[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: adding trusted CAs
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: adding trusted CAs |
Date: |
Wed, 02 Jul 2008 18:22:07 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) |
"Rainer Gerhards" <address@hidden> writes:
> Hi all,
>
> this is probably an exceptionally dumb question, but... ;)
>
> I would like to ship a number of trusted roots with the default
> rsyslog install - much like web browsers do. The idea is that I would
> like to be able to automatically verify certificates that have been
> obtained by one of those well-known CA.
>
> Question now: how do I do that? Do I simply add the certificate blocks
> into a single big .pem file? Or do I need to supply multiple files.
Yes, that is typically the simplest. The
gnutls_certificate_set_x509_trust_file function will read multiple CAs
from a file.
> Also (the probably really dumb one ;)): how do I obtain these
> certificates? Ask the CAs? Or export them from the browser (I've not
> found this option in Firefox).
>
> Advise is appreciated.
Extracting them from a browser has been done:
http://curl.haxx.se/docs/caextract.html
I don't recommend shipping these CAs as "trusted" CAs without verifying
them though. It is generally safest to ask users to install the CAs
they trust manually.
/Simon
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Help-gnutls] Re: adding trusted CAs,
Simon Josefsson <=