From owner-freebsd-questions@freebsd.org  Tue Mar  1 02:52:00 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7434AB8A6A
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue,  1 Mar 2016 02:52:00 +0000 (UTC) (envelope-from moritz@wzff.de)
Received: from hindenburg.barfooze.de (smtp6.barfooze.de
 [IPv6:2001:bc8:397c:500::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "", Issuer "" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 749221C5C
 for <freebsd-questions@freebsd.org>; Tue,  1 Mar 2016 02:52:00 +0000 (UTC)
 (envelope-from moritz@wzff.de)
Received: from barfooze.de (localhost [IPv6:::1])
 by hindenburg.barfooze.de (8.14.9/8.14.9) with SMTP id u212pupf056447
 for <freebsd-questions@freebsd.org>; Tue, 1 Mar 2016 03:51:56 +0100 (CET)
 (envelope-from moritz@wzff.de)
Date: Tue, 1 Mar 2016 03:51:56 +0100
From: Moritz Wilhelmy <moritz@wzff.de>
To: freebsd-questions@freebsd.org
Subject: Re: What is the proper way to install CA root certificates so that
 curl sees them?
Message-ID: <20160301025156.GC26392@barfooze.de>
References: <20160229230747.GB26392@barfooze.de>
 <56D4F35D.8060602@calorieking.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <56D4F35D.8060602@calorieking.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 02:52:01 -0000

On Tue, Mar 01, 2016 at 09:41:49 +0800, Gregory Orange wrote:
> On 01/03/16 07:08, Moritz Wilhelmy wrote:
> > What's the proper way to install CA root certificates on FreeBSD?
> 
> # pkg install ca_root_nss

I meant specifically ones that are not part of the NSS CA bundle (which
is installed but does not contain the CAcert root certificate which I'm
now trying to manually install), because at least curl uses the bundle
as the only hardcoded location, and ignores /etc/ssl/certs completely,
as confirmed via truss(1).

Best regards,

Moritz