cURL / Mailing Lists / curl-library / Single Mail


Update of the curl-ca-bundle.crt files

From: <>
Date: Wed, 7 Feb 2007 17:15:39 +0100

The curl-ca-bundle.crt file is badly out of date - it hasn't been
updated since 2003 according to the CVS entry.

I've exported the "Trusted Root Certification Authorities", the
"Intermediate Certification Authorities" and the "Third-Party
Root Certification Authorities" certificates from a current
(updated) WinXP box, and converted them to the format used in the
curl-bundle-ca.crt file. Since this is a fairly large file (almost
800 MB uncompressed), I won't send it to the mailing list without an
OK from the mail admins - let me know where I can upload it.

If you'd rather generate the list yourself, you can do it like this
from any Windows-based box:
* Run the "mmc" utility, and use the "File" -> "Add/Remove snap-in"
  to include the "Certificates" snap-in.
* For each of the CA groups, select all certificates and do a
  right-click/All tasks/Export to a file. The certificates will be
  exported in PKCS#7 format, so use a ".p7b" filename extension.
* When you have the export files from all of the groups you want,
  run "openssl pkcs7 -inform DER -in FILE.p7b -print_certs -text"
  to convert the certs to the format used by CURL.

I'm sure it can also be done somewhere inside Firefox, but I
haven't checked.

Received on 2007-02-07