Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Fetching contributors…
Cannot retrieve contributors at this time
28 lines (21 sloc) 1.02 KB
$NetBSD: MESSAGE,v 1.3 2011/06/10 16:23:45 drochner Exp $
Execute these commands to extract and rehash all CA root certificates
distributed by the Mozilla Project, so that they can be used by third
party applications using OpenSSL:
# cd /etc/openssl/certs # Default SSLCERTS path for NetBSD
# mozilla-rootcerts extract
# mozilla-rootcerts rehash
To create a single file certificate bundle in PEM format which can
be used by applications using GnuTLS, do the following:
# mkdir -p /etc/ssl/certs
# cd /etc/ssl/certs
# cat ../../openssl/certs/*.pem >ca-certificates.crt
To mark these certificates as trusted for users of gnupg2, do
the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
# mkdir /usr/pkg/etc/gnupg
# cd /usr/pkg/etc/gnupg
# for c in /etc/openssl/certs/*.pem; do
> openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
> done > trustlist.txt
Jump to Line
Something went wrong with that request. Please try again.