference to the definition of DER would be enough to make me grateful (though not yet happy :) Thanks, -- Ian Zimmerman, Oakland, California, U.S.A. Hypocrisy, arrogance and manipulation: sure-fire ways to earn hatred. GPG pub key: 433BA087 9C0F 194F 203A 63F7 B1B8 6E5A 8CA3 27DB 433B A087
