]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - config/ca-certificates/build.sh
7 mkdir
-pv /etc
/pki
/ca-trust
/source
11 python3 ..
/certdata2pem.py
16 cat <<EOF > ca-bundle.trust.p11-kit
17 # This is a bundle of X.509 certificates of public Certificate
18 # Authorities. It was generated from the Mozilla root CA list.
19 # These certificates and trust/distrust attributes use the file format accepted
20 # by the p11-kit-trust module.
22 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
27 P11FILES
=`find certs -name \*.tmp-p11-kit | wc -l`
28 if [ $P11FILES -ne 0 ]; then
29 for p
in certs
/*.tmp-p11-kit
; do
30 cat "$p" >> /etc
/pki
/ca-trust
/source
/ca-bundle.trust.p11-kit
34 cat <<EOF > ca-bundle.crt
35 # This is a bundle of X.509 certificates of public Certificate
36 # Authorities. It was generated from the Mozilla root CA list.
38 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
42 cat <<EOF > ca-bundle.trust.crt
43 # This is a bundle of X.509 certificates of public Certificate
44 # Authorities. It was generated from the Mozilla root CA list.
45 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
46 # format and have trust bits set accordingly.
48 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
52 trust extract
--comment --filter=certificates
--format=openssl-bundle
--overwrite ca-bundle.trust
53 cat ca-bundle.trust
>> ca-bundle.trust.crt
55 trust extract
--comment --filter=ca-anchors
--format=pem-bundle
--overwrite --purpose server-auth ca-bundle
56 cat ca-bundle
>> ca-bundle.crt