Differences
This shows you the differences between two versions of the page.
|
doc:howto:wget-ssl-certs [2011/08/18 14:03] didopalauzov |
doc:howto:wget-ssl-certs [2012/12/03 21:04] (current) avalon a little IMO useful information |
||
|---|---|---|---|
| Line 27: | Line 27: | ||
| - So wget knows where to look, update ''/etc/profile'' and add the line: <code bash>export SSL_CERT_DIR=/etc/ssl/certs</code> | - So wget knows where to look, update ''/etc/profile'' and add the line: <code bash>export SSL_CERT_DIR=/etc/ssl/certs</code> | ||
| - Update shell: <code bash>source /etc/profile</code> | - Update shell: <code bash>source /etc/profile</code> | ||
| + | - you can also use ''/etc/ssl/certs'' directory with ''curl --capath'' | ||
| ==== Adding root certificates ==== | ==== Adding root certificates ==== | ||
| Line 33: | Line 34: | ||
| Let say we want to install the root certificate authority for dyndns.org. The domain https://members.dyndns.org is signed by the [[http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer | "Equifax" root certificate]]. We need to download the root certificate, then place it in the certificate directory. Certificates in /etc/ssl/certs must be named after their hash value so that they can be found. | Let say we want to install the root certificate authority for dyndns.org. The domain https://members.dyndns.org is signed by the [[http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer | "Equifax" root certificate]]. We need to download the root certificate, then place it in the certificate directory. Certificates in /etc/ssl/certs must be named after their hash value so that they can be found. | ||
| + | |||
| + | It is easier to find the root certificate with any modern web browser (e.g. firefox) by opening the site with https, viewing the certificate and exporting it from the browser to a pem file. | ||
| The first step is installing ''openssl-util'':<code>opkg install openssl-util</code> | The first step is installing ''openssl-util'':<code>opkg install openssl-util</code> | ||
| - | Now you can use either the manual method or the add-cert.sh script below to install certs into /etc/ssl/certs. | + | Now you can use either the manual method or the add-cert.sh script below to install certs into /etc/ssl/certs. Make sure to use openssl from the OpenWrt device because if you try this from your linux PC, you may get a completely different hash for the same exact certificate. |
| ===Adding certificates manually=== | ===Adding certificates manually=== | ||
doc/howto/wget-ssl-certs.txt · Last modified: 2012/12/03 21:04 by avalon
This text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.