On Tue, 21 Dec 2010, Keith Lofstrom wrote: > On Mon, Dec 20, 2010 at 11:21:04PM -0800, wes wrote: >> Are you importing the hospital's CA into firefox? or just setting >> an exception for that host to not require a valid SSL cert? > > Firefox, and probably other tools. The hospital is using Citrix, > and that is using the same infrastructure, but it seems to want the > certs someplace in addition to the Firefox certs and exceptions. I > think, not clear yet. I was doing this in the evening, when the > linux-aware-though-not-skilled folks were at home. More tomorrow, > perhaps.
It's the "probably other tools" that might hang you up. Different distributions manage server or CA certificates idiosyncratically if you need the system OpenSSL libraries to recognize the certificate. Debian: The hard-but-proper way is to put the certificate into the /usr/share/ca-certificates hierarchy, edit /etc/ca-certificates.conf accordingly, and run /usr/sbin/update-ca-certificates. (Easier is just to drop the certificate into /etc/ssl/certs and run "/usr/bin/c_rehash /etc/ssl/certs".) RHEL/CentOS: add the certificate to /etc/pki/tls/certs/ca-bundle.crt. -- Paul Heinlein <> [email protected] <> http://www.madboa.com/ _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
