[Nix-dev] Installing CA certificates

Thomas Hunger tehunger at gmail.com
Thu Feb 18 20:31:00 CET 2016


Hi Adam,

Can you make the TLS call work with a command line tool like openssl? I'm
not 100% sure but I think that Chrome might use a different set of trusted
certs (based on the Mozilla ones) [1].

~

[1]
https://www.chromium.org/Home/chromium-security/root-ca-policy

On 18 February 2016 at 13:53, Adam Russell <adamlr6 at gmail.com> wrote:

> Hello Nix-Dev,
>
> I'm trying to understand how to install CA certificates in NixOS.
>
> If I visit my work's webmail in Chromium, I get an indicator that my
> connection is not private. Clicking the padlock icon in the address bar,
> then the "Certificate information" link in the Connection tab, going to the
> "Details" tab, and clicking "Export" allows me to download a certificate.
>
> The text in this export is what I am supposed to put in the array in
> `security.pki.certificates` option of `/etc/nixos/configuration.nix`,
> correct? Am I missing something?
>
> The documentation I am using is at:
> https://github.com/NixOS/nixpkgs/blob/6e6a96d42cf56cfcd042bbeab89e37f442f0cfcc/nixos/modules/security/ca.nix#L39-L45
>
> Does the text above the equal signs have any significance ("NixOS.org" in
> the example), or is it just a comment?
>
> Thanks,
> -Adam
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160218/63b7db68/attachment.html 


More information about the nix-dev mailing list