source: postlfs/security/rootcerts.xml@ 04efd64f

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 04efd64f was 04efd64f, checked in by DJ Lucas <dj@…>, 15 years ago

Updated location of root certs in introductory text.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7808 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 2.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="rootcerts" xreflabel="Root Certificates">
9 <?dbhtml filename="rootcerts.html"?>
10
11 <sect1info>
12 <othername>$LastChangedBy$</othername>
13 <date>$Date$</date>
14 </sect1info>
15
16 <title>Root Certificates</title>
17
18 <indexterm zone="rootcerts">
19 <primary sortas="e-cabundle">ca-bundle.crt</primary>
20 </indexterm>
21
22 <para>The <filename>ca-bundle.crt</filename> file contains public
23 certificates from trusted root certificate authorities (CAs). CAs guarantee
24 the authenticity of a host by issuing certificates that contain both the name
25 of the host and the owner's name, and are signed using the CA's private key.
26 In turn, a matching public key is provided by the CA that can be used to
27 verify the authenticity of any SSL certificate that is signed by that CA. The
28 list of CA certificates (with public keys) included in ca-bundle.crt
29 are provided by mozilla.org, and undergo an annual investigation and
30 auditing process, so that they can be trusted for general use.</para>
31
32 <para>The list of certificates is stored in PEM format, and is generated from
33 a DER formatted file, <filename>certdata.txt</filename>, that ships with
34 Mozilla products. A <ulink
35 url="http://cvs.fedoraproject.org/viewvc/rpms/ca-certificates/devel/mkcabundle.pl?view=co">
36 script</ulink> provided by RedHat converts the upstream
37 <filename>certdata.txt</filename> from DER to PEM format, so that it is
38 usable by applications that utilize SSL/TLS encryption. Additional trusted
39 CAs can be added to the <filename>ca-bundle.crt</filename> by appending the
40 CA's public certificate (in PEM format) to the file.</para>
41
42 <para>Download a recent version of <ulink
43 url="&files-anduin;/ca-bundle.crt">ca-bundle.crt</ulink> and place it into
44 the <filename class="directory">/etc/ssl</filename> directory and make
45 the file world readable by issuing the following commands as the
46 <systemitem class="username">root</systemitem> user:</para>
47
48<screen role="root"><userinput>install -v -d /etc/ssl &amp;&amp;
49install -m644 ca-bundle.crt /etc/ssl</userinput></screen>
50
51</sect1>
Note: See TracBrowser for help on using the repository browser.