The location for certificate store for OpenSSL varies by version:
Red Hat Enterprise Linux 5: /etc/pki/tls/certs
Red Hat Enterprise Linux 4: /usr/share/ssl/certs
Fedora: /etc/pki/tls/certs
1. Change to the directory:
# cd /etc/pki/tls/certs
2. Next download the College root certificate:
# wget http://icca1.cc.ic.ac.uk/cdp/icrootca.cer
3. Create a link with the certificate hash:
# ln -s icrootca.cer `openssl x509 -hash -noout -in icrootca.cer`.0
4. You now need to repeat this for the College intermediate CA:
# wget http://icca1.cc.ic.ac.uk/cdp/icca.cer
# ln -s icca.cer `openssl x509 -hash -noout -in icca.cer`.0
The installation is now complete. You can verify that this has been successfull as follows - ensure both command return "OK":
# openssl verify -CApath /etc/pki/tls/certs icrootca.cer
icrootca.cer: OK
# openssl verify -CApath /etc/pki/tls/certs icca.cer
icca.cer: OK
Now you can connect to an SSL enabled web server that uses the College CA:
# openssl s_client -showcerts -connect icca1.cc.ic.ac.uk:443 -CApath /etc/pki/tls/certs
Ensure the resulting output displays the certifcates and gives no errors.
If you want to enable LDAPS (LDAP over SSL) under OpenLDAP, you need to repeat the above process but in /etc/openldap/cacerts (and make the appropriate changes in ldap.conf).
Reference: http://www3.imperial.ac.uk/ict/services/securitynetworkdatacentreandtelephonyservices/security/securityservices/publickeyinfrastructure/installcaonlinux
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment