Date: Wed, 25 Jun 2008 13:20:55 -0400 From: Kevin Kobb <kkobb@skylinecorp.com> To: freebsd-questions@freebsd.org Subject: Re: Install Microsoft Root Certificates into FreeBSD Message-ID: <g3tupn$snn$1@ger.gmane.org> In-Reply-To: <20080625120556.310b2b23@scorpio> References: <20080625120556.310b2b23@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
Gerard wrote: > FreeBSD-6.3 > > I wanted to import the root certificates from my WinXP machine into my > FreeBSD server. I found a site: > > http://safari.ibmpressbooks.com/9781593271459/configure-id11 > > that supplied information on how to accomplish this. This is an > excerpt from that page. > > <quot> > In order to avoid errors when visiting SSL-encrypted websites, a file > named cert.pem containing public certificates of Trusted Root > Certification Authorities needs to be present in > the /usr/local/openssl/certs directory. This file can be constructed by > exporting an existing collection of trusted root certificates from > another operating system, namely Microsoft Windows XP or Macintosh OS > X. 12.6.1. Microsoft Windows XP > > To export trusted root certificates from a Windows XP system: > > Click the Start menu and open the Control Panel. > > Double-click the Internet Options icon. > > Click the Content tab then click the Certificates... button. > > Click the Trusted Root Certification Authorities tab. > > Click the first entry in the list and then scroll down to the end of > the list. While holding the [shift] key, click the last entry in the > list. This will select all of the listed certificates. > > Click the Export button and then click Next > at the wizard Welcome > screen. > > Click the Browse... button and save the file as cert.p7b in a location > of your choice. > > Click Next > when you are returned to the File Name prompt. > > Click Finish to complete the export. > > Copy the file cert.p7b to the /usr/local/openssl/certs directory on > your FreeBSD system using SFTP or a similar file transfer utility (see > "OpenSSH Server 4.7p1" for details on SFTP). > > Once the cert.p7b file is in the proper location, run the following > command to convert it into the required PEM (Privacy Enhanced Mail) > format: # cd /usr/local/openssl/certs # openssl pkcs7 -inform DER -in > cert.p7b -print_certs -text -out cert.pem > > You should now be able to securely connect to websites "trusted" by > Microsoft without Lynx SSL errors. > </quot> > > The problem is that I do not have a: /usr/local/openssl/certs > directory. I do have a: /usr/local/share/certs directory though. Could > I use that directory instead, or do I have to create the specified one? > I also read about creating an /etc/ssl/certs directory somewhere. > I think you could accomplish what you are after more easily by installing the ca_root_nss port.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?g3tupn$snn$1>