And now I know about that command... Equitable exchange! Glad it'll work for you :)
Joe > -----Original Message----- > From: Rob Moore [mailto:[email protected]] > Sent: Thursday, August 26, 2010 12:22 PM > To: [email protected] > Subject: Re: [Pound Mailing List] Possible to use system certificates > for client cert verification? > > Thanks for the tip, Joe. I didn't realize that they were already > compiled > into a single file. Following your lead I came across the command > 'update-ca-certificates' which can be used to update the > /etc/ssl/certs/ca-certificates.crt file. > > Rob > > On Thu, Aug 26, 2010 at 10:58 AM, Joe Gooch <[email protected]> > wrote: > > > My guess would be that because it's for client verification, not for > > general trust determination, that the verification list is separate > from the > > default system ca list. I'd have to look in the code to confirm. > > > > > > If your Ubuntu box is like my Debian Lenny box, wouldn't all the > certs in > > /etc/ssl/certs/ be compiled/concatenated into > > /etc/ssl/certs/ca-certificates.crt? That would be your system list. > > > > If they aren't already, it would be relatively trivial to run cat > > /etc/ssl/certs/*.pem > /etc/ssl/certs/ca-certificates.crt as part of > the > > pound init.d or startup script. > > > > Joe > > > > > > > -----Original Message----- > > > From: Rob Moore [mailto:[email protected]] > > > Sent: Thursday, August 26, 2010 11:31 AM > > > To: [email protected] > > > Subject: [Pound Mailing List] Possible to use system certificates > for > > > client cert verification? > > > > > > I would like to use the CA certificates installed as part of the OS > > > (Ubuntu > > > Linux in this case) to verify client certificates rather than > specify a > > > particular file containing these CA certificates using VerifyList. > I've > > > tried specifying "ClientCert 2 9" without defining VerifyList but > > > received > > > an error which I assume is because no VerifyList has been defined. > > > > > > I'd thought that the OpenSSL libraries would pick up the system > > > certificates > > > by default but perhaps this is not the case? > > > > > > Thanks, > > > > > > Rob > > > > > > > > > -- > > > To unsubscribe send an email with subject unsubscribe to > > > [email protected]. > > > Please contact [email protected] for questions. > > > > -- > > To unsubscribe send an email with subject unsubscribe to > [email protected]. > > Please contact [email protected] for questions. > > > > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
