Skip to content

Instantly share code, notes, and snippets.

@stevenhaddox

stevenhaddox/cacert.md

Created April 3, 2014 04:52
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stevenhaddox/9948446 to your computer and use it in GitHub Desktop.
Save stevenhaddox/9948446 to your computer and use it in GitHub Desktop.
Download ZIP
cacert.org setup of root certificate chain for custom OpenSSL source install
Raw
cacert.md

Looks like the OpenSSL conf (~/opt/stow/openssl-1.0.1c/ssl/openssl.cnf) has a setting for:

certs		= $dir/cacert.pem	# Certificate chain to include in reply
					# (optional)

As a result:

# This works:
$ openssl verify -CAfile ~/opt/ssl/cacert.pem support.slkdesign.net.crt
support.slkdesign.net.crt: OK

# This did **not** work:
$ openssl verify -CAfile CA/ca-bundle.pem support.slkdesign.net.crt
support.slkdesign.net.crt: CN = *.support.slkdesign.net
error 20 at 0 depth lookup:unable to get local issuer certificate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment