HTTP Error: Unacceptable TLS Certificate

Michael Sierchio kudzu at tenebras.com
Wed Jul 26 00:07:59 UTC 2017


On Tue, Jul 25, 2017 at 11:47 AM, James B. Byrne via freebsd-questions
<freebsd-questions at freebsd.org> wrote:
>
> We run a private CA and our https services are secured with our own
> certificates. On my new desktop unit I am unable to connect to our
> webdav https service because of an 'unacceptable TLS certificate'.  I
> speculate that this is due to our root certificates not being in the
> trusted root certificate store on this machine.
>
> My question is: Where is the CA root certificate store configured for
> the desktop file browser?
>
>

Depends on the OS and the browser. Many things on FreeBSD use the package:

ca_root_nss-3.31               Root certificate bundle from the Mozilla Project

openssl typically has a symlink to this bundle:

kudzu at ahab:/etc/ssl 206> ls -l /etc/ssl/
total 12
lrwxr-xr-x  1 root  wheel     38 Jun 13 01:13 cert.pem ->
/usr/local/share/certs/ca-root-nss.crt


Some browsers have their own store. On OS X and Windows you can add it
to the trusted OS store.

--
"Well," Brahma said, "even after ten thousand explanations, a fool is
no wiser, but an intelligent person requires only two thousand five
hundred."

- The Mahābhārata


More information about the freebsd-questions mailing list