From owner-freebsd-questions@FreeBSD.ORG Tue Aug 17 12:44:48 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CCC716A4CE for ; Tue, 17 Aug 2004 12:44:48 +0000 (GMT) Received: from frontend1.messagingengine.com (frontend1.messagingengine.com [66.111.4.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B22743D39 for ; Tue, 17 Aug 2004 12:44:47 +0000 (GMT) (envelope-from ian_leroux@fastmail.fm) Received: from server1.messagingengine.com (server1.internal [10.202.2.132]) by frontend1.messagingengine.com (Postfix) with ESMTP id 931C8C14AA5 for ; Tue, 17 Aug 2004 08:44:45 -0400 (EDT) Received: by server1.messagingengine.com (Postfix, from userid 99) id 8F5D13C85E; Tue, 17 Aug 2004 08:44:45 -0400 (EDT) Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.4 (F2.72; T1.001; A1.62; B3.01; Q3.01) To: freebsd-questions@freebsd.org Date: Tue, 17 Aug 2004 08:44:45 -0400 From: "Ian D. Leroux" X-Sasl-Enc: N7kjGxrAIojPfLF4x6jODA 1092746685 Message-Id: <1092746685.14782.202489521@webmail.messagingengine.com> Subject: Central SSL Certificate Store? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Aug 2004 12:44:48 -0000 I've been trying to set up isync or mailsync, and have run into the following issue: When setting up a secure connection, both of them (in my limited understanding) want to verify the certificate received from the imap server against a trusted certificate. Mailsync seems to look for such a trusted certificate in a hardcoded location, whereas isync needs me to specify the CertificateFile parameter in its configuration. I can't seem to find where these certificates are supposed to be stored. I've found a number of helpful documents on _generating_ certificates (for use by people setting up servers), but I'm interested strictly in the client end for now. Also, old documentation suggests that installing the openssl port sets up such a directory, but now that OpenSSH is in the base system I assume that is not necessary. So is there a standard location for trusted certificates? or does each application keep its own information? Thanks, Ian Who is learning a fair bit about ssl in the process, which is a good thing -- Ian D. Leroux ian_leroux@fastmail.fm