mirror of
https://github.com/ChronosX88/psyced.git
synced 2024-12-04 16:12:20 +00:00
23 lines
937 B
Plaintext
23 lines
937 B
Plaintext
Newer drivers will either use the system default certificates, or you
|
|
may choose to put trusted certificates into here.
|
|
|
|
Add the certificates you trust (they have to end with .pem),
|
|
then run `c_rehash .` from the openssl package.
|
|
|
|
psyclpc drivers also support certificate revocation lists when
|
|
started with the --tlscrldirectory arguments. You may keep CA
|
|
certificates and CRLs in the same directory.
|
|
|
|
If you use CRLs, you need CRLs for each CA that you are trusting.
|
|
If they provide them in PEM format, take them and put the files into
|
|
this directory and `c_rehash .` as usual.
|
|
|
|
If they provide them in DER format, grab them, convert them to pem
|
|
using `openssl crl -in some.der -inform der -outform pem -out some.pem`
|
|
and `c_rehash .` again.
|
|
|
|
Note that you will have to periodically update the CRLs, as
|
|
otherwise you'll get problems. Maybe one day we'll have multicast
|
|
revocation announcements, but until then, CRL is all we have.
|
|
|