Install Microsoft Root Certificates into FreeBSD
gerard at seibercom.net
Wed Jun 25 16:06:29 UTC 2008
I wanted to import the root certificates from my WinXP machine into my
FreeBSD server. I found a site:
that supplied information on how to accomplish this. This is an
excerpt from that page.
In order to avoid errors when visiting SSL-encrypted websites, a file
named cert.pem containing public certificates of Trusted Root
Certification Authorities needs to be present in
the /usr/local/openssl/certs directory. This file can be constructed by
exporting an existing collection of trusted root certificates from
another operating system, namely Microsoft Windows XP or Macintosh OS
X. 12.6.1. Microsoft Windows XP
To export trusted root certificates from a Windows XP system:
Click the Start menu and open the Control Panel.
Double-click the Internet Options icon.
Click the Content tab then click the Certificates... button.
Click the Trusted Root Certification Authorities tab.
Click the first entry in the list and then scroll down to the end of
the list. While holding the [shift] key, click the last entry in the
list. This will select all of the listed certificates.
Click the Export button and then click Next > at the wizard Welcome
Click the Browse... button and save the file as cert.p7b in a location
of your choice.
Click Next > when you are returned to the File Name prompt.
Click Finish to complete the export.
Copy the file cert.p7b to the /usr/local/openssl/certs directory on
your FreeBSD system using SFTP or a similar file transfer utility (see
"OpenSSH Server 4.7p1" for details on SFTP).
Once the cert.p7b file is in the proper location, run the following
command to convert it into the required PEM (Privacy Enhanced Mail)
format: # cd /usr/local/openssl/certs # openssl pkcs7 -inform DER -in
cert.p7b -print_certs -text -out cert.pem
You should now be able to securely connect to websites "trusted" by
Microsoft without Lynx SSL errors.
The problem is that I do not have a: /usr/local/openssl/certs
directory. I do have a: /usr/local/share/certs directory though. Could
I use that directory instead, or do I have to create the specified one?
I also read about creating an /etc/ssl/certs directory somewhere.
gerard at seibercom.net
There are times when truth is stranger than fiction and lunch time is
one of them.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080625/920ddc08/signature.pgp
More information about the freebsd-questions