describes how you can extract the CA cert from a site using the openssl tool

This commit is contained in:
Daniel Stenberg 2004-09-12 18:27:12 +00:00
parent 96efa990f9
commit 73dd450147
1 changed files with 16 additions and 0 deletions

View File

@ -50,6 +50,22 @@ server, do one of the following:
(Thanks to Frankie V for this description)
If you use the 'openssl' tool, this is one way to get extract the CA cert
for a particular server:
o openssl s_client -connect xxxxx.com:443 |tee logfile
o type "QUIT", followed by the "ENTER" key
o The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
markers.
o If you want to see the data in the certificate, you can do: "openssl
x509 -inform PEM -in certfile -text -out certdata" where certfile is
the cert you extracted from logfile. Look in certdata.
o If you want to trust the certificate, you can append it to your
cert_bundle or use it stand-alone as described. Just remember that the
security is no better than the way you obtained the certificate.
(Thanks to Doug Kaufman for this description)
4. If you're using the curl command line tool, you can specify your own CA
cert path by setting the environment variable CURL_CA_BUNDLE to the path
of your choice.