testssl.sh/etc/README.md

33 lines
1.6 KiB
Markdown
Raw Normal View History

2016-03-13 20:38:06 +01:00
2016-03-14 22:40:29 +01:00
#### Certificate stores
2016-03-13 20:38:06 +01:00
The certificate stores were retrieved by
* Mozilla; see https://curl.haxx.se/docs/caextract.html
2016-03-13 21:13:03 +01:00
* Linux: Just copied from an up-to-date Linux machine
2016-03-13 20:38:06 +01:00
* Microsoft: under Windows >= 7,2008 MS decided not to provide
2016-03-14 22:40:29 +01:00
a full certificate store by default/via update as all other OS do.
2016-03-13 21:10:00 +01:00
It's being populated with time -- supposed you use e.g. IE while browsing.
This store was destilled from three different windows installations via
2016-03-14 22:40:29 +01:00
certmgr.msc and is an export of "Trusted Root Certification Authorities"
2016-03-13 21:10:00 +01:00
--> "Certificates". Third Party Root Certificates were for now deliberately
omitted. Feedback is welcome, see #317.
2016-03-25 09:20:20 +01:00
* Apple.pem : it comes from Apple OS X keychain app
Open Keychain Access.
In the Finder window, under Favorites, click Applications, click Utilities
and then double-click Keychain Access.
In the Keychain Access window, under Keychains, click System and then
under Category, click All Items.
Select now all CA certificate then File, Export Items
2016-03-13 20:38:06 +01:00
2016-03-13 21:10:00 +01:00
In this directory you can also save e.g. your company Root CA(s) in PEM
format, extension ``pem``. This has two catches momentarily: You will still
2016-03-14 22:40:29 +01:00
get a warning for the other certificate storesthough while scanning internal
2016-03-13 21:10:00 +01:00
networks. If you scan other hosts in the internet the check against your
Root CA will fail, too. This will be fixed in the future, see #230.
2016-03-13 20:38:06 +01:00
2016-03-13 21:13:03 +01:00
#### Mapping files
The file ``mapping-rfc.txt`` uses the hexcode to map OpenSSL names
against the RFC/IANA names. ``curves.txt`` is not being used yet, it
is supposed to map EC curve names properly.