Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Jan 2013 15:37:52 -0500
From:      Paul Kraus <paul@kraus-haus.org>
To:        glarkin@FreeBSD.org
Cc:        freebsd-questions@freebsd.org
Subject:   Re: OpenSSL Certificate issue
Message-ID:  <0A197E8B-6F4B-40E4-A642-27F3B4523E7D@kraus-haus.org>
In-Reply-To: <50EF1152.3010205@FreeBSD.org>
References:  <23C1DB57-7A56-48DC-A0D0-8CF8B1CC8915@kraus-haus.org> <50EEFC7D.5070706@FreeBSD.org> <EBD01B94-63EF-41A1-A4BC-2F789763AA3B@kraus-haus.org> <50EF087A.50002@FreeBSD.org> <C09A6345-B99C-4ACA-B8DA-C1B95A537464@kraus-haus.org> <50EF1152.3010205@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Jan 10, 2013, at 2:06 PM, Greg Larkin wrote:
> On 1/10/13 1:38 PM, Paul Kraus wrote:
>=20
> I put the certs for my test in /etc/ssl/certs when using the base
> system openssl and in /usr/local/openssl/certs when using the openssl
> port.
>=20
> c_rehash uses a specific openssl binary when invoked like so:
>=20
> env OPENSSL=3D/usr/bin/openssl c_rehash /etc/ssl/certs
>=20
> You can set the OPENSSL and SSL_CERT_DIR environment variables
> permanently, and that would ensure everything is consistent going
> forward, even if the openssl port is present.

That almost worked, the default directory for certs is /etc/ssl,=20

[root@MailArch /etc/ssl]# pwd
/etc/ssl
[root@MailArch /etc/ssl]# ls -l
total 12
lrwxr-xr-x  1 root  wheel     8 Jan 10 15:26 882de061.0 -> cert.pem
lrwxr-xr-x  1 root  wheel    38 Jan 10 15:22 cert.pem -> =
/usr/local/share/certs/ca-root-nss.crt
-rw-r--r--  1 root  wheel  9468 Jan  3  2012 openssl.cnf
[root@MailArch /etc/ssl]#

The clue was in the ca_root_nss port. If you enable etc symlink creation =
it creates the link in /etc/ssl. After running c_rehash (using the =
correct openssl) in that directory, the other tools that just call the =
openssl libraries find the root certs just fine.

Thanks for the help.

--
Paul Kraus
Deputy Technical Director, LoneStarCon 3
Sound Coordinator, Schenectady Light Opera Company

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0A197E8B-6F4B-40E4-A642-27F3B4523E7D>