반응형
원본 : http://certifie.com/ca-bundle/
ca-bundle.crt
Information on obtaining or building a ca-bundle.crt file
What is ca-bundle.crt?
ca-bundle.crt is a file that contains well known root CAcertificates.(What is a root CA?)What is it used for?
It is used by openssl to validate certificates issued by well known root CAs. It is also used by any third party applications that use openssl, and some that don't.Why do I need to get ca-bundle.crt here/Why do I need to build it myself? Why isn't it provided by (insert your tool here) developers?
It was originally produced by Netscape. However, after version 4.x, Netscape no longer uses the ca-bundle.crt format. 3rd party products (like openssl) still do use it. Most of the versions of ca-bundle.crt floating around the net are very old.In any case, you may feel safer building it yourself. Building it yourself lets you decide what root CAs you want to trust.
Forget about building it myself, where can I get a pre-built copy?
Here's one I buiilt using Mozilla's NSS library v3.7 built-in "Builtin Roots Module" : ca-bundle.crtSHA1 sum : 0498c8ef0fa22f241cd2bcc4b27b71714f39348c
MD5 sum : 83e2ea55aeb9fc9578554decfb0ec5f6
How do I go about building ca-bundle.crt myself?
First, you'll need a bunch of root CA certificates that you trust :)I recommend getting Mozilla's list. Its destributed in their NSS sourcecode. Here are the steps/code to produce ca-bundle.crt from NSS code :
The following instructions have been tried on Mandrake linux 8.2
- Download Mozilla's NSS code : nss 3.7 release notes
- Download dumpCerts.java and create_bundle.sh from certifie.com.
- build dumpCerts.java
- use jss33.jar from NSS
- javac -classpath jss33.jar dumpCerts.java
- Install a Mozilla browser.
- run dumpCerts.java
- Set LD_LIBRARY_PATH to the directory where you have put NSS. it should point to a directory that has nss/lib under it.
- run : java -classpath .:jss33.jar dumpCerts $HOME/.mozilla/default/<user dir>.slt/ ca-bundle.crt
- That's it.
I've got some special CA certs not included by Mozilla that I wan't to add to ca-bundle.crt. How can I add them?
You can use create_bundle.sh. It is called by dumpCerts.java to build the ca-bundle.crt file from NSS data. It may also be run stand-alone and its output appended to ca-bundle.crt. You may also want to cut and paste its output into ca-bundle.crt to keep it alphabetized properly (if your picky).What license is your code distributed under? Can I use it for commercial uses?
You may use the two files dumpCerts.java and create_bundle.sh however you'd like, although I make no claims that they will function correctly. Use them at your own risk.The file ca-bundle.crt is provided here under the assumption that it is data/facts and may be used freely by anyone who wishes to use it.
I have some additional questions. How may I contact you to ask them?
You can contact me at : questions@certifie.com반응형
'학습자료(~2017) > 팁' 카테고리의 다른 글
| [자동 형변환] int 보다 작은 데이터 형의 연산시 문제점 (0) | 2012.12.27 |
|---|---|
| [리눅스] rpm 패키지 파일의 의존 리스트(목록) 확인 (0) | 2012.12.13 |
| 프로그램 개발시 사용되는 것들 자료조사 (0) | 2012.08.29 |
| 무료 프로그래밍 관련 ebook (0) | 2012.08.28 |
| __restrict__ (0) | 2012.07.26 |