CA Trust in FreeBSD

31 Tuesday Mar 2020

These are my notes on managing Trust in FreeBSD.

Predestined search paths for Trusted CA:

/etc/ssl/cert.pem /usr/local/etc/ssl/cert.pem

If the certificate can’t be found, fall back to OpenSSL’s default location.

And when it comes to your web-browser, fear not for certutil allows you to manage the nssdb:

CA_TRUSTED_CERT=~/MY-CA-CERT certutil -d sql:$HOME/.pki/nssdb -A -t "CP,,CP" -n basename ${CA_TRUSTED_CERT} -i ${CA_TRUSTED_CERT}.pem

Converting p7b Files and Certificate Chains to PEM files: (common with MSAD CA)


View certificate contents:
openssl -pkcs7 -print_certs -in cert.p7b -inform der -text
Convert Certificate:

openssl -pkcs7 -printcerts -in cert.p7b -inform der -out cert.pem

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: