myg...@gmail.com writes: > On 06/11/2018 at 12:59 Joshua Branson writes: > >> Divan Santana <di...@santanas.co.za> writes: >> >>> Hi Guix :) >>> >>> How does one import a root certificate for GuixSD? >> >> This probably isn't helpful, but what is a root certificate? >> >>> >>> I didn't see it in the manual. >>> >>> (Hopefully I didn't miss it. I need to read up on using info within Emacs >>> better.) >>> -- >>> Divan > > Hello Divan, > > If you want to a bundle of standard CA certificates install "nss-certs". > It is probably already be installed as a system package since most of > the example GuixSd configs include it. But I have encountered at least > one situation where I needed to also install in as a user package, > e.g. 'guix package -i nss-certs'. > > For details please see ... > > (guix) Application Setup > > ... or ... > > https://www.gnu.org/software/guix/manual/guix.html
So in my case, I have a root CA certificate for our organisition and many internal sites have a certificate issued from this CA. I want to import this self signed root CA so all sites with certs issued by this org CA is trusted OS wide. To do this on Arch one can: #+begin_src sh wget -O /etc/ca-certificates/trust-source/anchors/fnb-ca.pem http://http://fqdn/pub/org-ca.crt trust extract-compat #+end_src Debian Family #+begin_src sh mkdir /usr/share/ca-certificates/extra wget -O /usr/share/ca-certificates/extra/fnb-ca.crt http://http://fqdn/pub/org-ca.crt dpkg-reconfigure ca-certificates #+end_src I was hoping one could do the above within the system manifest file config.scm ? Else perhaps we do: wget -O /etc/ca-certificates/trust-source/anchors/fnb-ca.pem http://http://fqdn/pub/org-ca.crt trust extract-compat Doing a command like this would make most of the apps(curl/wget/browser) on the system trust these sites. -- Divan
