From owner-freebsd-questions@freebsd.org Wed Jul 26 00:07:59 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C95E0DABA83 for ; Wed, 26 Jul 2017 00:07:59 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 866FB6CD2B for ; Wed, 26 Jul 2017 00:07:59 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qt0-x230.google.com with SMTP id s6so47911829qtc.1 for ; Tue, 25 Jul 2017 17:07:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=v/nkNGH+b4L5US3TN45GS7YpbNUuF501OkU9evBhjk4=; b=zdKS5MrwP4ywp4uYSSpBfIGomKt5d/6ipdjJrK9mD2fb5Y8FVN67cJ74c26PuAS0HT /iqOn4FuOft/eqoyHmo0L72u/CVFL5tQ4lTNyQh5zGEjyxZcHLq7aH3MKWEEk9bqdLgW JGl5vc/m60zoVJjcRaZl7FNEv4/OM/l5e8Zf+q3ado4nSaUmlMsQez7fKc8n5eIKba9m lpdE5ErpY8ER0Z8Vr5DYlMzHh9VYgcbRbmFbIhSr9xVCU0C+E42VAiLmb1U20r9Y5v8/ nHI4mxLaaS10biluVlL4FtnzAXFO983DOQH62utTUuCIuBJKxnIm0pDtmOEGBhJUC6Yw B05A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=v/nkNGH+b4L5US3TN45GS7YpbNUuF501OkU9evBhjk4=; b=a1o4/hbif6F0JFAtjIQ7qTYvCFiUtSd4yGF5seQUf7aNh0U5TtDv4yReKcueCqsHgr 8njuGo39kAJy42NOzkGIUhHjCIT2PVb8YP60J3j/yjPO1L1hGqKgQUyoZ3dtGRz0LhaA 2CZcMl+8eqYSkJGqrcR4MwUt1Gt3xxrz74fNJBhh0MGVdmpplppdCMDAVnS74NiT/byz B7bq0W6ac1DxqVxXs6yWYn0YZ/ZRMgYW6rEPqqjDI3Azfvi1BKh/kyeOrMWx3GpR/L+o Ziboui+Bd/VGEhUdTgVZFUGowRbcfF6/r7dT5zktrmtsbd0TnTmhvFP3tTz0PJBRmtGt +4QA== X-Gm-Message-State: AIVw1139jAkG6VEAzFMBEn7+tnvm29keLZgGetU3AnifH8UnwXVjtvle Ia5xCeWNze6kKShN4gp1TPCuFr4YuyETRy8DbA== X-Received: by 10.237.60.110 with SMTP id u43mr26606234qte.212.1501027678232; Tue, 25 Jul 2017 17:07:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.10.68 with HTTP; Tue, 25 Jul 2017 17:07:57 -0700 (PDT) In-Reply-To: <3ee2c96d01c39aec0976fe2c20a17826.squirrel@webmail.harte-lyne.ca> References: <3ee2c96d01c39aec0976fe2c20a17826.squirrel@webmail.harte-lyne.ca> From: Michael Sierchio Date: Tue, 25 Jul 2017 17:07:57 -0700 Message-ID: Subject: Re: HTTP Error: Unacceptable TLS Certificate To: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jul 2017 00:07:59 -0000 On Tue, Jul 25, 2017 at 11:47 AM, James B. Byrne via freebsd-questions wrote: > > We run a private CA and our https services are secured with our own > certificates. On my new desktop unit I am unable to connect to our > webdav https service because of an 'unacceptable TLS certificate'. I > speculate that this is due to our root certificates not being in the > trusted root certificate store on this machine. > > My question is: Where is the CA root certificate store configured for > the desktop file browser? > > Depends on the OS and the browser. Many things on FreeBSD use the package: ca_root_nss-3.31 Root certificate bundle from the Mozilla Pro= ject openssl typically has a symlink to this bundle: kudzu@ahab:/etc/ssl 206> ls -l /etc/ssl/ total 12 lrwxr-xr-x 1 root wheel 38 Jun 13 01:13 cert.pem -> /usr/local/share/certs/ca-root-nss.crt Some browsers have their own store. On OS X and Windows you can add it to the trusted OS store. -- "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata