SSL root certificates in base system?

To: netbsd-users%netbsd.org@localhost
Subject: SSL root certificates in base system?
From: John Klos <john%ziaspace.com@localhost>
Date: Thu, 9 Apr 2015 20:38:47 +0000 (UTC)

Hi,

Is there a better way to install and update trusted root certificates inNetBSD? The recommendation of using security/mozilla-rootcerts from pkgsrcisn't a good one; first, it assumes that a system has NO othercertificates (/etc/openssl/certs/ must be empty), and second, it leaves amess in /etc/openssl/certs/, then creates/etc/ssl/certs/ca-certificates.crt, which programs don't use by default.

Should people and programs be using /etc/ssl/certs/, or/etc/openssl/certs/? Why would mozilla-rootcerts use both? This doesn'tseem to make sense.


John

Follow-Ups:
- Re: SSL root certificates in base system?
  - From: Greg Troxel

Prev by Date: Re: SMP in dom0
Next by Date: Re: SSL root certificates in base system?
Previous by Thread: SMP in dom0
Next by Thread: Re: SSL root certificates in base system?
Indexes:

Home | Main Index | Thread Index | Old Index