Gerard wrote:

I wanted to import the root certificates from my WinXP machine into my
FreeBSD server. I found a site:

that supplied information on how to accomplish this. This is an
excerpt from that page.

In order to avoid errors when visiting SSL-encrypted websites, a file
named cert.pem containing public certificates of Trusted Root
Certification Authorities needs to be present in
the /usr/local/openssl/certs directory. This file can be constructed by
exporting an existing collection of trusted root certificates from
another operating system, namely Microsoft Windows XP or Macintosh OS
X. 12.6.1. Microsoft Windows XP

To export trusted root certificates from a Windows XP system:

Click the Start menu and open the Control Panel.

Double-click the Internet Options icon.

Click the Content tab then click the Certificates... button.

Click the Trusted Root Certification Authorities tab.

Click the first entry in the list and then scroll down to the end of
the list. While holding the [shift] key, click the last entry in the
list. This will select all of the listed certificates.

Click the Export button and then click Next > at the wizard Welcome

Click the Browse... button and save the file as cert.p7b in a location
of your choice.

Click Next > when you are returned to the File Name prompt.

Click Finish to complete the export.

Copy the file cert.p7b to the /usr/local/openssl/certs directory on
your FreeBSD system using SFTP or a similar file transfer utility (see
"OpenSSH Server 4.7p1" for details on SFTP).

Once the cert.p7b file is in the proper location, run the following
command to convert it into the required PEM (Privacy Enhanced Mail)
format: # cd /usr/local/openssl/certs # openssl pkcs7 -inform DER -in
cert.p7b -print_certs -text -out cert.pem

You should now be able to securely connect to websites "trusted" by
Microsoft without Lynx SSL errors.

The problem is that I do not have a: /usr/local/openssl/certs
directory. I do have a: /usr/local/share/certs directory though. Could
I use that directory instead, or do I have to create the specified one?
I also read about creating an /etc/ssl/certs directory somewhere.

I think you could accomplish what you are after more easily by installing the ca_root_nss port.

_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to