Date: Mon, 14 Oct 2024 13:32:36 +0100 From: void <void@f-m.fm> To: freebsd-current@freebsd.org Subject: Re: new tls-cert-store and cert-bundle methods Message-ID: <Zw0PZIX0q39XLKOj@int21h> In-Reply-To: <864j5fuo7d.fsf@ltc.des.dev> References: <Zc_1fZGq3qoxSeko@int21h> <864j5fuo7d.fsf@ltc.des.dev>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 14, 2024 at 09:40:38AM +0200, Dag-Erling Smørgrav wrote: >void <void@f-m.fm> writes: >> Now that we have system tls-cert-store, if one needs to reference >> a tls-cert-bundle like provided by ca_root_nss, do we need >> to concatenate all of the certs listed in /usr/share/certs/trusted >> into, for example cert.pem then symlink /etc/ssl/cert.pem to >> that concatenated file? > >This is being worked on. For now, if you need a bundle, just install >ca_root_nss, which has the same contents as the system store but in >bundle form. Thank you for this info. I have encountered one consequence of the above situation very recently that stopped a port from initially functioning: deskutils/nextcloudclient . It gave "The issuer certificate of a locally looked up certificate could not be found" with the cloud's letsencrypt cert. Installation of ca_root-nss allowed syncing up to the cloud to proceed via nextcloudclient. Access via web browser was never an issue. --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Zw0PZIX0q39XLKOj>