On Thu, 24 Nov 2016, Steve Litt wrote
add the public part of the cert into your system's trusted CA store.
Silly question, but how would you do that?
You didn't say which OS you're running on (alpine runs on Windows as
well), but I'll assume *nix.
A previous poster showed you how to do it with a real certificate, and
the steps are the same. However, the way I found out without too much
fuss was to process trace my alpine process and see where it tied to
load a cert
$ strace -o trace.out alpine
... quit after connection
$ grep -F cert traceout
/1: open64("/etc/openssl/cert.pem", O_RDONLY) Err#2 ENOENT
/1: stat("/etc/openssl/certs/cbf06781.0", 0xFFBF8E54) Err#2 ENOENT
...
Your output will be different of course. The first load is the default
pre-loaded root CAs (Thawte, etc.) supplied by OpenSSL, and the second,
etc. are chained certificate lookups. You would replace the missing
cert with your own self-signed public pem file. e.g.
cp mypub.pem /etc/openssl/certs/cbf06781.0
For Windows, I don't know where it fetches it from.
Joseph Tam <jtam.h...@gmail.com>
