From owner-freebsd-security@FreeBSD.ORG  Tue Apr  7 22:13:16 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 1E847414
 for <freebsd-security@freebsd.org>; Tue,  7 Apr 2015 22:13:16 +0000 (UTC)
Received: from mail-ie0-f171.google.com (mail-ie0-f171.google.com
 [209.85.223.171])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DFADA306
 for <freebsd-security@freebsd.org>; Tue,  7 Apr 2015 22:13:15 +0000 (UTC)
Received: by iebrs15 with SMTP id rs15so59656300ieb.3
 for <freebsd-security@freebsd.org>; Tue, 07 Apr 2015 15:13:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=zmiOeTSPov9DDOLGs4GYqu6SDQt3uLCo21o1NCQKvx8=;
 b=DJpIXDiNSBA9tzC6HvR540fm5sCQArggNjepTuaJGqZvPo8/l6ldkI39LLeCP1wre/
 iiwqkxVUTPHRvJjDpdaBwaDxy0UKYRU3vMa/RfxJNtN6BkFk1VH7Z0sTt96I9Gpl9boI
 yhi0KkJfDsbEJFIBItJ80dudh0FhXQ7cLjeaN3NGwRW3A/wp2gd4r0nhwg2WxPDzIjec
 jDOs5EZkWCXQBTYZ24xpn4XP0p+7Hu7RjJ+cPzKymR+xxEBmMHI7wLYZeD4G7KGANCgE
 2czhoY5qDKodHeEZu+vJvsiAyGJEYZxASsiBQFep4Ed6auENmP3OBEfaGlW6tFxm64HW
 ekmw==
X-Gm-Message-State: ALoCoQlmN2clBT2nZDO7nnWveJyW81TQ+eL3B3dZeoEcg+i3NiBc2Fd4cJVnOoBbKwyzH4XVvIDa
MIME-Version: 1.0
X-Received: by 10.50.138.68 with SMTP id qo4mr7162380igb.33.1428444789044;
 Tue, 07 Apr 2015 15:13:09 -0700 (PDT)
Received: by 10.36.42.14 with HTTP; Tue, 7 Apr 2015 15:13:08 -0700 (PDT)
In-Reply-To: <5524525D.50500@obluda.cz>
References: <CAMJXocmzU6be4PXpdn9pf+VdOdsXwYkSZHM-Q1iZC-Vah7+7Qw@mail.gmail.com>
 <5524525D.50500@obluda.cz>
Date: Tue, 7 Apr 2015 18:13:09 -0400
Message-ID: <CAMJXocn6UeL72EcyvOo+oHxN=-VNjQVowK=7zitgPC5pAW5sVg@mail.gmail.com>
Subject: Re: openssl certificates
From: el kalin <kalin@el.net>
To: Dan Lukes <dan@obluda.cz>, freebsd-security@freebsd.org,
 freebsd-users@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2015 22:13:16 -0000

>
>
> > also how to add a CA cert to ca_root_nss file?
>
> If in PEM format then just append it. In DER format it is not possible.


ok. it's in pem. but for each cert my ca-root-nss.crt has a bunch of other
sections - like date, signature algorithm,etc - wheres the company-root-ca.=
crt
has only whats in-between the begin and end lines. does that matter?

thanks=E2=80=A6