Default certificate path taken by openssl

Viktor Dukhovni openssl-users at
Thu Jan 9 07:04:33 UTC 2020

On Thu, Jan 09, 2020 at 06:42:36AM +0000, Chethan Kumar wrote:

> In Linux, if any application which uses openssl does not specify the
> path from which certificates should be read by openssl, does openssl
> try to read from default path or something?

OpenSSL has a default cert store path, but it is up to applications to
request use of the default paths for certificate validation.  Many do,
some don't.

> Need help in this as there is one
> ca-bundle.crt(\usr\lib\ssl\certs\ca-bundle.crt)" file in machine and
> we use our own ca-bundle.crt in another path.

Is this a Linux machine or a Windows machine?  You're using backslash as
a path separator, which is not something that Works on POSIX systems
(e.g. Linux).

> Is it ok to remove \usr\lib\ssl\certs\ca-bundle.crt file if we don't use this?

You can remove whatever you want, but if it is installed by an OS
package, something might break if you do.

This question is best asked of your Linux vendor, the upstream OpenSSL
project does not bundle any trusted certificates.


More information about the openssl-users mailing list