Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Certificate update question

From: Dave S via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 22 Jan 2018 12:40:03 -0800

[Resend to list]

On Mon, Jan 22, 2018 at 12:37 PM, Dave S <snidely.too_at_gmail.com> wrote:

> On Sat, Jan 20, 2018 at 2:49 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Thu, 21 Dec 2017, Dave S via curl-library wrote:
>>
>> (Sorry for not having responded sooner.)
>>
>> The certificates for TBD Portal (tbd.tbdservice.com) and MainTBD Portal
>>> (*.
>>> tbdservice.com) will be updated
>>>
>>
>> I don't see anything I have to do on my development systems -- the
>>> browser should handle the certificate update for me, right?
>>>
>>
>> In the case of Firefox it has its own certificate store, the other
>> browsers use the operating system's store (on Windows and Mac at least).
>>
>> But curl typically doesn't use those but instead uses a separate store.
>>
>> I currently don't do anything explicit about certs, letting libcurl find
>>> the system defaults. Do I need to take action, and if so ... what? Or
>>> will it all get worked out for me behind the curtain?
>>>
>>
>> It depends. On most linux (like) distros, the OS will keep the cert store
>> in shape when you update that, in other situations you may need to update a
>> private store every now and then. Possibly from the one we provide on the
>> curl site: https://curl.haxx.se/docs/caextract.html
>>
>> --
>>
>> / daniel.haxx.se
>>
>
>
>
> I've been meaning to update this thread with the results of my support
> inquiry. It seems the concern is mainly for server-to-server operations,
> which we currently aren't doing, rather than client-to-server.
>
> quote:
>
>> There is no need to bundle the certs to supply to the clients. The cert
>> is needed if you have an integration such as web services or batch
>> processing that uses these endpoints.
>>
>> If a user has any issues acquiring the cert due to security or OS
>> specific, they can visit the site to obtain it.
>>
>> The only OS that may be of issue is Win10. We found that Microsoft no
>> longer includes the standard root certificates with Win10 as they did with
>> previous versions. As such new installs of Win10 do not have the root ca
>> cert in their keystore. Browsing to a web page that has the root cert will
>> add it.
>>
> end quote
>
> Dave S
> /dps
>
>
> --
> test signature -- please apply at front gate on Tuesdays only.
> 

-- 
test signature -- please apply at front gate on Tuesdays only.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-01-22