[Nix-dev] Installing CA certificates
Adam Russell
adamlr6 at gmail.com
Fri Feb 19 16:11:53 CET 2016
Thomas, I've not used the openssl command-line tool before, and looking at
its documentation I'm not sure what command I would run in order to test
it, or what output to look for. I can tell you that curl doesn't work
against the domains in question, though (at least without the insecure
flag).
Regardless, with or without the "comment" with the equal signs separator,
adding things to security.pki.certificates has no effect for me. Is there a
bug, or am I doing something wrong?
On Thu, Feb 18, 2016 at 1:31 PM Thomas Hunger <tehunger at gmail.com> wrote:
> Hi Adam,
>
> Can you make the TLS call work with a command line tool like openssl? I'm
> not 100% sure but I think that Chrome might use a different set of trusted
> certs (based on the Mozilla ones) [1].
>
> ~
>
> [1]
> https://www.chromium.org/Home/chromium-security/root-ca-policy
>
> On 18 February 2016 at 13:53, Adam Russell <adamlr6 at gmail.com> wrote:
>
>> Hello Nix-Dev,
>>
>> I'm trying to understand how to install CA certificates in NixOS.
>>
>> If I visit my work's webmail in Chromium, I get an indicator that my
>> connection is not private. Clicking the padlock icon in the address bar,
>> then the "Certificate information" link in the Connection tab, going to the
>> "Details" tab, and clicking "Export" allows me to download a certificate.
>>
>> The text in this export is what I am supposed to put in the array in
>> `security.pki.certificates` option of `/etc/nixos/configuration.nix`,
>> correct? Am I missing something?
>>
>> The documentation I am using is at:
>> https://github.com/NixOS/nixpkgs/blob/6e6a96d42cf56cfcd042bbeab89e37f442f0cfcc/nixos/modules/security/ca.nix#L39-L45
>>
>> Does the text above the equal signs have any significance ("NixOS.org" in
>> the example), or is it just a comment?
>>
>> Thanks,
>> -Adam
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160219/98e22adc/attachment-0001.html
More information about the nix-dev
mailing list