Opened 4 years ago

Last modified 4 years ago

#16663 new enhancement

Add a friendly certificate manager

Reported by: amber Owned by: nobody
Priority: normal Milestone: Unscheduled
Component: - General Version: R1/beta2
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

I was surprised to find that Haiku doesn't recognize certificate files (*.cer) (*.p7b). I needed to install a security certificate on the system, but I didn't understand how to do it (or it's not obvious). Can you add a simple and convenient certificate Manager to your system? (for example, as "certmgr.msc" in Windows). If you already have such a program, please make it the default for opening *.cer and *.p7b files. Thanks

Change History (4)

comment:1 by nephele, 4 years ago

If you mean costum root certificates then the way is this:

  • create /system/non-packaged/data/ssl/certs
  • copy cert to /system/non-packaged/data/ssl/certs/cert
  • run openssl rehash on the commandline

Sorry that it is still this complicated :)

you should be able to test with openssl s_client, and it's return code, whether the tls connection can be established then.

Last edited 4 years ago by nephele (previous) (diff)

comment:2 by amber, 4 years ago

Thanks! But I wouldn't want this system to follow the Linux path. (open a command prompt, copy the file to the "magic" path, and so on.) This is the same as in Windows, every time you go to the registry. I was interested in this OS because I think it is easier to learn than Linux. Please develop it in the same direction. "Command line" - should be a nice addition, not the main tool (as in this case).

comment:3 by nephele, 4 years ago

Sure, I wanted to write down how it can be done currently because i don't think it is in the documentation (and would atleast give one the option to use it now)

The current UI regarding certificates is certainly not finished (or, to be more precise not started), I only added the option to have the certs in that directory to atleast be able to use them. The next thing I wanted to work on in that area is to remove the need to use openssl rehash, after that an application could simply drop a cert in that dir, e.g the cert that gets opened in the file manager, and have a ui to display the dirs content aswell.

comment:4 by amber, 4 years ago

hm... Is it possible, as a "first step", to add the "Install" item to the context menu of the certificate file? It would be great if this item automatically copied the certificate file and executed the "openssl rehash" command in "back end".

Note: See TracTickets for help on using tickets.