On 7/17/17, Lee wrote:
>
> I don't care about EV right now. I don't want to trust any
> certificate issued by CNNIC & a few other CAs. How do I do that?
I didn't realize just how big a can of worms I'd opened. But I'm
close enuf to where I wanted to be that I'm done for now.
https://bugzilla.
On 7/16/17, René Berber wrote:
> On 7/16/2017 11:38 AM, Lee wrote:
>
> [snip]
>> ok... man update-ca-trust
>> FILES
>> /etc/pki/tls/certs/ca-bundle.trust.crt
>> Classic filename, file contains a list of CA certificates in
>> the extended BEGIN/END TRUSTED CERTIFICATE file format,
>
On 7/16/2017 11:38 AM, Lee wrote:
[snip]
> ok... man update-ca-trust
> FILES
> /etc/pki/tls/certs/ca-bundle.trust.crt
> Classic filename, file contains a list of CA certificates in
> the extended BEGIN/END TRUSTED CERTIFICATE file format,
> which includes trust (and/or dis
On 7/16/17, René Berber wrote:
> On 7/15/2017 11:56 PM, Lee wrote:
> [snip]
>> I'm guessing the "keyserver-options ca-cert-file=" needs to be
>> pointing at the ca-certificate package root store - but damnifiknow
>> where it is :(
>
> https://cygwin.com/cgi-bin2/package-cat.cgi?file=x86_64%2Fca-cer
On 7/15/2017 11:56 PM, Lee wrote:
[snip]
> I'm guessing the "keyserver-options ca-cert-file=" needs to be
> pointing at the ca-certificate package root store - but damnifiknow
> where it is :(
https://cygwin.com/cgi-bin2/package-cat.cgi?file=x86_64%2Fca-certificates%2Fca-certificates-2.14-1&grep=c
On 7/15/17, René Berber wrote:
> On 7/15/2017 1:40 PM, Lee wrote:
>
> [snip]
>> in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
>> at least over an encrypted channel. But what file should I be using
>> as the ca-cert file?
>
> You should be using the "system" files.
>
> On Cy
On 7/15/2017 1:40 PM, Lee wrote:
[snip]
> in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
> at least over an encrypted channel. But what file should I be using
> as the ca-cert file?
You should be using the "system" files.
On Cygwin that means installing the ca-certificate
On 7/15/17, Jim Garrison wrote:
> On 7/15/2017 11:40 AM, Lee wrote:
>> It seems a bit silly to be downloading pgp keys 'in the clear', so
>> after a bit of searching I think I want
>> keyserver hkps://whatever
>
> Public keys are intended to be public. Why do you think you need
> to encrypt them
On 7/15/2017 11:40 AM, Lee wrote:
> It seems a bit silly to be downloading pgp keys 'in the clear', so
> after a bit of searching I think I want
> keyserver hkps://whatever
Public keys are intended to be public. Why do you think you need
to encrypt them when downloading?
--
Jim Garrison (j...
It seems a bit silly to be downloading pgp keys 'in the clear', so
after a bit of searching I think I want
keyserver hkps://whatever
in my ~/.gnupg/gpg.conf so I can do auto-key-retrieve securely ... or
at least over an encrypted channel. But what file should I be using
as the ca-cert file?
Wha
10 matches
Mail list logo
