List all available ssl ca certificates
Clash Royale CLAN TAG#URR8PPP
up vote
23
down vote
favorite
My git client claims
error: Peer's Certificate issuer is not recognized.
That means it can not find the corresponding ssl server key in the global system keyring. I want to check this by looking at the list of all system wide available ssl keys on a gentoo linux system. How can I get this list?
linux openssl
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
add a comment |Â
up vote
23
down vote
favorite
My git client claims
error: Peer's Certificate issuer is not recognized.
That means it can not find the corresponding ssl server key in the global system keyring. I want to check this by looking at the list of all system wide available ssl keys on a gentoo linux system. How can I get this list?
linux openssl
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
add a comment |Â
up vote
23
down vote
favorite
up vote
23
down vote
favorite
My git client claims
error: Peer's Certificate issuer is not recognized.
That means it can not find the corresponding ssl server key in the global system keyring. I want to check this by looking at the list of all system wide available ssl keys on a gentoo linux system. How can I get this list?
linux openssl
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
My git client claims
error: Peer's Certificate issuer is not recognized.
That means it can not find the corresponding ssl server key in the global system keyring. I want to check this by looking at the list of all system wide available ssl keys on a gentoo linux system. How can I get this list?
linux openssl
linux openssl
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
edited Oct 23 '13 at 14:33
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
asked Oct 23 '13 at 12:29
Jonas Stein
1,07021033
1,07021033
add a comment |Â
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
42
down vote
accepted
It's not SSL keys you want, it's certificate authorities, and more precisely their certificates.
You could try:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/close(cmd);print ' < /etc/ssl/certs/ca-certificates.crt
To get the "subject" of every CA certificate in /etc/ssl/certs/ca-certificates.crt
Beware that sometimes, you get that error when SSL servers forget to provided the intermediate certificates.
Use openssl s_client -showcerts -connect the-git-server:443 to get the list of certificates being sent.
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
1
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
add a comment |Â
up vote
12
down vote
Not sure about Gentoo but most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
- Key files go into
/etc/ssl/private - System-provided actual files are located at
/usr/share/ca-certificates - Custom certificates go into
/usr/local/share/ca-certificates
Whenever you put a certificate in one of the above mentioned paths, run update-ca-certificates to update /etc/ssl/certs lists.
edited Jan 27 at 21:52
Sam Brightman
19316
answered Oct 23 '13 at 12:45
SHW
7,75133470
/etc/ssl/certsis the correct folder in gentoo. But the files are not well to read for human eyes.
– Jonas Stein
Oct 23 '13 at 15:09
2
It'supdate-ca-certificateswith an additionals(can't edit this myself, as it's just a one-character edit).
– Slaven Rezic
Jul 17 '17 at 13:01
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
add a comment |Â
up vote
0
down vote
I had a requirement to list all the certs on our server and notify if they are due to expire. We came up with this command:
locate .pem | grep ".pem$" | xargs -I openssl x509 -issuer -enddate -noout -in
answered 9 mins ago
Dwight Emmons
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
42
down vote
accepted
It's not SSL keys you want, it's certificate authorities, and more precisely their certificates.
You could try:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/close(cmd);print ' < /etc/ssl/certs/ca-certificates.crt
To get the "subject" of every CA certificate in /etc/ssl/certs/ca-certificates.crt
Beware that sometimes, you get that error when SSL servers forget to provided the intermediate certificates.
Use openssl s_client -showcerts -connect the-git-server:443 to get the list of certificates being sent.
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
1
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
add a comment |Â
up vote
42
down vote
accepted
It's not SSL keys you want, it's certificate authorities, and more precisely their certificates.
You could try:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/close(cmd);print ' < /etc/ssl/certs/ca-certificates.crt
To get the "subject" of every CA certificate in /etc/ssl/certs/ca-certificates.crt
Beware that sometimes, you get that error when SSL servers forget to provided the intermediate certificates.
Use openssl s_client -showcerts -connect the-git-server:443 to get the list of certificates being sent.
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
1
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
add a comment |Â
up vote
42
down vote
accepted
up vote
42
down vote
accepted
It's not SSL keys you want, it's certificate authorities, and more precisely their certificates.
You could try:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/close(cmd);print ' < /etc/ssl/certs/ca-certificates.crt
To get the "subject" of every CA certificate in /etc/ssl/certs/ca-certificates.crt
Beware that sometimes, you get that error when SSL servers forget to provided the intermediate certificates.
Use openssl s_client -showcerts -connect the-git-server:443 to get the list of certificates being sent.
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
It's not SSL keys you want, it's certificate authorities, and more precisely their certificates.
You could try:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/close(cmd);print ' < /etc/ssl/certs/ca-certificates.crt
To get the "subject" of every CA certificate in /etc/ssl/certs/ca-certificates.crt
Beware that sometimes, you get that error when SSL servers forget to provided the intermediate certificates.
Use openssl s_client -showcerts -connect the-git-server:443 to get the list of certificates being sent.
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
answered Oct 23 '13 at 13:08
Stéphane Chazelas
288k54533870
288k54533870
1
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
add a comment |Â
1
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
1
1
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
// , This does not work on CEntOS 6, but I have added an answer for CEntOS 6 here: unix.stackexchange.com/a/363309/48498
– Nathan Basanese
May 5 '17 at 21:25
add a comment |Â
up vote
12
down vote
Not sure about Gentoo but most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
- Key files go into
/etc/ssl/private - System-provided actual files are located at
/usr/share/ca-certificates - Custom certificates go into
/usr/local/share/ca-certificates
Whenever you put a certificate in one of the above mentioned paths, run update-ca-certificates to update /etc/ssl/certs lists.
edited Jan 27 at 21:52
Sam Brightman
19316
answered Oct 23 '13 at 12:45
SHW
7,75133470
/etc/ssl/certsis the correct folder in gentoo. But the files are not well to read for human eyes.
– Jonas Stein
Oct 23 '13 at 15:09
2
It'supdate-ca-certificateswith an additionals(can't edit this myself, as it's just a one-character edit).
– Slaven Rezic
Jul 17 '17 at 13:01
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
add a comment |Â
up vote
12
down vote
Not sure about Gentoo but most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
- Key files go into
/etc/ssl/private - System-provided actual files are located at
/usr/share/ca-certificates - Custom certificates go into
/usr/local/share/ca-certificates
Whenever you put a certificate in one of the above mentioned paths, run update-ca-certificates to update /etc/ssl/certs lists.
edited Jan 27 at 21:52
Sam Brightman
19316
answered Oct 23 '13 at 12:45
SHW
7,75133470
/etc/ssl/certsis the correct folder in gentoo. But the files are not well to read for human eyes.
– Jonas Stein
Oct 23 '13 at 15:09
2
It'supdate-ca-certificateswith an additionals(can't edit this myself, as it's just a one-character edit).
– Slaven Rezic
Jul 17 '17 at 13:01
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
add a comment |Â
up vote
12
down vote
up vote
12
down vote
Not sure about Gentoo but most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
- Key files go into
/etc/ssl/private - System-provided actual files are located at
/usr/share/ca-certificates - Custom certificates go into
/usr/local/share/ca-certificates
Whenever you put a certificate in one of the above mentioned paths, run update-ca-certificates to update /etc/ssl/certs lists.
edited Jan 27 at 21:52
Sam Brightman
19316
answered Oct 23 '13 at 12:45
SHW
7,75133470
Not sure about Gentoo but most distros put their certificates soft-link in system-wide location at /etc/ssl/certs.
- Key files go into
/etc/ssl/private - System-provided actual files are located at
/usr/share/ca-certificates - Custom certificates go into
/usr/local/share/ca-certificates
Whenever you put a certificate in one of the above mentioned paths, run update-ca-certificates to update /etc/ssl/certs lists.
edited Jan 27 at 21:52
Sam Brightman
19316
answered Oct 23 '13 at 12:45
SHW
7,75133470
edited Jan 27 at 21:52
Sam Brightman
19316
edited Jan 27 at 21:52
Sam Brightman
19316
edited Jan 27 at 21:52
Sam Brightman
19316
19316
answered Oct 23 '13 at 12:45
SHW
7,75133470
answered Oct 23 '13 at 12:45
SHW
7,75133470
answered Oct 23 '13 at 12:45
SHW
7,75133470
7,75133470
/etc/ssl/certsis the correct folder in gentoo. But the files are not well to read for human eyes.
– Jonas Stein
Oct 23 '13 at 15:09
2
It'supdate-ca-certificateswith an additionals(can't edit this myself, as it's just a one-character edit).
– Slaven Rezic
Jul 17 '17 at 13:01
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
add a comment |Â
/etc/ssl/certsis the correct folder in gentoo. But the files are not well to read for human eyes.
– Jonas Stein
Oct 23 '13 at 15:09
2
It'supdate-ca-certificateswith an additionals(can't edit this myself, as it's just a one-character edit).
– Slaven Rezic
Jul 17 '17 at 13:01
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
/etc/ssl/certs is the correct folder in gentoo. But the files are not well to read for human eyes.– Jonas Stein
Oct 23 '13 at 15:09
/etc/ssl/certs is the correct folder in gentoo. But the files are not well to read for human eyes.– Jonas Stein
Oct 23 '13 at 15:09
2
2
It's
update-ca-certificates with an additional s (can't edit this myself, as it's just a one-character edit).– Slaven Rezic
Jul 17 '17 at 13:01
It's
update-ca-certificates with an additional s (can't edit this myself, as it's just a one-character edit).– Slaven Rezic
Jul 17 '17 at 13:01
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
@SlavenRezic - Someone fixed it.
– Craig S. Anderson
Sep 13 at 23:22
add a comment |Â
up vote
0
down vote
I had a requirement to list all the certs on our server and notify if they are due to expire. We came up with this command:
locate .pem | grep ".pem$" | xargs -I openssl x509 -issuer -enddate -noout -in
answered 9 mins ago
Dwight Emmons
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
0
down vote
I had a requirement to list all the certs on our server and notify if they are due to expire. We came up with this command:
locate .pem | grep ".pem$" | xargs -I openssl x509 -issuer -enddate -noout -in
answered 9 mins ago
Dwight Emmons
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I had a requirement to list all the certs on our server and notify if they are due to expire. We came up with this command:
locate .pem | grep ".pem$" | xargs -I openssl x509 -issuer -enddate -noout -in
answered 9 mins ago
Dwight Emmons
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I had a requirement to list all the certs on our server and notify if they are due to expire. We came up with this command:
locate .pem | grep ".pem$" | xargs -I openssl x509 -issuer -enddate -noout -in
answered 9 mins ago
Dwight Emmons
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 9 mins ago
Dwight Emmons
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 9 mins ago
Dwight Emmons
1
answered 9 mins ago
Dwight Emmons
1
1
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Dwight Emmons is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f97244%2flist-all-available-ssl-ca-certificates%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
