In an earlier post I mentioned that, while MacOS includes OpenSSL it isn't preconfigured with any trusted root certificates. So before you can use it to do SSL properly you need to provide a set.
My previous post suggested extracting them from the bundle that comes with Firefox, but I've recently come across a useful article about Alpine on MacOS by Paul Heinlein <heinlein@madboa.com> in which he points out that the MacOS operating system already has a set of preconfigured roots and that these can be extracted using the Keychain Access utility for use by OpenSSL. See his posting for details, but to quote from it:
- Open the Keychain Access application and choose the System Roots keychain. Select the Certificates category and you should see 100 or more certificates listed in the main panel of the window.
- Click your mouse on any of those certificate entries and then select them all with Edit → Select All (Cmd+A).
- Once the certificates are all highlighted, export them to a file: File → Export Items…. Use “cert” as the filename and make sure “Privacy Enhanced Mail (.pem) has been chosen as the file format.
- Copy the newly created
cert.peminto the/System/Library/OpenSSLdirectory
Posts
It was the only way to solve a persistent issue my svn host provider wasn't able to fix :)
ReplyDeleteThank you very much
One can also download the curl CA cert bundle and put it in the same location. Bundle and script to create bundle can be obtained here: http://curl.haxx.se/docs/caextract.html
ReplyDeleteThanks for sharing this. Really, really appreciated.
ReplyDeleteI am not able to find the "OpenSSL" folder in y LIbrary, What should I do now? Can I add it manually by creating a folder?
ReplyDelete