Re: update-ca-certificates

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: update-ca-certificates
From: Pocket <pocket@columbus.rr.com>
Date: Wed, 13 Dec 2023 21:57:54 -0500
Message-id: <[🔎] 9b77d308-7d5a-42be-8e4a-41be50a2a731@columbus.rr.com>
In-reply-to: <[🔎] CAH8yC8kUrq02Hmptn9yAyH8HoJzaEuCgvg9NbDg0AZycLmzQ+A@mail.gmail.com>
References: <[🔎] 8f940077-1197-451e-b765-5da729479811@columbus.rr.com> <[🔎] CAH8yC8kUrq02Hmptn9yAyH8HoJzaEuCgvg9NbDg0AZycLmzQ+A@mail.gmail.com>


On 12/13/23 21:47, Jeffrey Walton wrote:

On Wed, Dec 13, 2023 at 7:55 PM Pocket <pocket@columbus.rr.com> wrote:

What formats does certs need to be to work with update-ca-certificates?

PEM or DER?

PEM

Ok since I am using an intermediate cert to sign, I am creating acombined PEM with the root CA and the intermediate cert like this

cat "$directory"/certs/intermediate.cert.pem"$ca_directory"/certs/ca.cert.pem > "$directory"/certs/ca-chain.cert.pem


Will that work or does the cert have to be a single cert?

I have just finished writing some scripts to generate certs for my email
server and nginx server.

[...]
Will pem format type certs work?

Yes.

You should also place the certificates in
/usr/local/share/ca-certificates . Make the directory if it does not
exist. And then run update-ca-certificates from the directory.

Jeff

That sub directory does indeed exist, so I need to runupdate-cert-certificates from


/usr/local/share/ca-certificates or can I just run update-cert-certificates as root?

Thanks


--
It's not easy to be me

Reply to:

Follow-Ups:
- Re: update-ca-certificates
  - From: Jeffrey Walton <noloader@gmail.com>

References:
- update-ca-certificates
  - From: Pocket <pocket@columbus.rr.com>
- Re: update-ca-certificates
  - From: Jeffrey Walton <noloader@gmail.com>

Prev by Date: Re: update-ca-certificates
Next by Date: Re: update-ca-certificates
Previous by thread: Re: update-ca-certificates
Next by thread: Re: update-ca-certificates
Index(es):
- Date
- Thread