Thursday, September 29, 2016

Adding a CA to curl

The unix SSL/TLS tool  "curl " uses a defined listed of  CAs. if you have your own private CA and want to add to the CA list or want to delete a CA, just find the CApath.  The  list can be based off the "system CAtrusted list" that pre-canned for the OS or a static file or directory.


You have a few methods to ID where your pulling the CA listings from ;


1: Run curl in  the verbose and look for the line CApath if present.

e.g

2: Run the curl command with a bad CAfile listing and look for the report CApath.

e.g


This will showing the pre-compiled  CApath that cURL checks for CAs.





MACOSX uses the system keychain  certificates for curl. You can override this behavior by specifying a cacertfile or pathfrom the CLI.




So if you want to add a certificate of a CA, just apply the file in the  /etc/ssl/certs  location in a PEM format. Most unix and linux deployments have the  certificates of the CAs list a synbolic link to another directory.

Remember not all curl versions  support the same features.




Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 

        /  \



No comments:

Post a Comment