Installing CA Certificates into NetBSD

Submitted by Fekete Zoltán on Mon, 01/23/2017 - 08:00

1. Download the CA certificate in PEM format

If  it was not available in PEM, then determine which format it is (here: DER), then convert it:

$ openssl x509 -in ca-cerificate-file.crt -inform DER -out ca-cerificate-file.pem -outform PEM

2. Check the fingerprint

$ openssl x509 -noout -fingerprint -in ca-certificate-file

3. Copy the CA cert frile into /etc/openssl/certs folder 

Then cd there.

4. Install the certificate

ln -s my_ca.crt `openssl x509 -hash -noout -in my_ca.crt`.0 

5. Verify a server which is signed by your new CA

openssl s_client -connect {HOSTNAME}:{PORT} -showcerts