Trusting an CA certificate
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2011
    Posts
    7

    Trusting an CA certificate

    Hi,

    I'm using Fedora 19.

    I'm not very experienced with this all certificate business, but I want to make some warnings disappear.

    I'm connecting (with fetchmail) to imap.mail.yahoo.com on `imaps` port via SSL, and I'm getting their SSL certificate. I'd like to enforce a proper validation of this certificate by trusting its CA. I've found that their CA is named "DigiCert High Assurance CA-3", but Fedora 19 seems to only include DigiCert High Assurance CA-0. So I've navigated to DigiCert's website to got the required certificate (I hope). I've translated the .crt format to .pem format by using this command:

    Code:
    $ openssl x509 -inform DES -in DigiCertHighAssuranceCA-3.crt -out DigiCertHighAssuranceCA-3.pem -text
    I've copied DigiCertHighAssuranceCA-3.pem to /etc/pki/tls/certs and I've run:

    Code:
    $ sudo c_rehash .
    Doing .
    DigiCertHighAssuranceCA-3.pem => 02b2d53d.0
    Unfortunately, fetchmail still shows me an SSL error. I'm sure I've missed something, but any guides that I find on the Internet for other distros doesn't apply for Fedora 19, because F19 seems to have changed its certificate management.

    I'm too green to figure out the proper solution to my problem :)

    Could anyone help?

  2. #2
    Join Date
    Jun 2010
    Location
    Lost...
    Posts
    1,300

    Re: Trusting an CA certificate

    Look here: https://fedoraproject.org/wiki/Featu..._systemwide_CA
    Hope it can help.

    ---------- Post added at 11:57 AM ---------- Previous post was at 11:52 AM ----------

    There is a README: /etc/pki/ca-trust/source/README
    Code:
    =============================================================================
    QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
                list of CAs trusted on the system:
    
                Copy it to the
                        /etc/pki/ca-trust/source/anchors/
                subdirectory, and run the
                        update-ca-trust
                command.
    
                If your certificate is in the extended BEGIN TRUSTED file format,
                then place it into the main source/ directory instead.
    =============================================================================
    :confused:

  3. #3
    Join Date
    Nov 2011
    Posts
    7

    [SOLVED] Re: Trusting an CA certificate

    It worked!

    Thank you!

Similar Threads

  1. Can't install Software after trusting key?
    By Farmboy87 in forum Using Fedora
    Replies: 2
    Last Post: 5th September 2010, 12:12 PM
  2. Replies: 0
    Last Post: 4th September 2008, 12:42 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •