Author Topic: install local certificate (Read 4163 times)

kp · « **on:** January 04, 2019, 07:08:10 AM »

hello,

how do i install local certificate on picore?
# openssl s_client -connect <server:port>
shows me a problem that localhost could not send across a cert.
i see that /tmp/tcloop/openssl/etc/ssl/certs is read-only. so how to setup a cert and env parameters so that openssl uses it correctly?

Juanito · « **Reply #1 on:** January 04, 2019, 07:44:08 AM »

You should be able to write in /etc/ssl/certs, no?

kp · « **Reply #2 on:** January 04, 2019, 08:27:17 AM »

yes but it is not picking from there. Pl try
# openssl s_client -conect <some server>

to see the problem for yourself. if you have a procedure to get it working for a fresh installation of picore, pl let me know.

thanks

Juanito · « **Reply #3 on:** January 04, 2019, 08:31:33 AM »

It's difficult to troubleshoot if you don't supply the error message.

If the problem is trying to write to /tmp/tcloop/openssl/etc/ssl/certs, then you could use copy2fs to load openssl.

Paul_123 · « **Reply #4 on:** January 04, 2019, 11:14:38 AM »

Need version of piCore as well.

kp · « **Reply #5 on:** January 04, 2019, 12:48:50 PM »

picore 10.0 beta 5. error message is :-

No Client CA names sent
...
Verification error: Unable to get local issuer certs

Paul_123 · « **Reply #6 on:** January 04, 2019, 01:38:58 PM »

Openssl is built with /etc/ssl location for certs. I've had no issues accessing https sites with piCore 10.x. What is the server you are trying to access? have you checked the actual site certificate?

https://www.openssl.org/docs/manmaster/man1/verify.html

Paul_123 · « **Reply #7 on:** January 05, 2019, 01:09:05 AM »

Actually, now that I'm home. I see some package configuration errors. Certs are contained in ca-certificates.tcz, and located in /usr/local/etc/ssl/certs, whereas openssl is configured for /etc/ssl.

ca-certificates.tcz is a copy from the 9.x repo, and needs regenerated against the latest openssl.

I'll work on this over the weekend and submit the corrected extensions.

kp · « **Reply #8 on:** January 07, 2019, 06:31:46 AM »

when/how can i get an update to resolve this issue?

Paul_123 · « **Reply #9 on:** January 07, 2019, 11:15:40 AM »

I've rebuild ca-certificates, just needs to be posted to the repo.

kp · « **Reply #10 on:** January 09, 2019, 01:58:26 AM »

tce-load -wi ca-certificates
says it is already installed and doing a tae-remove doesn't remove the existing one. so, when you update the repo, pl tell me how to update it at my end.

Juanito · « **Reply #11 on:** January 09, 2019, 02:24:05 AM »

updated ca-certificates posted to piCore 10.x repos

Rich · « **Reply #12 on:** January 09, 2019, 09:06:24 AM »

Hi kp
Try:

Code: [Select]

tce-audit builddb
tce-audit updatedeps
tce-audit fetchmissing
tce-update

Then reboot.

Tiny Core Linux

News:

Author Topic: install local certificate (Read 4163 times)

kp

install local certificate

Juanito

Re: install local certificate

kp

Re: install local certificate

Juanito

Re: install local certificate

Paul_123

Re: install local certificate

kp

Re: install local certificate

Paul_123

Re: install local certificate

Paul_123

Re: install local certificate

kp

Re: install local certificate

Paul_123

Re: install local certificate

kp

Re: install local certificate

Juanito

Re: install local certificate

Rich

Re: install local certificate