[Nix-dev] Installing CA certificates

zimbatm zimbatm at zimbatm.com
Fri Feb 19 16:26:42 CET 2016


What is the output of `echo $SSL_CERT_FILE` and `echo $CURL_CA_BUNDLE` ?
If one of those is set, look in the pointed file if you can find your
certificate.

On Fri, 19 Feb 2016 at 15:12 Adam Russell <adamlr6 at gmail.com> wrote:

> Thomas, I've not used the openssl command-line tool before, and looking at
> its documentation I'm not sure what command I would run in order to test
> it, or what output to look for. I can tell you that curl doesn't work
> against the domains in question, though (at least without the insecure
> flag).
>
> Regardless, with or without the "comment" with the equal signs separator,
> adding things to security.pki.certificates has no effect for me. Is there a
> bug, or am I doing something wrong?
>
> On Thu, Feb 18, 2016 at 1:31 PM Thomas Hunger <tehunger at gmail.com> wrote:
>
>> Hi Adam,
>>
>> Can you make the TLS call work with a command line tool like openssl? I'm
>> not 100% sure but I think that Chrome might use a different set of trusted
>> certs (based on the Mozilla ones) [1].
>>
>> ~
>>
>> [1]
>> https://www.chromium.org/Home/chromium-security/root-ca-policy
>>
>> On 18 February 2016 at 13:53, Adam Russell <adamlr6 at gmail.com> wrote:
>>
>>> Hello Nix-Dev,
>>>
>>> I'm trying to understand how to install CA certificates in NixOS.
>>>
>>> If I visit my work's webmail in Chromium, I get an indicator that my
>>> connection is not private. Clicking the padlock icon in the address bar,
>>> then the "Certificate information" link in the Connection tab, going to the
>>> "Details" tab, and clicking "Export" allows me to download a certificate.
>>>
>>> The text in this export is what I am supposed to put in the array in
>>> `security.pki.certificates` option of `/etc/nixos/configuration.nix`,
>>> correct? Am I missing something?
>>>
>>> The documentation I am using is at:
>>> https://github.com/NixOS/nixpkgs/blob/6e6a96d42cf56cfcd042bbeab89e37f442f0cfcc/nixos/modules/security/ca.nix#L39-L45
>>>
>>> Does the text above the equal signs have any significance ("NixOS.org"
>>> in the example), or is it just a comment?
>>>
>>> Thanks,
>>> -Adam
>>>
>>> _______________________________________________
>>> nix-dev mailing list
>>> nix-dev at lists.science.uu.nl
>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160219/45fc906a/attachment.html 


More information about the nix-dev mailing list