You are here: Foswiki>IN Web>Zertifikate (09 May 2023, AnnekeWalter)Edit Attach

Certificates CSCO:IN

Most of our webservices use SSL encryption. For example our website, buildservice, artifact repository, rpm repository, etc.

Only the public facing webservices at https://www-acc.gsi.de/ are using a well known root certificate authority chain (german telecom -> deutscher forschungsverein -> GSI).

All other services are signed by ACC-CA. This authority is preinstalled for systems maintained by csco:in, on other systems you need to manually add it where needed.

Linux

Most application use /etc/pki/tls/certs/ca-bundle.crt as a bundle of certificate authorities. If you are using the csco:in rpm repositories you can install the gsi-cert package. Otherwise use something like

wget https://www-acc.gsi.de/certificate/acc-ca.crt -q -O -  >> /etc/pki/tls/certs/ca-bundle.crt

Archlinux

curl -L    -o /etc/ca-certificates/trust-source/anchors/acc-ca.crt    https://www-acc.gsi.de/certificate/acc-ca.crt
update-ca-trust

LDAP

To configure openldap to use the bundle add the following to /etc/openldap/ldap.conf

tls_cacert /etc/pki/tls/certs/ca-bundle.crt
tls_cacertdir /etc/openldap/cacerts

Windows

Firefox:

Java

Each java installation has its own keystore. The following command should help you to figure it out how to add the acc-ca

wget https://www-acc.gsi.de/certificate/acc-ca.crt -q -O - |  /usr/java/default/bin/keytool     -keystore /usr/java/default/jre/lib/security/cacerts     -storepass changeit     -alias acc-ca     -noprompt     -importcert

MacOS

The keytool should be in the path. The keystore is in:

Keystore JDK6: /System/Library/Frameworks/JavaVM.framework/Home/lib/security/cacerts
Keystore JDK7: /Library/Java/JavaVirtualMachines/jdk1.7.0_40.jdk/Contents/Home/jre/lib/security/cacerts

And you need to use sudo, so you can't pipe the wget output. Use the "-file" parameter to specify the downloaded certfile.

wget https://www-acc.gsi.de/certificate/acc-ca.crt 
sudo /usr/java/default/bin/keytool     -keystore /Library/Java/JavaVirtualMachines/jdk1.7.0_40.jdk/Contents/Home/jre/lib/security/cacerts     -storepass changeit     -alias acc-ca     -noprompt     -importcert     -file acc-ca.crt 

Topic revision: r9 - 09 May 2023, AnnekeWalter
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback