Date: Fri, 20 Jan 2023 11:41:53 UTC
On 1/20/23 12:17, Hajimu UMEMOTO wrote: > You can put your private CAs into /usr/local/etc/ssl/certs. Well, I never thought of this. I always put them in /etc/ssl/certs. > Running "certctl rehash" makes symlinks of the certs in > /usr/local/etc/ssl/certs into /etc/ssl/certs. In the end, however, the result is the same: I have my certs hashed in /etc/ssl/certs, but some software will use them, some other software uses/prefers some different store (I counted at least 5). I understand it's mostly a matter of fixing (?) those softwares, but it would help if: _ there was a clear policy that proper certs are those in /etc/ssl/certs (or whatever else); _ there wasn't a widely required port (ca_root_nss) that installs two additional stores side by side with the "official" (?) one. bye av.