Jun 08

Installing custom root Certificate Authorities

Installing Custom Certificate Authorities for OpenSSL

Place a PEM format version of your CA's public key in the following location:

  • Mac OSX
    1. Copy the .pem file into /System/Library/OpenSSL/certs/
    2. Run c_rehash /System/Library/OpenSSL/certs/
    3. Debian:
      1. apt-get install openssl ca-certificates
      2. Copy the .PEM file into /etc/ssl/certs
      3. Run c_rehash in /etc/ssl/certs
      4. RedHat: /usr/share/ssl/cert.pem
      5. FreeBSD: /etc/ssl/cert.pem

      Converting certificate formats

      If your certificate is in a different format you should be able to convert it using the -outform option: openssl x509 -in foo -out foo.pem -outform PEM

      Installing Custom Certificate Authorities in the Mac OS X 10.3+ Keychain

      Open the certificate with Keychain Access and select X509 Anchors as the destination. Alternately, you can use the command-line to do this remotely: sudo certtool i custom-ca.crt v k=/System/Library/Keychains/X509Anchors

      Specific Applications