[openssl-users] How to properly build OpenSSL with certificates inside certs directory

Jakob Bohm jb-openssl at wisemo.com
Wed Jul 27 16:53:20 UTC 2016


On 26/07/2016 16:09, Piotr Panasewicz wrote:
> Hi,
>
> There’s seems to be no good explanation on the website on how to build OpenSSL with CA certificates so I thought I’ll give a try here.
> I’ve copied all the CA certs I have to the certs folder and built, unfortunately I still get certificate validation errors with the library I uses (it links to OpenSSL dynamically).
> I have all the CA certs in pem format, should I include some kind of flag or do something else?
>
> Thanks in advance,
> Peter
>
>
You also need to create the relevant symlinks with the c_rehash
script or equivalent.  This is documented in the c_rehash manpage
included in OpenSSL (in doc/apps/c_rehash.pod before compiling).

If a single /etc/cert directory is shared by OpenSSL 0.9.x and
OpenSSL 1.0.x, you will need symlinks for both the old and new
digest formulas.  Like this:

c_rehash /etc/certs
# Only do this second step if OpenSSL 0.9.x is sharing the directory 
with 1.0.x
# (Situation with OpenSSL 1.1.x is unknown):
c_rehash -n -old /etc/certs

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list