Add a SSL certificate authority

Bastien Semene sabbasth at
Mon Aug 30 13:08:16 UTC 2010


I'm trying to add a certificate authority unsuccessfully.
The Equifax certificates authority seems not to be registered in 
FreeBSD, so I tried to add it on my server.
I'm logged in root and in its homedir.

#uname -a
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Fri 
Aug  6 09:37:33 CEST 2010 
root at  i386

#fetch -o Equifax_Secure_Global_eBusiness_CA-1.pem 

#cd /usr/src/crypto/openssl/tools
#chmod u+x c_rehash
#./c_rehash ~/
Doing /root/
Equifax_Secure_Global_eBusiness_CA-1.pem => 74c2    6bd0.0

My goal being to checkout an SVN repository, I re-launch the command :

# svn co 
[root at backup]
Error validating server certificate for 
  - The certificate is not issued by a trusted authority. Use the
    fingerprint to validate the certificate manually!
Certificate information:
  - Hostname: *
  - Valid: from Sun, 22 Aug 2010 13:04:24 GMT until Thu, 25 Aug 2011 
22:05:01 GMT
  - Issuer: Equifax Secure Certificate Authority, Equifax, US
  - Fingerprint: 
(R)eject, accept (t)emporarily or accept (p)ermanently? R
svn: OPTIONS of '': Server 
certificate verification failed: issuer is not trusted 

I've also seen this in the source code of c_rehash :
while(exists $hashlist{"$hash.r$suffix"}) {
                         # Hash matches: if fingerprint matches its a 
duplicate cert
                         if($hashlist{"$hash.r$suffix"} eq $fprint) {
                                 print STDERR "WARNING: Skipping 
duplicate CRL $fname\n";

But if I launch the command twice, it still seems to indicate that it's 
adding the CA.

I'm not sure if I do it correctly, but found nothing more relevant on 
google and in the freebsd's handbook.
Can someone point me a good way to add a CA ?

Best Regards,
Bastien Semene

More information about the freebsd-questions mailing list