JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
 
Certificates
Our products range
Partners
Support
Focus


Use a linux / openssl SSL client

Most of Linux SSL clients (such as Lynx, wget, curl) uses Openssl to check the server certificates that are presented. See also Which version of Openssl to use?
By default, Openssl saves the trusted CA files in /usr/lib/ssl/certs. It also uses this location for its s_client command.

This location can be modified by defining the environment variable SSL_CERT_DIR in /etc/profile or in an equivalent user file.

In this repertory, place the certificates (in x509 format named *.pem) of the authorities in which you trust. Then update the subject hash with:
/usr/bin/c_rehash /usr/lib/ssl/certs
You can directly use our archive of authorities in which we trust with:
wget https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz
tar -x -C / -vzf tbs-trusted-roots.tgz
c_rehash /usr/lib/ssl/certs
or
wget https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz && tar -x -C / -vzf tbs-trusted-roots.tgz && c_rehash /usr/lib/ssl/certs
or
curl https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz | tar -x -C / -vz && c_rehash /usr/lib/ssl/certs
If you are using curl, note that it has its own file containing the list of certification authorities that dates from... 2000!

Update that file with:
cd /usr/share/curl/
cp curl-ca-bundle.crt curl-ca-bundle.crt.orig
wget https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz
tar xvfz tbs-trusted-roots.tgz usr/lib/ssl/certs/allroots.txt
mv usr/lib/ssl/certs/allroots.txt curl-ca-bundle.crt
rmdir -p usr/lib/ssl/certs


If you also have Java on your machine, you can use our certification authorities' file as well.
To do so, and if yo installed our file https://www.tbs-internet.com/secure/ca/tbs-trusted-roots.tgz, you must have a file named cacerts in /usr/lib/ssl/certs/. It is the certificates database.

To install it, copy/paste this file in /usr/java/xxx/lib/security/cacerts and replace xxx by the name of your Java version. For example:
/usr/java/jre1.5.0_01/lib/security/cacerts
/usr/java/jdk1.5.0_06/jre/lib/security/cacerts
Our database password is: tbstrusted

Under gentoo, the default path to certification authorities is /etc/ssl/certs.

A great number of authorities are delivered by default, including ours. So there is no need to add others but deleting some may be a good idea ;)