Where to place the common root CA certs

William Immendorf will.immendorf at gmail.com
Mon Mar 23 04:41:07 PDT 2009

On Sun, Mar 22, 2009 at 8:24 PM, DJ Lucas <dj at linuxfromscratch.org> wrote:
> Should we be populating /etc/ssl/certs?  I've got that shell
> script that I wrote...guess I don't have to display names in it.  Maybe
> do it the opposite way?  We generate the certs from mozilla, separate
> them out and place into a tar ball, and list commands to generate a
> CAfile?  What do you think about doing that as part of the OpenSSL
> instructions instead of the additional page?  Just add the additional
> download of our certs tar ball and extract. Would basically be:
> =================================
> patch -Np1 -i ../openssl-0.9.8j-fix_manpages-1.patch &&
> tar -vxf ../openssl-certs-6.4.tar.bz2 &&
> ./config --prefix=/usr
> ...
> make
> =================================
> then this would be appended to the installation commands:
> =================================
> c_rehash /etc/ssl/certs &&
> for pem in /etc/ssl/certs/*.pem
> do
>    cat $pem
> done > /etc/ssl/ca-bundle.crt
> =================================
I'm up for populating /etc/ssl/certs, so there's no seprate page about
the root certs.


More information about the blfs-dev mailing list