evcz.tk » curl http://evcz.tk/blog my own pastebin :P Fri, 02 Jul 2010 23:20:44 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 CentOS import SSL certificate http://evcz.tk/blog/2008/10/24/centos-import-ssl-certificate/ http://evcz.tk/blog/2008/10/24/centos-import-ssl-certificate/#comments Fri, 24 Oct 2008 11:18:00 +0000 EvolutionCrazy http://evcz.tk/blog/?p=34 Sometimes for certain applications using ssl cert based verification/encryption it’s usefull to point them to a directory that contains all the certificates :)

If that can be done directly with a bash script it’s better :P


There’s a nice script to do it directly, it just need a little modification to run on CentOS:
http://jenders.vox.com/library/post/rtorrent-and-ssl-certificates-under-gentoo-linux.html

The first thing we need is openssl perl package (the one that have c_rehash in it)… you can get it with the command:

yum install openssl-perl

and then, just create the script:

nano -w import.cert.sh
1
2
3
4
5
6
7
8

#!/bin/sh
SITE=somesite.tld
 
openssl s_client -connect $SITE:443 < /dev/null 2>/dev/null | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' >> /etc/pki/tls/certs/$SITE.crt
openssl x509 -in /etc/pki/tls/certs/$SITE.crt -out /etc/pki/tls/certs/$SITE.der -outform DER
openssl x509 -in /etc/pki/tls/certs/$SITE.der -inform DER -out /etc/pki/tls/certs/$SITE.pem -outform PEM
c_rehash
unset SITE

make it executable:

chmod +x import.cert.sh

run it:

./import.cert.sh

and you are done, now you can eventually point your application to that certificate repository in case your app didn’t find it itself :)

for example you should run curl in this way:

curl -I --capath /etc/pki/tls/certs/ https://somesite.tld
]]> http://evcz.tk/blog/2008/10/24/centos-import-ssl-certificate/feed/ 0