The unix SSL/TLS tool "curl " uses a defined listed of CAs. if you have your own private CA and want to add to the CA list or want to delete a CA, just find the CApath. The list can be based off the "system CAtrusted list" that pre-canned for the OS or a static file or directory.
You have a few methods to ID where your pulling the CA listings from ;
1: Run curl in the verbose and look for the line CApath if present.
e.g
2: Run the curl command with a bad CAfile listing and look for the report CApath.
e.g
This will showing the pre-compiled CApath that cURL checks for CAs.
MACOSX uses the system keychain certificates for curl. You can override this behavior by specifying a cacertfile or pathfrom the CLI.
So if you want to add a certificate of a CA, just apply the file in the /etc/ssl/certs location in a PEM format. Most unix and linux deployments have the certificates of the CAs list a synbolic link to another directory.
Remember not all curl versions support the same features.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment