[openssl-users] How to properly build OpenSSL with certificates inside certs directory
Jakob Bohm
jb-openssl at wisemo.com
Wed Jul 27 16:53:20 UTC 2016
On 26/07/2016 16:09, Piotr Panasewicz wrote:
> Hi,
>
> There’s seems to be no good explanation on the website on how to build OpenSSL with CA certificates so I thought I’ll give a try here.
> I’ve copied all the CA certs I have to the certs folder and built, unfortunately I still get certificate validation errors with the library I uses (it links to OpenSSL dynamically).
> I have all the CA certs in pem format, should I include some kind of flag or do something else?
>
> Thanks in advance,
> Peter
>
>
You also need to create the relevant symlinks with the c_rehash
script or equivalent. This is documented in the c_rehash manpage
included in OpenSSL (in doc/apps/c_rehash.pod before compiling).
If a single /etc/cert directory is shared by OpenSSL 0.9.x and
OpenSSL 1.0.x, you will need symlinks for both the old and new
digest formulas. Like this:
c_rehash /etc/certs
# Only do this second step if OpenSSL 0.9.x is sharing the directory
with 1.0.x
# (Situation with OpenSSL 1.1.x is unknown):
c_rehash -n -old /etc/certs
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list