SSLCERTS.md - OpenGrok cross reference for /external/curl/docs/SSLCERTS.md

Lines Matching full:ca
22 This system is about trust. In your local CA certificate store you have certs
38 by using a CA certificate store that the SSL library can use to make sure the
42 certificates in the CA store, you can be sure that the remote server really is
45 If the remote server uses a self-signed certificate, if you do not install a CA
46 cert store, if the server uses a certificate signed by a CA that is not
56  2. Get a CA certificate that can verify the remote server and use the proper
57     option to point out this CA cert for verification when connecting. For
62  3. Add the CA cert for your server to the existing default CA certificate
63     store. The default CA certificate store can be changed at compile time with
66     `--with-ca-bundle=FILE`: use the specified file as the CA certificate
67     store. CA certificates need to be concatenated in PEM format into this
70     `--with-ca-path=PATH`: use the specified path as CA certificate store. CA
78     `--without-ca-bundle` and `--without-ca-path` to the configure script.
80     If you use Internet Explorer, this is one way to get extract the CA cert
84      - Find out where the CA certificate is kept (Certificate>
89      - Add the `outcert.pem` to the CA certificate store or use it stand-alone
92     If you use the `openssl` tool, this is one way to get extract the CA cert
102      - If you want to trust the certificate, you can add it to your CA
106  4. If you are using the curl command line tool, you can specify your own CA
111     for a CA cert file named "curl-ca-bundle.crt" in these directories and in
119  5. Get a better/different/newer CA cert bundle! One option is to extract the
120     one a recent Firefox browser uses by running 'make ca-bundle' in the curl
122     way for you: [CA Extract](https://curl.se/docs/caextract.html)
125 certificate that is not signed by one of the certificates in the installed CA
135 CA cert db. Red Hat ships with an additional module, libnsspem.so, which
136 enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install
137 p11-kit-nss-trust which makes NSS use the system wide CA certificate
155 peer certificate verification, but instead of using a CA cert bundle, it will