From owner-freebsd-questions@FreeBSD.ORG Wed Jun 25 16:06:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 782BF1065675 for ; Wed, 25 Jun 2008 16:06:29 +0000 (UTC) (envelope-from gerard@seibercom.net) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id 312608FC0A for ; Wed, 25 Jun 2008 16:06:28 +0000 (UTC) (envelope-from gerard@seibercom.net) Received: by an-out-0708.google.com with SMTP id b33so892279ana.13 for ; Wed, 25 Jun 2008 09:06:28 -0700 (PDT) Received: by 10.100.125.12 with SMTP id x12mr9532278anc.159.1214409973169; Wed, 25 Jun 2008 09:06:13 -0700 (PDT) Received: from scorpio ( [67.189.233.182]) by mx.google.com with ESMTPS id b29sm18437876ana.22.2008.06.25.09.06.12 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 25 Jun 2008 09:06:12 -0700 (PDT) Date: Wed, 25 Jun 2008 12:05:56 -0400 From: Gerard To: freebsd-questions@freebsd.org Message-ID: <20080625120556.310b2b23@scorpio> Organization: seibercom.net X-Mailer: Claws Mail 3.4.0 (GTK+ 2.12.10; i386-portbld-freebsd6.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAIVBMVEWrAACyAB7aACGPTU0wMjHQgn9vPj1vABUwAA/QAyWPAB3Ut3lMAAAAB3RJTUUHsQwfFzs7RBhzUQAAAlZJREFUOI110zFv00AUAOBXL1Y91QilqidzS9SupwQpO9DdMqjdUJSCOjkN5Fm3Md2pUwlicKckoF5zv5L3np2kFPGURPZ9957fnS/gsLboHCIa+UjQIDh0Fp9HTUDTDQS/HzQGkg4qAPNkOgCgRQK7hOQWq4MsmHAENBcgRg+Ili4sHjRNFk6au7iutoACJ03zY9yo09gJJFSdL5xZqEbrhVIZA+ASKoaEoDlG3CzUmVsrgSVDbqfq2KRHfqP6daRyBiCIcvfx3pyUF0e46LlIKR4EBLpyXz9VP8vyLp59YMhjAUVg8ZBgAbRtBGoHtataiOsnQFHb6rApL3h9lu8FDHXwyEDxPcFbuk2kKwraXbNhuF+ika1uwYRHHE4Zeu+8CSG0IM+Yn09TqvTSoZFn8LZwF1i7bynFb+pbuoo6sLWzDJ8JXtB9QuA7cKs0zc4JVAcxbwHDbZo+8HHpIGqBtsKuMqrkpTR00LcYarfKHK/oGXD7GX07IEr2EP6CHP6FfAe0Xf8DE35pzePcbk6jS4bcfrm61lqPHt76LVSURDAbDwnGkzdSCrZAJ7goi/eDSVF4PhygBHiLzWRSUgwuvbwGGqwoi2A+KQdlWZSXvurACMRzXRa6mJRX/oYGqRgE/lH9uR5wqWLo11SfJwdOUzllcOihl+W1wCvZgWnXzUB5kYq3cKOkfwG+6o8Fite8PK5E0NaatXC9fYQAp/SkK72rxCANv5KVjyRhC5waqTNKGa4lId8Bp6hMj5b7BKDTy/81ktOmiSR3D/yqICLgN6raSn8AvNo9lO4L1VIAAAAASUVORK5CYII= X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR nSNPNr*/^~StawWU9KDJ-CT0k$f#@t2^K&BS_f|?ZV/.7Q X-Operating-System: FreeBSD-6.3 p2 Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/t43.Acpde2Fz1bhkLkAjOWZ"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Subject: Install Microsoft Root Certificates into FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2008 16:06:29 -0000 --Sig_/t43.Acpde2Fz1bhkLkAjOWZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable FreeBSD-6.3 I wanted to import the root certificates from my WinXP machine into my FreeBSD server. I found a site: http://safari.ibmpressbooks.com/9781593271459/configure-id11 that supplied information on how to accomplish this. This is an excerpt from that page. In order to avoid errors when visiting SSL-encrypted websites, a file named cert.pem containing public certificates of Trusted Root Certification Authorities needs to be present in the /usr/local/openssl/certs directory. This file can be constructed by exporting an existing collection of trusted root certificates from another operating system, namely Microsoft Windows XP or Macintosh OS X. 12.6.1. Microsoft Windows XP To export trusted root certificates from a Windows XP system: Click the Start menu and open the Control Panel. Double-click the Internet Options icon. Click the Content tab then click the Certificates... button. Click the Trusted Root Certification Authorities tab. Click the first entry in the list and then scroll down to the end of the list. While holding the [shift] key, click the last entry in the list. This will select all of the listed certificates. Click the Export button and then click Next > at the wizard Welcome screen. Click the Browse... button and save the file as cert.p7b in a location of your choice. Click Next > when you are returned to the File Name prompt. Click Finish to complete the export. Copy the file cert.p7b to the /usr/local/openssl/certs directory on your FreeBSD system using SFTP or a similar file transfer utility (see "OpenSSH Server 4.7p1" for details on SFTP). Once the cert.p7b file is in the proper location, run the following command to convert it into the required PEM (Privacy Enhanced Mail) format: # cd /usr/local/openssl/certs # openssl pkcs7 -inform DER -in cert.p7b -print_certs -text -out cert.pem You should now be able to securely connect to websites "trusted" by Microsoft without Lynx SSL errors. The problem is that I do not have a: /usr/local/openssl/certs directory. I do have a: /usr/local/share/certs directory though. Could I use that directory instead, or do I have to create the specified one? I also read about creating an /etc/ssl/certs directory somewhere. --=20 Gerard gerard@seibercom.net There are times when truth is stranger than fiction and lunch time is one of them. --Sig_/t43.Acpde2Fz1bhkLkAjOWZ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkhibOwACgkQ6DWTaTcTwMkOnACaA3KAGBE+aFOXDqgIX7CW70hL NXcAoJm/0TAXD3SGkzimijVPqkNgrOV3 =JmX8 -----END PGP SIGNATURE----- --Sig_/t43.Acpde2Fz1bhkLkAjOWZ--