[colug-432] centos ca certificate store?
Rick Hornsby
richardjhornsby at gmail.com
Mon Jul 10 15:23:23 EDT 2017
Having some CA certificate validation difficulties with CentOS 6. For some
reason, I can't get an otherwise valid SSL certificate to be recognized
because it's CA is not recognized (I think?)
$ curl -iv https://myhost.mydomain.org/
* About to connect() to myhost.mydomain.org port 443 (#0)
* Trying 127.0.0.1... connected
* Connected to myhost.mydomain.org (127.0.0.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Peer's certificate issuer is not recognized: 'CN=Go Daddy Secure
Certificate Authority -
G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com,
Inc.",L=Scottsdale,ST=Arizona,C=US'
The latest CA cert bundle package(?) has been installed:
$ rpm -qa | grep ca-cert
ca-certificates-2017.2.14-65.0.1.el6_9.noarch
That package[1] is supposed to update the ca bundle file, but the file date
is pretty old -
$ ls -l /etc/pki/tls/certs/ca-bundle.crt
-rw-r--r--. 1 root root 251894 Sep 3 2014 /etc/pki/tls/certs/ca-bundle.crt
If this was only affecting cURL or wget, it wouldn't be a big deal. I think
it's causing me problems trying to run a java app on this host that needs
to connect to https://myhost.mydomain.org.
Any thoughts/suggestions?
thanks!
[1]
https://rpmfind.net/linux/RPM/centos/updates/6.9/x86_64/Packages/ca-certificates-2017.2.14-65.0.1.el6_9.noarch.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20170710/56dae5d7/attachment.html
More information about the colug-432
mailing list