What is the output of `echo $SSL_CERT_FILE` and `echo $CURL_CA_BUNDLE` ? If one of those is set, look in the pointed file if you can find your certificate.
On Fri, 19 Feb 2016 at 15:12 Adam Russell <adam...@gmail.com> wrote: > Thomas, I've not used the openssl command-line tool before, and looking at > its documentation I'm not sure what command I would run in order to test > it, or what output to look for. I can tell you that curl doesn't work > against the domains in question, though (at least without the insecure > flag). > > Regardless, with or without the "comment" with the equal signs separator, > adding things to security.pki.certificates has no effect for me. Is there a > bug, or am I doing something wrong? > > On Thu, Feb 18, 2016 at 1:31 PM Thomas Hunger <tehun...@gmail.com> wrote: > >> Hi Adam, >> >> Can you make the TLS call work with a command line tool like openssl? I'm >> not 100% sure but I think that Chrome might use a different set of trusted >> certs (based on the Mozilla ones) [1]. >> >> ~ >> >> [1] >> https://www.chromium.org/Home/chromium-security/root-ca-policy >> >> On 18 February 2016 at 13:53, Adam Russell <adam...@gmail.com> wrote: >> >>> Hello Nix-Dev, >>> >>> I'm trying to understand how to install CA certificates in NixOS. >>> >>> If I visit my work's webmail in Chromium, I get an indicator that my >>> connection is not private. Clicking the padlock icon in the address bar, >>> then the "Certificate information" link in the Connection tab, going to the >>> "Details" tab, and clicking "Export" allows me to download a certificate. >>> >>> The text in this export is what I am supposed to put in the array in >>> `security.pki.certificates` option of `/etc/nixos/configuration.nix`, >>> correct? Am I missing something? >>> >>> The documentation I am using is at: >>> https://github.com/NixOS/nixpkgs/blob/6e6a96d42cf56cfcd042bbeab89e37f442f0cfcc/nixos/modules/security/ca.nix#L39-L45 >>> >>> Does the text above the equal signs have any significance ("NixOS.org" >>> in the example), or is it just a comment? >>> >>> Thanks, >>> -Adam >>> >>> _______________________________________________ >>> nix-dev mailing list >>> nix-dev@lists.science.uu.nl >>> http://lists.science.uu.nl/mailman/listinfo/nix-dev >>> >>> _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev