On Fri, 2009-11-27 at 21:00 +0200, Mircea Mihai Carasel wrote: > > > It should be able to list all CAs, including the internally > generated > one. It should be possible to remove any but that internally > generated > one (making this take effect will require restarting any > services that > use it, since the libraries cache these things). > > ssl/authorities directory contains certificates in both PEM and hash > format. The hash format has extension .0 > In order to display certificates I would need to do some filtering. > I am thinking to display all certificates that have any extension > except files that has extension .0
The .0 versions are all symlinks to the others. If you just eliminate duplicates, you'll be fine. > What do you think of this approach? > > Also, for the internally generated certificate, how can I > differentiate the internal certificate? The internal certificate name > is > built upon the following rule: ca.<domain_name>.crt. Is it OK to rely > on this assumption? Well, one way to tell would be to look at the issuer for the certificate in /etc/sipxpbx/ssl.crt - that one is always (currently) issued by our private certificate authority. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
