Re: Can security/ca_root_nss be retired?
- Reply: Andrea Venturoli : "Re: Can security/ca_root_nss be retired?"
- In reply to: Andrea Venturoli : "Re: Can security/ca_root_nss be retired?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 20 Jan 2023 11:17:31 UTC
Hi, On Fri, 20 Jan 2023 17:16:11 +0900, Andrea Venturoli wrote: > Base has single certs in /etc/ssl/certs, where I can add my own > private CAs' ones. > > Port provides a single bundled file in > /usr/local/etc/ssl/cert.pem. > This (at least in some cases) overrides completely the ones in > /etc/ssl/certs, so my own private CAs will not work anymore > In the end, I have to delete /usr/local/etc/ssl/cert.pem every time > the port creates it (and currently I have found no way to prevent it > from doing this). You can put your private CAs into /usr/local/etc/ssl/certs. Running "certctl rehash" makes symlinks of the certs in /usr/local/etc/ssl/certs into /etc/ssl/certs. Sincerely, -- Hajimu UMEMOTO ume@mahoroba.org ume@FreeBSD.org