Results 1 to 6 of 6

Thread: CA certificates

  1. #1

    Default CA certificates

    Does a standard Leap 42.3 installation from DVD -regardless of desktop environment- already include a CA certificates package for use with, say, curl or IRC clients such as Hexchat or Polari? Or must one install it apart after installation?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,796
    Blog Entries
    3

    Default Re: CA certificates

    Checking what is installed, I see:

    ca-certificates
    ca-certificates-cacert
    ca-certificates-mozilla
    mozilla-nss-certs
    mozilla-nss-certs-32bit

    (that's from searching for "certificates")

    The first of those looks as if it is always installed.
    The second is something that I manually installed.
    The other three are likely installed if firefox is installed.

    I told Yast to "skip auto-refresh" because of the problems at "download.opensuse.org".
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3

    Default Re: CA certificates

    And is ca-certificates package enough for using, say, Hexchat or Polari to connect to channels via TLS? Or do you need also ca-certificates-cacert package? That's the actual question.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,796
    Blog Entries
    3

    Default Re: CA certificates

    I'm pretty sure that you DO NOT need the "ca-certificates-cacert" package.

    You only need that if you are using a cacert certificate, or connecting to something that uses a cacert certificate. I have not come across many sites that use such a certificate. I install it mostly as a gesture of support for what the cacert folk are doing.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,403
    Blog Entries
    2

    Default Re: CA certificates

    In general,
    You need to read the application documentation, for some apps you need to install them in a particular location, managed by the app.

    For others or if there is no mention,
    Then I'd recommend installing in a well known system location, most likely the Gnome-keyring.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,403
    Blog Entries
    2

    Default Re: CA certificates

    Quote Originally Posted by F_style View Post
    And is ca-certificates package enough for using, say, Hexchat or Polari to connect to channels via TLS? Or do you need also ca-certificates-cacert package? That's the actual question.
    In general,
    It depends on the Server you're connecting to.

    Your client app needs to use a CA (certificate of authority) that is also trusted by the Server.
    Again, this is probably somewhere in the documentation in this case provided by whoever set up and maintains the server.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •