On Mon, Nov 22, 2010 at 04:21:05PM -0500, Michael Orlitzky wrote:
> Where does Postfix get its list of "system-supplied default certificate
> authority certificates" [1]? If it's an OpenSSL thing, is there some way
> I can make it spit the list out?
Fine the OpenSSL command-line utility that matches the library
Postfix is linked with. Then:
openssl version -d
For example, on a RedHat system:
$ /usr/bin/openssl version -d
OPENSSLDIR: "/usr/share/ssl"
Then look for a cert.pem file in that directory, and a certs/
sub-directory, (which is only effective if someone runs c_rehash
there). You can confirm via:
$ strings -a /usr/lib/libcrypto.so | grep /usr/share
OPENSSLDIR: "/usr/share/ssl"
/usr/share/ssl/private
/usr/share/ssl
/usr/share/ssl/certs
/usr/share/ssl/cert.pem
--
Viktor.
