Friday, June 10, 2011

Download SSL certificates for use with command line tools

In order to download the certificate from a remote server and use it with all the command line tool, first run the following command to download the self-signed certificate from the remote server:

openssl sl_client remote_server:443 > new.cert

The above command will download the certificate and capture the contents in the new.cert file. Now this new certificate has to be added a certificate bundle that is maintained by the local system. In Fedora the certificate bundle is maintained in : /etc/pki/tls/certs/ca-bundle.crt file. To add the new certificate to the list of accepted certificates run the following command:

cat new.cert >> /etc/pki/tls/certs/ca-bundle.crt

Be sure to only append to the target file and not overwrite (that is be sure to use >> and NOT > ).

Of course, you will only be accepting the self-signed certificate from a remote server only if you trust the server. Please don't do this for every server you come across.