Re: Can security/ca_root_nss be retired?

Reply: Andrea Venturoli : "Re: Can security/ca_root_nss be retired?"
In reply to: Andrea Venturoli : "Re: Can security/ca_root_nss be retired?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Hajimu UMEMOTO <ume_at_FreeBSD.org>
Date: Fri, 20 Jan 2023 11:17:31 UTC

Hi,

On Fri, 20 Jan 2023 17:16:11 +0900, Andrea Venturoli wrote:
> Base has single certs in /etc/ssl/certs, where I can add my own
> private CAs' ones.
> 
> Port provides a single bundled file in
> /usr/local/etc/ssl/cert.pem.
> This (at least in some cases) overrides completely the ones in
> /etc/ssl/certs, so my own private CAs will not work anymore
> In the end, I have to delete /usr/local/etc/ssl/cert.pem every time
> the port creates it (and currently I have found no way to prevent it
> from doing this).

You can put your private CAs into /usr/local/etc/ssl/certs.
Running "certctl rehash" makes symlinks of the certs in
/usr/local/etc/ssl/certs into /etc/ssl/certs.

Sincerely,

--
Hajimu UMEMOTO
ume@mahoroba.org  ume@FreeBSD.org