[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] cert bundle sources
|
From: |
Doug Kaufman |
|
Subject: |
Re: [Lynx-dev] cert bundle sources |
|
Date: |
Sat, 21 Mar 2009 14:11:58 -0700 (PDT) |
On Sat, 21 Mar 2009, Stefan Caunter wrote:
> Going through the procedure for exporting certs from IE it seems that
> IE (and FF) export only one DER formatted cert at a time from Windows.
> ...
> Any other ideas for sources for CA root certs?
>
> As it stands, I can't find a way to get all of the certs dumped from
> Windows to DER, for openssl conversion to PEM and eventual hashing.
I am not sure I understand exactly what you tried to do. On my
WindowsXP machine, running IE6, I just go to
"Tools/Internet Options/Content/Certificates/Trusted Root Certification
Authorities".
I then highlight all the certificates by left-clicking on the first,
going to the end and shift-left-clicking on the last. Click the export
button and pick a name for the exported bundle (e.g. cert.p7b). Then
"openssl pkcs7 -inform der -outform pem -in cert.p7b -out cert.pem -print_certs
-text"
should do it. The "-text" is optional. I don't have IE7 to see what it
does.
Daniel Stenberg, the author of curl, has a perl script on his web page,
writen by Guenter Knauf, for extracting a cert bundle from the Mozilla
source (mk-ca-bundle.pl). He also maintains extracted cert bundles
available for download. You just need to change the name to cert.pem.
See "http://curl.haxx.se/docs/caextract.html";
Doug
--
Doug Kaufman
Internet: address@hidden