Re: How to populate /etc/ssl/certs

Reply: Andrea Venturoli : "Re: How to populate /etc/ssl/certs"
In reply to: Kyle Evans : "Re: How to populate /etc/ssl/certs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Andrea Venturoli <ml_at_netfence.it>
Date: Fri, 17 Dec 2021 09:49:54 UTC

On 12/17/21 08:12, Kyle Evans wrote:


>> So are we expected to run etcupdate after, e.g., installing
>> security/ca_root_nss?
>>
> 
> Negative; certctl in-fact doesn't do anything with
> security/ca_root_nss as of yet.

Hmm...
Seems it does: it creates this link:
>  # ls -l /etc/ssl/certs/|grep local
> lrwxr-xr-x  1 root  wheel  46 Nov  4 11:52 cd8c0d63.1 -> ../../../usr/local/share/certs/ca-root-nss.crt





> The current incarnation of
> security/ca_root_nss will likely go away in the near-to-mid future and
> might be replaced with a version that installs certctl compatible
> roots at some point.

I'm looking forward to it, though some software seems to still look for 
the single pem file.





> Is /usr/share/certs/* populated *in the jail*?

Yes.




> You can always try
> running `certctl rehash` manually, maybe with a -v thrown in there for
> verbosity.

Thanks, this is what I was looking for!



  bye
	av.