- polishing

This commit is contained in:
Dirk 2016-03-25 11:52:23 +01:00
parent ad8fd1804a
commit c684ba7d9c
1 changed files with 14 additions and 15 deletions

View File

@ -5,26 +5,25 @@ The certificate stores were retrieved by
* Mozilla; see https://curl.haxx.se/docs/caextract.html
* Linux: Just copied from an up-to-date Linux machine
* Microsoft: under Windows >= 7,2008 MS decided not to provide
a full certificate store by default/via update as all other OS do.
* Microsoft: For Windows >= 7/2008 Microsoft decided not to provide
a full certificate store by default or via update as all other OS do.
It's being populated with time -- supposed you use e.g. IE while browsing.
This store was destilled from three different windows installations via
certmgr.msc and is an export of "Trusted Root Certification Authorities"
--> "Certificates". Third Party Root Certificates were for now deliberately
omitted. Feedback is welcome, see #317.
* Apple.pem : it comes from Apple OS X keychain app
Open Keychain Access.
In the Finder window, under Favorites, click Applications, click Utilities
and then double-click Keychain Access.
In the Keychain Access window, under Keychains, click System and then
under Category, click All Items.
Select now all CA certificate then File, Export Items
"certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities"
--> "Certificates".
Third Party Root Certificates were for now deliberately omitted.
Feedback is welcome, see #317.
* Apple: It comes from Apple OS X keychain app. Open Keychain Access.
In the Finder window, under Favorites --> "Applications" --> "Utilities"
--> "Keychain Access" (2 click). In that window --> "Keychains" --> "System"
--> "Category" --> "All Items"
Select all CA certificates, "File" --> "Export Items"
In this directory you can also save e.g. your company Root CA(s) in PEM
format, extension ``pem``. This has two catches momentarily: You will still
get a warning for the other certificate storesthough while scanning internal
networks. If you scan other hosts in the internet the check against your
Root CA will fail, too. This will be fixed in the future, see #230.
get a warning for the other certificate stores while scanning internal net-
works. Second catch: If you scan other hosts in the internet the check against
your Root CA will fail, too. This will be fixed in the future, see #230.
#### Mapping files
The file ``mapping-rfc.txt`` uses the hexcode to map OpenSSL names