On Thu, 24 Nov 2016, Steve Litt wrote
>> add the public part of the cert into your system's trusted CA
store.
>
> Silly question, but how would you do that?
You didn't say which OS you're running on (alpine runs on Windows as
well), but I'll assume *nix.
A previous poster showed you how to do it with a real certificate, and
the steps are the same. However, the way I found out without too much
fuss was to process trace my alpine process and see where it tied to
load a cert
$ strace -o trace.out alpine
... quit after connection
$ grep -F cert traceout
/1: open64("/etc/openssl/cert.pem", O_RDONLY) Err#2 ENOENT
/1: stat("/etc/openssl/certs/cbf06781.0", 0xFFBF8E54) Err#2
ENOENT
...
Your output will be different of course. The first load is the default
pre-loaded root CAs (Thawte, etc.) supplied by OpenSSL, and the second,
etc. are chained certificate lookups. You would replace the missing
cert with your own self-signed public pem file. e.g.
cp mypub.pem /etc/openssl/certs/cbf06781.0
For Windows, I don't know where it fetches it from.
Joseph Tam <jtam.home at gmail.com>