Tiny Core Linux

Tiny Core Base => Raspberry Pi => Topic started by: kp on January 04, 2019, 07:08:10 AM

Title: install local certificate
Post by: kp on January 04, 2019, 07:08:10 AM

hello,

 how do i install local certificate on picore?
# openssl s_client  -connect <server:port>
shows me a problem that localhost could not send across a cert.
i see that /tmp/tcloop/openssl/etc/ssl/certs is read-only. so how to setup a cert and env parameters so that openssl uses it correctly?

Title: Re: install local certificate
Post by: Juanito on January 04, 2019, 07:44:08 AM

You should be able to write in /etc/ssl/certs, no?

Title: Re: install local certificate
Post by: kp on January 04, 2019, 08:27:17 AM

yes but it is not picking from there. Pl try
# openssl s_client -conect <some server>

to see the problem for yourself. if you have a procedure to get it working for a fresh installation of picore, pl let me know.

thanks

Title: Re: install local certificate
Post by: Juanito on January 04, 2019, 08:31:33 AM

It's difficult to troubleshoot if you don't supply the error message.

If the problem is trying to write to /tmp/tcloop/openssl/etc/ssl/certs, then you could use copy2fs to load openssl.

Title: Re: install local certificate
Post by: Paul_123 on January 04, 2019, 11:14:38 AM

Need version of piCore as well.

Title: Re: install local certificate
Post by: kp on January 04, 2019, 12:48:50 PM

picore   10.0 beta 5. error message is :-

No Client CA names sent
...
Verification error: Unable to get local issuer certs

Title: Re: install local certificate
Post by: Paul_123 on January 04, 2019, 01:38:58 PM

Openssl is built with /etc/ssl location for certs.   I've had no issues accessing https sites with piCore 10.x.   What is the server you are trying to access? have you checked the actual site certificate?

https://www.openssl.org/docs/manmaster/man1/verify.html

Title: Re: install local certificate
Post by: Paul_123 on January 05, 2019, 01:09:05 AM

Actually, now that I'm home.   I see some package configuration errors.   Certs are contained in ca-certificates.tcz, and located in /usr/local/etc/ssl/certs,  whereas openssl is configured for /etc/ssl.

ca-certificates.tcz is a copy from the 9.x repo, and needs regenerated against the latest openssl.

I'll work on this over the weekend and submit the corrected extensions.

Title: Re: install local certificate
Post by: kp on January 07, 2019, 06:31:46 AM

when/how can i get an update to resolve this issue?

Title: Re: install local certificate
Post by: Paul_123 on January 07, 2019, 11:15:40 AM

I've rebuild ca-certificates, just needs to be posted to the repo.

Title: Re: install local certificate
Post by: kp on January 09, 2019, 01:58:26 AM

tce-load -wi ca-certificates
says it is already installed and doing a tae-remove doesn't remove the existing one. so, when you update the repo, pl tell me how to update it at my end.

Title: Re: install local certificate
Post by: Juanito on January 09, 2019, 02:24:05 AM

updated ca-certificates posted to piCore 10.x repos

Title: Re: install local certificate
Post by: Rich on January 09, 2019, 09:06:24 AM

Hi kp
Try:

Code: [Select]

tce-audit builddb
tce-audit updatedeps
tce-audit fetchmissing
tce-updateThen reboot.