openssl-osx-ca icon indicating copy to clipboard operation
openssl-osx-ca copied to clipboard

Published 20 hours ago verified publisher icon raggi

Export certificates into /usr/local/etc/openssl/certs

Open johnbellone opened this issue 6 years ago • 3 comments

I was wondering if you would be opposed to accepting a patch that would export root certificates from the keychains to certs directory. This is needed for tools such as Vagrant to inject them into guest virtual machines.

johnbellone avatar Jan 11 '18 20:01 johnbellone

Vagrant can consume a cert.pem, can you explain more why you want this form?

raggi avatar Jan 13 '18 22:01 raggi

@raggi Absolutely!

The vagrant-ca-certificates plugin takes individual certificates and injects them into a running guest instance. It then uses the guest operating system mechanism to build the proper certificate bundle. So, for example, if we have internal root certificate we only want to inject that instead of the whole bundle.

Right now, the way that I achieve that is to manually drop them into /usr/local/openssl/certs and have the above plugin copy them into guest. What I'd like to do is potentially have each root/sub be a separate file in /certs so that I don't need to manually copy them over.

If there's a better way to do this I am open. The downside here is that the whole keychain would be exported into that directory versus only the certificates that I want to add to the default bundle.

johnbellone avatar Jan 16 '18 19:01 johnbellone

I'm in support of this being done, not sure if I'll get around to it soon. Should be an easy task for someone to try :)

raggi avatar Dec 18 '18 04:12 raggi