summaryrefslogtreecommitdiffstats
path: root/examples/ca-certificates-local/README
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:10:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:10:40 +0000
commit566fd589c5ee5d23902ef807f0fde30701b9db93 (patch)
tree6c661dce007545291cfc2f515a7af6cc15a418ff /examples/ca-certificates-local/README
parentInitial commit. (diff)
downloadca-certificates-566fd589c5ee5d23902ef807f0fde30701b9db93.tar.xz
ca-certificates-566fd589c5ee5d23902ef807f0fde30701b9db93.zip
Adding upstream version 20240203.upstream/20240203upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'examples/ca-certificates-local/README')
-rw-r--r--examples/ca-certificates-local/README81
1 files changed, 81 insertions, 0 deletions
diff --git a/examples/ca-certificates-local/README b/examples/ca-certificates-local/README
new file mode 100644
index 0000000..f00891b
--- /dev/null
+++ b/examples/ca-certificates-local/README
@@ -0,0 +1,81 @@
+The Debian Package ca-certificates-local
+----------------------------
+
+This package includes local CA certificates to be installed in
+/usr/local/share/ca-certificates. The CA certificates installed by this
+package will be implicitly trusted.
+
+This is an example stub source package that includes a dummy CA
+certificate in the local/ directory. Remove the dummy certificate, copy
+your trusted local root CA (in PEM format with the filename ending in
+".crt") to the local/ directory, edit files in the debian/ directory as
+desired, and build your custom package.
+
+----------------------------
+
+Steps to build your custom local root CA package from this example:
+
+- Check that your local root CA is in PEM-encoded format, the filename
+ ends in ".crt", and that it is properly usable by openssl; for example:
+
+ $ openssl x509 -text -in Deep_Thought_Dummy_Root_CA.crt
+ Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 66 (0x42)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN=Deep Thought Dummy Root CA
+ Validity
+ Not Before: Aug 29 00:00:00 2013 GMT
+ Not After : Aug 28 23:59:59 2042 GMT
+ Subject: CN=Deep Thought Dummy Root CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:a2:e3:00:b0:d2:fa:92:57:02:97:5e:80:e0:1a:
+ <...>
+ c5:6e:dc:50:7f:3f:34:b8:29
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ C3:FF:DB:49:E2:8A:A4:26:62:19:74:F0:66:41:E1:5F:F7:4B:3F:A7
+ X509v3 Key Usage:
+ Certificate Sign, CRL Sign
+ Netscape Cert Type:
+ SSL CA, S/MIME CA, Object Signing CA
+ Signature Algorithm: sha1WithRSAEncryption
+ 1f:32:49:f2:7f:ed:80:62:2e:49:b7:ce:84:b9:c1:c5:1a:f6:
+ <...>
+ 32:2d
+ -----BEGIN CERTIFICATE-----
+ MIICEjCCAXugAwIBAgIBQjANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpEZWVw
+ <...>
+ yTxhjDIt
+ -----END CERTIFICATE-----
+
+- Copy this example source package somewhere to build as a normal user,
+ for instance your home directory:
+
+ $ cp -a /usr/share/doc/ca-certificates/examples/ca-certificates-local ~/
+ $ cd ~/ca-certificates-local/
+
+- Remove the dummy CA certificate, copy your local root CA certificate(s)
+ to the local/ directory, and build the package:
+
+ $ rm local/Local_Root_CA.crt
+ $ cp /path/to/YourOrg_Root_CA.crt local/
+ $ dpkg-buildpackage
+
+- Install the package (or copy it to your local apt repository for
+ installation on lots of machines):
+
+ $ sudo dpkg -i ../ca-certificates-local_0.1_all.deb
+
+- Feel free to edit the files under the debian/ directory for items like
+ the maintainer name and email address, version, etc. to better reflect
+ your own organization. This is just an example to get you started with
+ a proper local root CA package.
+