Date: Wed, 25 Jun 2008 12:05:56 -0400 From: Gerard <gerard@seibercom.net> To: freebsd-questions@freebsd.org Subject: Install Microsoft Root Certificates into FreeBSD Message-ID: <20080625120556.310b2b23@scorpio>
next in thread | raw e-mail | index | archive | help
--Sig_/t43.Acpde2Fz1bhkLkAjOWZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable FreeBSD-6.3 I wanted to import the root certificates from my WinXP machine into my FreeBSD server. I found a site: http://safari.ibmpressbooks.com/9781593271459/configure-id11 that supplied information on how to accomplish this. This is an excerpt from that page. <quot> In order to avoid errors when visiting SSL-encrypted websites, a file named cert.pem containing public certificates of Trusted Root Certification Authorities needs to be present in the /usr/local/openssl/certs directory. This file can be constructed by exporting an existing collection of trusted root certificates from another operating system, namely Microsoft Windows XP or Macintosh OS X. 12.6.1. Microsoft Windows XP To export trusted root certificates from a Windows XP system: Click the Start menu and open the Control Panel. Double-click the Internet Options icon. Click the Content tab then click the Certificates... button. Click the Trusted Root Certification Authorities tab. Click the first entry in the list and then scroll down to the end of the list. While holding the [shift] key, click the last entry in the list. This will select all of the listed certificates. Click the Export button and then click Next > at the wizard Welcome screen. Click the Browse... button and save the file as cert.p7b in a location of your choice. Click Next > when you are returned to the File Name prompt. Click Finish to complete the export. Copy the file cert.p7b to the /usr/local/openssl/certs directory on your FreeBSD system using SFTP or a similar file transfer utility (see "OpenSSH Server 4.7p1" for details on SFTP). Once the cert.p7b file is in the proper location, run the following command to convert it into the required PEM (Privacy Enhanced Mail) format: # cd /usr/local/openssl/certs # openssl pkcs7 -inform DER -in cert.p7b -print_certs -text -out cert.pem You should now be able to securely connect to websites "trusted" by Microsoft without Lynx SSL errors. </quot> The problem is that I do not have a: /usr/local/openssl/certs directory. I do have a: /usr/local/share/certs directory though. Could I use that directory instead, or do I have to create the specified one? I also read about creating an /etc/ssl/certs directory somewhere. --=20 Gerard gerard@seibercom.net There are times when truth is stranger than fiction and lunch time is one of them. --Sig_/t43.Acpde2Fz1bhkLkAjOWZ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhibOwACgkQ6DWTaTcTwMkOnACaA3KAGBE+aFOXDqgIX7CW70hL NXcAoJm/0TAXD3SGkzimijVPqkNgrOV3 =JmX8 -----END PGP SIGNATURE----- --Sig_/t43.Acpde2Fz1bhkLkAjOWZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080625120556.310b2b23>