[lug] self-signed ssl certs under CentOS
Michael J. Hammel
mjhammel at graphics-muse.org
Thu Jan 26 16:13:37 MST 2017
Does anyone have a concise set of steps for dropping a self-signed cert
in .pem format onto CentOS 7 so libCurl will use it?
I've tried following the directions for update-ca-trust by dropping the
file in the following directories, one at time
/etc/pki/ca-trust/source/anchors
/etc/pki/ca-trust/source/
/etc/pki/ca-trust/extracted/pem/
And then running
update-ca-trust extract
after each. Then I run a C client that uses libCurl, but I always get
this:
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=xxx,OU=xxx,O=xxx,L=Colorado
Springs,ST=Colorado,C=US
* start date: Jan 26 22:51:10 2017 GMT
* expire date: Jan 24 22:51:10 2027 GMT
* common name: xxx
* issuer: CN=xxx,OU=xxx,O=xxx,L=Colorado Springs,ST=Colorado,C=US
* NSS error -8156 (SEC_ERROR_CA_CERT_INVALID)
* Issuer certificate is invalid.
(xxx are redacted fields). The same cert works on Debian, which has a
much simpler process: just drop the file in /etc/ssl/certs. Does a
cert generated on Debian have to be regenerated on CentOS? I didn't
think so but who knows.
--
Michael J. Hammel <mjhammel at graphics-muse.org>
More information about the LUG
mailing list