[Nix-dev] Installing CA certificates
Adam Russell
adamlr6 at gmail.com
Fri Feb 19 17:47:07 CET 2016
The output is:
$ echo $SSL_CERT_FILE
/etc/ssl/certs/ca-certificates.crt
$ echo $CURL_CA_BUNDLE
$
And yes, the certificates are in that file. Is there another step that
needs to happen for curl and Chromium to be able to use them?
On Fri, Feb 19, 2016 at 9:26 AM zimbatm <zimbatm at zimbatm.com> wrote:
> What is the output of `echo $SSL_CERT_FILE` and `echo $CURL_CA_BUNDLE` ?
> If one of those is set, look in the pointed file if you can find your
> certificate.
>
> On Fri, 19 Feb 2016 at 15:12 Adam Russell <adamlr6 at gmail.com> wrote:
>
>> Thomas, I've not used the openssl command-line tool before, and looking
>> at its documentation I'm not sure what command I would run in order to test
>> it, or what output to look for. I can tell you that curl doesn't work
>> against the domains in question, though (at least without the insecure
>> flag).
>>
>> Regardless, with or without the "comment" with the equal signs separator,
>> adding things to security.pki.certificates has no effect for me. Is there a
>> bug, or am I doing something wrong?
>>
>> On Thu, Feb 18, 2016 at 1:31 PM Thomas Hunger <tehunger at gmail.com> wrote:
>>
>>> Hi Adam,
>>>
>>> Can you make the TLS call work with a command line tool like openssl?
>>> I'm not 100% sure but I think that Chrome might use a different set of
>>> trusted certs (based on the Mozilla ones) [1].
>>>
>>> ~
>>>
>>> [1]
>>> https://www.chromium.org/Home/chromium-security/root-ca-policy
>>>
>>> On 18 February 2016 at 13:53, Adam Russell <adamlr6 at gmail.com> wrote:
>>>
>>>> Hello Nix-Dev,
>>>>
>>>> I'm trying to understand how to install CA certificates in NixOS.
>>>>
>>>> If I visit my work's webmail in Chromium, I get an indicator that my
>>>> connection is not private. Clicking the padlock icon in the address bar,
>>>> then the "Certificate information" link in the Connection tab, going to the
>>>> "Details" tab, and clicking "Export" allows me to download a certificate.
>>>>
>>>> The text in this export is what I am supposed to put in the array in
>>>> `security.pki.certificates` option of `/etc/nixos/configuration.nix`,
>>>> correct? Am I missing something?
>>>>
>>>> The documentation I am using is at:
>>>> https://github.com/NixOS/nixpkgs/blob/6e6a96d42cf56cfcd042bbeab89e37f442f0cfcc/nixos/modules/security/ca.nix#L39-L45
>>>>
>>>> Does the text above the equal signs have any significance ("NixOS.org"
>>>> in the example), or is it just a comment?
>>>>
>>>> Thanks,
>>>> -Adam
>>>>
>>>> _______________________________________________
>>>> nix-dev mailing list
>>>> nix-dev at lists.science.uu.nl
>>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>>
>>>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160219/b3fc7dd5/attachment-0001.html
More information about the nix-dev
mailing list