On Jan 10, 2013, at 2:06 PM, Greg Larkin wrote: > On 1/10/13 1:38 PM, Paul Kraus wrote: > > I put the certs for my test in /etc/ssl/certs when using the base > system openssl and in /usr/local/openssl/certs when using the openssl > port. > > c_rehash uses a specific openssl binary when invoked like so: > > env OPENSSL=/usr/bin/openssl c_rehash /etc/ssl/certs > > You can set the OPENSSL and SSL_CERT_DIR environment variables > permanently, and that would ensure everything is consistent going > forward, even if the openssl port is present.
That almost worked, the default directory for certs is /etc/ssl, [root@MailArch /etc/ssl]# pwd /etc/ssl [root@MailArch /etc/ssl]# ls -l total 12 lrwxr-xr-x 1 root wheel 8 Jan 10 15:26 882de061.0 -> cert.pem lrwxr-xr-x 1 root wheel 38 Jan 10 15:22 cert.pem -> /usr/local/share/certs/ca-root-nss.crt -rw-r--r-- 1 root wheel 9468 Jan 3 2012 openssl.cnf [root@MailArch /etc/ssl]# The clue was in the ca_root_nss port. If you enable etc symlink creation it creates the link in /etc/ssl. After running c_rehash (using the correct openssl) in that directory, the other tools that just call the openssl libraries find the root certs just fine. Thanks for the help. -- Paul Kraus Deputy Technical Director, LoneStarCon 3 Sound Coordinator, Schenectady Light Opera Company _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
