Default certificate path taken by openssl

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Default certificate path taken by openssl

Chethan Kumar

Hi all,

 

Need your help in quesry related to certificate used by openssl.

In Linux, if any application which uses openssl does not specify the path from which certificates should be read by openssl, does openssl try to read from default path or something?

Need help in this as there is one ca-bundle.crt(\usr\lib\ssl\certs\ca-bundle.crt)” file in machine and we use our own ca-bundle.crt in another path.

Is it ok to remove \usr\lib\ssl\certs\ca-bundle.crt file if we don’t use this?

 

 

Thanks in advance,

Chethan Kumar

 

.

Reply | Threaded
Open this post in threaded view
|

Re: Default certificate path taken by openssl

Viktor Dukhovni
On Thu, Jan 09, 2020 at 06:42:36AM +0000, Chethan Kumar wrote:

> In Linux, if any application which uses openssl does not specify the
> path from which certificates should be read by openssl, does openssl
> try to read from default path or something?

OpenSSL has a default cert store path, but it is up to applications to
request use of the default paths for certificate validation.  Many do,
some don't.

> Need help in this as there is one
> ca-bundle.crt(\usr\lib\ssl\certs\ca-bundle.crt)" file in machine and
> we use our own ca-bundle.crt in another path.

Is this a Linux machine or a Windows machine?  You're using backslash as
a path separator, which is not something that Works on POSIX systems
(e.g. Linux).

> Is it ok to remove \usr\lib\ssl\certs\ca-bundle.crt file if we don't use this?

You can remove whatever you want, but if it is installed by an OS
package, something might break if you do.

This question is best asked of your Linux vendor, the upstream OpenSSL
project does not bundle any trusted certificates.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

RE: Default certificate path taken by openssl

Chethan Kumar
Hi Viktor,

Thank you for the information.
It was helpful.

With Regards,
Chethan Kumar

-----Original Message-----
From: openssl-users [mailto:[hidden email]] On Behalf Of Viktor Dukhovni
Sent: Thursday, January 9, 2020 12:35 PM
To: [hidden email]
Subject: Re: Default certificate path taken by openssl

On Thu, Jan 09, 2020 at 06:42:36AM +0000, Chethan Kumar wrote:

> In Linux, if any application which uses openssl does not specify the
> path from which certificates should be read by openssl, does openssl
> try to read from default path or something?

OpenSSL has a default cert store path, but it is up to applications to request use of the default paths for certificate validation.  Many do, some don't.

> Need help in this as there is one
> ca-bundle.crt(\usr\lib\ssl\certs\ca-bundle.crt)" file in machine and
> we use our own ca-bundle.crt in another path.

Is this a Linux machine or a Windows machine?  You're using backslash as a path separator, which is not something that Works on POSIX systems (e.g. Linux).

> Is it ok to remove \usr\lib\ssl\certs\ca-bundle.crt file if we don't use this?

You can remove whatever you want, but if it is installed by an OS package, something might break if you do.

This question is best asked of your Linux vendor, the upstream OpenSSL project does not bundle any trusted certificates.

--
    Viktor.
The information contained in this e-mail message and in any
attachments/annexure/appendices is confidential to the
recipient and may contain privileged information.
If you are not the intended recipient, please notify the
sender and delete the message along with any
attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the
message or any annexure. Any views expressed in this e-mail
are those of the individual sender except where the sender
specifically states them to be the views of
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.

Although this transmission and any attachments are believed to be
free of any virus or other defect that might affect any computer
system into which it is received and opened, it is the responsibility
of the recipient to ensure that it is virus free and no responsibility
is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
damage arising in any way from its use.