aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2004-03-30 06:46:36 +0000
committerDaniel Stenberg <daniel@haxx.se>2004-03-30 06:46:36 +0000
commita7376968d2fac572a085d81bfac8b16e18e83d1e (patch)
tree76e4ddff3bd4f9af86db2b82bef853fb31b86069
parentfd96a2af3431c45ca00ba62b6f88004c89e5ce16 (diff)
mention the fact that you can append a new CA cert to the existing bundle too
-rw-r--r--docs/SSLCERTS10
1 files changed, 6 insertions, 4 deletions
diff --git a/docs/SSLCERTS b/docs/SSLCERTS
index f9028c4b1..406083f41 100644
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@@ -28,6 +28,12 @@ server, do one of the following:
With the curl command tool: --cacert [file]
+ 3. Add the CA cert for your server to the existing default CA cert bundle.
+ The default path of the CA bundle installed with the curl package is:
+ /usr/local/share/curl/curl-ca-bundle.crt, which can be changed by running
+ configure with the --with-ca-bundle option pointing out the path of your
+ choice.
+
Neglecting to use one of the above menthods when dealing with a server using a
certficate that isn't signed by one of the certficates in the installed CA
cert bundle, will cause SSL to report an error ("certificate verify failed")
@@ -40,7 +46,3 @@ connections that previously weren't really secure. It turned out many people
were using previous versions of curl/libcurl without realizing the need for
the CA cert options to get truly secure SSL connections.
-The default path of the CA bundle installed with the curl package is:
-/usr/local/share/curl/curl-ca-bundle.crt, which can be changed by running
-configure with the --with-ca-bundle option pointing out the path of your
-choice.