In order to download the certificate from a remote server and use it with all the command line tool, first run the following command to download the self-signed certificate from the remote server:
openssl sl_client remote_server:443 > new.cert
The above command will download the certificate and capture the contents in the new.cert file. Now this new certificate has to be added a certificate bundle that is maintained by the local system. In Fedora the certificate bundle is maintained in : /etc/pki/tls/certs/ca-bundle.crt file. To add the new certificate to the list of accepted certificates run the following command:
cat new.cert >> /etc/pki/tls/certs/ca-bundle.crt
Be sure to only append to the target file and not overwrite (that is be sure to use >> and NOT > ).
Of course, you will only be accepting the self-signed certificate from a remote server only if you trust the server. Please don't do this for every server you come across.
Subscribe to:
Post Comments (Atom)
My openssl (ubuntu 11.04) needed a different syntax:
ReplyDeleteopenssl s_client -showcerts -connect $SITE:$PORT > $SITE.cert </dev/null
Over the years the Internet has become an integral part of our lives. It impacts us enormously in our personal and business lives. The Web has provided a platform for millions of people to do SSL Services Provider remotely and generate significant revenue.
ReplyDelete