Certificate Authority Certificates

%general-entities; ]> $LastChangedBy$ $Date$ Certificate Authority Certificates The Public Key Infrastructure is used for many security features in a Linux system. In order for a certificate to be trusted, it must be signed by a trusted agent called a Certificate Authority (CA). The certificates installed in this section are obtained from the Mozilla version control system, and reformatted for use by and . The certificates can also be used by other applications, either directly or indirectly by linking to one of these packages. &lfs7a_checked; Certificate Authority Certificates Introduction to Certificate Authorities Package Information Download (HTTP): Download size: &make-ca-size; Download MD5 Sum: &make-ca-md5sum; Estimated disk space required: &cacerts-buildsize; Estimated build time: &cacerts-time; Certificate Authority Certificates Dependencies Required and User Notes: Installation of Certificate Authority Certificates The make-ca.sh script will download a set of certificates from one of five projects (aurora, beta, central, nss, or release) in the Mozialla version control system. It defaults to the release branch, which is identical to the version that ships with the Mozilla products in this book. If you'd like to change the branch that is retrieved, edit the file and set CERTSOURCE to one of the five values above. Additionally, any local certificates stored in /etc/ssl/local will be copied into both the single-file /etc/ssl/ca-bundle.crt (used by programs that link to gnutls), and into the certificate store directory /etc/ssl/certs (used by programs that link to OpenSSL). All certificates will pass a date and trust validation, and any existing certificates in /etc/ssl/ca-bundle.crt or /etc/ssl/certs will be removed upon successful completion of this script. Finally, if you've installed or , then it will also update the java cacerts file at /etc/ssl/java/cacerts. First install the above script into the correct location. As the root user: install -vm750 make-ca.sh /usr/sbin As the root user, create the needed directories, and update the certificate store: install -vdm755 /etc/ssl/{certs,java,local} && /usr/sbin/make-ca.sh You should periodically run the make-ca.sh script (as the root user), or as part of a monthly cron job to ensure that you have the latest available version of the certificates. Contents Installed Programs Installed Libraries Installed Directories make-ca.sh None /etc/ssl/{certs,java,local} Short Descriptions make-ca.sh is a shell script that downloads a current verion of certdata.txt, and prepares it for use as the system certificate store. make-ca