omps/linux_ssl_cert.md

Created March 29, 2016 12:58

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/omps/134bcb5bc268c2011b5b.js"></script>
Save omps/134bcb5bc268c2011b5b to your computer and use it in GitHub Desktop.

SSL certificate on Linux

Raw

SSL Certificate location on Linux For system wide use OpenSSL should provide you /etc/ssl/certs and /etc/ssl/private. The latter of which will be restricted 700 to root:root.

If you have an application not performing an initial privsep from root then it might suit you to locate them somewhere local to the application with the relevantly restricted ownership and permissions.

To install root certificates.

$ cd /usr/ssl/certs
$ curl http://curl.haxx.se/ca/cacert.pem |
  awk '{print > "cert" (1+n) ".pem"} /-----END CERTIFICATE-----/ {n++}'
$ c_rehash

Author

omps commented Mar 29, 2016

for RHEL based systems

yum -y install ca-certificates

but this too doesn't solve the issue.

I am actually trying to do a git clone and getting this certificate error.

git config --global http.sslVerify false

this actually solves. but not a good idea to have it disabled.