Changeset e7d893b for postlfs/security/make-ca.xml
- Timestamp:
- 05/19/2019 04:54:33 AM (5 years ago)
- Branches:
- elogind
- Children:
- 215c728b
- Parents:
- 853ae3e5
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/make-ca.xml
r853ae3e5 re7d893b 12 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz"> 13 13 <!ENTITY make-ca-size "28 KB"> 14 <!ENTITY make-ca-md5sum " 5b68cf77b02d5681f8419b8acfd139c0">14 <!ENTITY make-ca-md5sum "995896ca8b4ee1f92a4a8fa46585d59d"> 15 15 ]> 16 16 … … 104 104 <filename>/etc/ssl/local</filename> will be imported to both the trust 105 105 anchors and the generated certificate stores (overriding Mozilla's 106 trust).</para> 106 trust). Additionally, any modified trust values will be copied from the 107 trust anchors to <filename>/etc/ssl/local</filename> prior to any updates, 108 preserving custom trust values that differ from Mozilla when using the 109 <command>trust</command> utility from <application>p11-kit</application> 110 to operate on the trust store.</para> 107 111 108 112 <para>To install the various certificate stores, first install the … … 110 114 As the <systemitem class="username">root</systemitem> user:</para> 111 115 112 <screen role="root"><userinput>make install</userinput></screen> 116 <screen role="root"><userinput>make install && 117 install -vdm755 /etc/ssl/local</userinput></screen> 113 118 114 119 <para>As the <systemitem class="username">root</systemitem> user, after … … 136 141 /etc/ssl/ca-bundle.crt</userinput></screen> 137 142 138 <para>You should periodically update the store with the above command 143 <para>You should periodically update the store with the above command, 139 144 either manually, or via a <phrase revision="sysv">cron job.</phrase> 140 145 <phrase revision="systemd">systemd timer. A timer is installed at … … 215 220 <xref linkend="wget"/> is installed):</para> 216 221 217 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local && 218 wget http://www.cacert.org/certs/root.crt && 222 <screen role="nodump"><userinput>wget http://www.cacert.org/certs/root.crt && 219 223 wget http://www.cacert.org/certs/class3.crt && 220 224 openssl x509 -in root.crt -text -fingerprint -setalias "CAcert Class 1 root" \ … … 223 227 openssl x509 -in class3.crt -text -fingerprint -setalias "CAcert Class 3 root" \ 224 228 -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ 225 > /etc/ssl/local/CAcert_Class_3_root.pem</userinput></screen> 229 > /etc/ssl/local/CAcert_Class_3_root.pem && 230 /usr/sbin/make-ca -r -f</userinput></screen> 226 231 227 232 <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead> … … 235 240 file, run the following commands:</para> 236 241 237 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local && 238 openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \ 242 <screen role="nodump"><userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \ 239 243 -text \ 240 244 -fingerprint
Note:
See TracChangeset
for help on using the changeset viewer.