Thanks for the tip, Joe. I didn't realize that they were already compiled into a single file. Following your lead I came across the command 'update-ca-certificates' which can be used to update the /etc/ssl/certs/ca-certificates.crt file.
Rob On Thu, Aug 26, 2010 at 10:58 AM, Joe Gooch <[email protected]> wrote: > My guess would be that because it's for client verification, not for > general trust determination, that the verification list is separate from the > default system ca list. I'd have to look in the code to confirm. > > > If your Ubuntu box is like my Debian Lenny box, wouldn't all the certs in > /etc/ssl/certs/ be compiled/concatenated into > /etc/ssl/certs/ca-certificates.crt? That would be your system list. > > If they aren't already, it would be relatively trivial to run cat > /etc/ssl/certs/*.pem > /etc/ssl/certs/ca-certificates.crt as part of the > pound init.d or startup script. > > Joe > > > > -----Original Message----- > > From: Rob Moore [mailto:[email protected]] > > Sent: Thursday, August 26, 2010 11:31 AM > > To: [email protected] > > Subject: [Pound Mailing List] Possible to use system certificates for > > client cert verification? > > > > I would like to use the CA certificates installed as part of the OS > > (Ubuntu > > Linux in this case) to verify client certificates rather than specify a > > particular file containing these CA certificates using VerifyList. I've > > tried specifying "ClientCert 2 9" without defining VerifyList but > > received > > an error which I assume is because no VerifyList has been defined. > > > > I'd thought that the OpenSSL libraries would pick up the system > > certificates > > by default but perhaps this is not the case? > > > > Thanks, > > > > Rob > > > > > > -- > > To unsubscribe send an email with subject unsubscribe to > > [email protected]. > > Please contact [email protected] for questions. > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
