SSL Certificates in base

Hal Murray hmurray at
Thu Feb 25 01:30:57 UTC 2021

ml at said:
> Will installing ca_root_nss override the base certs as a whole? Does anything
> that uses certs get the union of the two? 

The client side API in OpenSSL is use this directory and this file for the 
default root certificate collection.

The file is a collection of certs cat-ed together.  It gets read in at when 
the API is called.

The directory is a collection of hashed names that link over to another 
directory of cert files.  There is a utility that sets up the hash links.

Details in SSL_CTX_set_default_verify_paths

I'm pretty sure you can set things up so you can add your certificates in 
there.  I don't have the details. but it feels like a simple HOWTO would cover 
it once somebody figures out how to do it.

These are my opinions.  I hate spam.

More information about the freebsd-questions mailing list