Date: Fri, 17 Dec 2021 10:49:54 +0100 From: Andrea Venturoli <ml@netfence.it> To: Kyle Evans <kevans@freebsd.org> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: How to populate /etc/ssl/certs Message-ID: <3f4fcb27-06e1-ee30-b16e-30d202427f28@netfence.it> In-Reply-To: <CACNAnaFijz1ibsk13LQT38ErguNAf13d6v8MqZt%2Beg%2BOGt2ZbA@mail.gmail.com> References: <aeb690a3-00bd-1edc-5e36-7b94d63e2730@netfence.it> <CACNAnaH1GkZn0RkVEdLTLdnc82O1h=c-Vvh6=aApGMDfAWBvbg@mail.gmail.com> <86ed5dab-6476-efa7-5ecf-7477bfefc1e9@netfence.it> <CACNAnaFijz1ibsk13LQT38ErguNAf13d6v8MqZt%2Beg%2BOGt2ZbA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/17/21 08:12, Kyle Evans wrote: >> So are we expected to run etcupdate after, e.g., installing >> security/ca_root_nss? >> > > Negative; certctl in-fact doesn't do anything with > security/ca_root_nss as of yet. Hmm... Seems it does: it creates this link: > # ls -l /etc/ssl/certs/|grep local > lrwxr-xr-x 1 root wheel 46 Nov 4 11:52 cd8c0d63.1 -> ../../../usr/local/share/certs/ca-root-nss.crt > The current incarnation of > security/ca_root_nss will likely go away in the near-to-mid future and > might be replaced with a version that installs certctl compatible > roots at some point. I'm looking forward to it, though some software seems to still look for the single pem file. > Is /usr/share/certs/* populated *in the jail*? Yes. > You can always try > running `certctl rehash` manually, maybe with a -v thrown in there for > verbosity. Thanks, this is what I was looking for! bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3f4fcb27-06e1-ee30-b16e-30d202427f28>