SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Use a linux / openssl SSL client

Most of Linux SSL clients (such as Lynx, wget, curl) uses Openssl to check the server certificates that are presented. See also Which version of Openssl to use?
By default, Openssl saves the trusted CA files in /usr/lib/ssl/certs. It also uses this location for its s_client command.

This location can be modified by defining the environment variable SSL_CERT_DIR in /etc/profile or in an equivalent user file.

In this repertory, place the certificates (in x509 format named *.pem) of the authorities in which you trust. Then update the subject hash with: 
/usr/bin/c_rehash /usr/lib/ssl/certs
You can directly use our archive of authorities in which we trust with: 
wget https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz
tar -x -C / -vzf tbs-trusted-roots.tgz
c_rehash /usr/lib/ssl/certs
or 
wget https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz && tar -x -C / -vzf tbs-trusted-roots.tgz && c_rehash /usr/lib/ssl/certs
or 
curl https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz | tar -x -C / -vz && c_rehash /usr/lib/ssl/certs
If you are using curl, note that it has its own file containing the list of certification authorities that dates from... 2000!

Update that file with: 
cd /usr/share/curl/
cp curl-ca-bundle.crt curl-ca-bundle.crt.orig
wget https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz
tar xvfz tbs-trusted-roots.tgz usr/lib/ssl/certs/allroots.txt
mv usr/lib/ssl/certs/allroots.txt curl-ca-bundle.crt
rmdir -p usr/lib/ssl/certs


If you also have Java on your machine, you can use our certification authorities' file as well.
To do so, and if yo installed our file https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz, you must have a file named cacerts in /usr/lib/ssl/certs/. It is the certificates database.

To install it, copy/paste this file in /usr/java/xxx/lib/security/cacerts and replace xxx by the name of your Java version. For example: 
/usr/java/jre1.5.0_01/lib/security/cacerts
/usr/java/jdk1.5.0_06/jre/lib/security/cacerts
Our database password is: tbstrusted

Under gentoo, the default path to certification authorities is /etc/ssl/certs.

A great number of authorities are delivered by default, including ours. So there is no need to add others but deleting some may be a good idea ;)