Difference between revisions of "SSL Certificate Authorities"
(New page: The Palm Pre ships with a default list of certificate authorities which are used for verifying that SSL sites are who you think they are. For general use this list of certificates is adeq...) |
|||
Line 7: | Line 7: | ||
== Linux Solution == | == Linux Solution == | ||
− | Once you have set up your Pre to begin [accessing linux], the procedure to add new root certificates is relatively simple. | + | Once you have set up your Pre to begin [[Portal:Accessing_Linux|accessing linux]], the procedure to add new root certificates is relatively simple. |
The list of root certificate authorities is located at: | The list of root certificate authorities is located at: |
Latest revision as of 03:02, 24 July 2009
The Palm Pre ships with a default list of certificate authorities which are used for verifying that SSL sites are who you think they are. For general use this list of certificates is adequate but for homes or businesses which handle their own SSL certificates the default list of certificate authority certificates may not be adequate.
Palm Recommended Solution
Palm has foreseen the need to import new SSL certificates and has built in a utility to do so. Located the certificate you would like to import to your Pre and send it in an email to yourself. Tap the certificate attachment and a certificate management dialog will pop up which will allow you to trust or not trust the certificate. Ideally after trusting the certificate you should be able to communicate with a server using that certificate or has a certificate signed by that certificate. However, this mechanism does not seem to work appropriately.
You can find a reference article on this on Palm's website.
Linux Solution
Once you have set up your Pre to begin accessing linux, the procedure to add new root certificates is relatively simple.
The list of root certificate authorities is located at:
/etc/ssl/certs/ca-certificates.crt
You should not remove any of the existing entries from the list, but you can append your certificate here. You the entry you will add will resemble something like
subject= /C=US/O=yourcommonname.org/CN=yourcommonname.orig -----BEGIN CERTIFICATE----- MIICsDCCAhmgAwIBAgIJANc6kCH5g7ojMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMDkwNzI0MDE1MjM3WhcNMTAwNzI0MDE1MjM3WjBF MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQDZtAfL6iZtsVLEbZExBLo9RV73l/P9527lmoxg+QQ8SebAvjzdZMe1kvBef5mM bOu+Q+XsaH+K8NopWbnuu1/JxLD/A8Dec6NyhiDGqLkZpyggSgeGODu8QDjVQjzS JVp/10hxlMVdXK8NETLA3jo9NyT51HIluHlodKDm0mfe7wIDAQABo4GnMIGkMB0G A1UdDgQWBBRMOHuWrDCn6hC4iZCIkCvnoGH0hDB1BgNVHSMEbjBsgBRMOHuWrDCn 6hC4iZCIkCvnoGH0hKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJANc6kCH5 g7ojMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAZy3zLGYXkCpLuQ37 S66hLrD1FocauQOm/AKAnmq/5ebjWx8eqedefB6nazn/Ygv9kNsgjcMrLictFcTg 0jAzKqQI4enfvBxeHcAKxh0jyvXKot5L9yoUH5whCoBtoVAlsxH4+P/NDNhnLris CljJXmG3t9+jU7BjkXVchhDXkKk= -----END CERTIFICATE-----
Once you have successfully added your new certificate to the CA list you should reboot your Pre and all of your SSL certificates signed by that certificate authority should be valid.