diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2004-09-12 18:27:12 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2004-09-12 18:27:12 +0000 |
| commit | 73dd4501478cfd73edd4ff37af043044b838159f (patch) | |
| tree | f50ba855fe2d6a268fdf2f3d0d0d65ed83478d0d | |
| parent | 96efa990f98178a17d2fa22ef886edabe838bc27 (diff) | |
describes how you can extract the CA cert from a site using the openssl tool
| -rw-r--r-- | docs/SSLCERTS | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/SSLCERTS b/docs/SSLCERTS index c4d940ae7..3109cdd06 100644 --- a/docs/SSLCERTS +++ b/docs/SSLCERTS @@ -50,6 +50,22 @@ server, do one of the following: (Thanks to Frankie V for this description) + If you use the 'openssl' tool, this is one way to get extract the CA cert + for a particular server: + + o openssl s_client -connect xxxxx.com:443 |tee logfile + o type "QUIT", followed by the "ENTER" key + o The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" + markers. + o If you want to see the data in the certificate, you can do: "openssl + x509 -inform PEM -in certfile -text -out certdata" where certfile is + the cert you extracted from logfile. Look in certdata. + o If you want to trust the certificate, you can append it to your + cert_bundle or use it stand-alone as described. Just remember that the + security is no better than the way you obtained the certificate. + + (Thanks to Doug Kaufman for this description) + 4. If you're using the curl command line tool, you can specify your own CA cert path by setting the environment variable CURL_CA_BUNDLE to the path of your choice. |