"Rainer Gerhards" <[EMAIL PROTECTED]> writes: > Hi all, > > this is probably an exceptionally dumb question, but... ;) > > I would like to ship a number of trusted roots with the default > rsyslog install - much like web browsers do. The idea is that I would > like to be able to automatically verify certificates that have been > obtained by one of those well-known CA. > > Question now: how do I do that? Do I simply add the certificate blocks > into a single big .pem file? Or do I need to supply multiple files.
Yes, that is typically the simplest. The gnutls_certificate_set_x509_trust_file function will read multiple CAs from a file. > Also (the probably really dumb one ;)): how do I obtain these > certificates? Ask the CAs? Or export them from the browser (I've not > found this option in Firefox). > > Advise is appreciated. Extracting them from a browser has been done: http://curl.haxx.se/docs/caextract.html I don't recommend shipping these CAs as "trusted" CAs without verifying them though. It is generally safest to ask users to install the CAs they trust manually. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
