developer:cabundle

Root CA Bundle File

Depending on the SSL library you are using, it may be necessary to keep your root CA bundle file up to date. This bundle allows your software verify that the SSL certificates presented by USAePay are valid. If you allow your bundle to get out of date it is possible that you will no longer be available the latest certificates.

The following is a list of resources / directions for maintaining the ca bundle for various operating systems and ssl toolkits.

CuRL

CuRL is a popular network transport library that is commonly used by PHP and C developers. It ships with the script “mk-ca-bundle.pl” which downloads the latest ca data from mozilla and uses it to build a ca-bundle.crt. To generate a fresh bundle, re-run this script and move ca-bundle.crt into the correct location. If you curl has been installed as part of your OS, the bundle file was probably created and maintained by the packaging system. For example, on CentOS, the bundle file lives in /etc/pki/tls/certs/ca-bundle.crt and is part of the openssl package. As long as you apply the CentOS updates to the openssl package, you should have a fresh bundle file.

If you are having trouble creating a fresh bundle file, you can download the latest bundle here: curl-ca-bundle.zip

developer/cabundle.txt · Last modified: 2009/12/15 13:32 by tem

Page Tools