Thursday, September 29, 2016

Adding a CA to curl

The unix SSL/TLS tool  "curl " uses a defined listed of  CAs. if you have your own private CA and want to add to the CA list or want to delete a CA, just find the CApath.  The  list can be based off the "system CAtrusted list" that pre-canned for the OS or a static file or directory.

You have a few methods to ID where your pulling the CA listings from ;

1: Run curl in  the verbose and look for the line CApath if present.


2: Run the curl command with a bad CAfile listing and look for the report CApath.


This will showing the pre-compiled  CApath that cURL checks for CAs.

MACOSX uses the system keychain  certificates for curl. You can override this behavior by specifying a cacertfile or pathfrom the CLI.

So if you want to add a certificate of a CA, just apply the file in the  /etc/ssl/certs  location in a PEM format. Most unix and linux deployments have the  certificates of the CAs list a synbolic link to another directory.

Remember not all curl versions  support the same features.

Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=

        /  \

No comments:

Post a Comment