These are my notes on managing Trust in FreeBSD.

Predestined search paths for Trusted CA:

/etc/ssl/cert.pem
/usr/local/etc/ssl/cert.pem

If the certificate can’t be found, fall back to OpenSSL’s default location.

And when it comes to your web-browser, fear not for certutil allows you to manage the nssdb:


CA_TRUSTED_CERT=~/MY-CA-CERT
certutil -d sql:$HOME/.pki/nssdb -A -t "CP,,CP" -n basename ${CA_TRUSTED_CERT} -i ${CA_TRUSTED_CERT}.pem

Converting p7b Files and Certificate Chains to PEM files: (common with MSAD CA)

View certificate contents:

openssl -pkcs7 -print_certs -in cert.p7b -inform der -text

Convert Certificate:

openssl -pkcs7 -printcerts -in cert.p7b -inform der -out cert.pem