Re: Certificate update question
Date: Mon, 22 Jan 2018 12:40:03 -0800
[Resend to list]
On Mon, Jan 22, 2018 at 12:37 PM, Dave S <snidely.too_at_gmail.com> wrote:
> On Sat, Jan 20, 2018 at 2:49 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Thu, 21 Dec 2017, Dave S via curl-library wrote:
>> (Sorry for not having responded sooner.)
>> The certificates for TBD Portal (tbd.tbdservice.com) and MainTBD Portal
>>> tbdservice.com) will be updated
>> I don't see anything I have to do on my development systems -- the
>>> browser should handle the certificate update for me, right?
>> In the case of Firefox it has its own certificate store, the other
>> browsers use the operating system's store (on Windows and Mac at least).
>> But curl typically doesn't use those but instead uses a separate store.
>> I currently don't do anything explicit about certs, letting libcurl find
>>> the system defaults. Do I need to take action, and if so ... what? Or
>>> will it all get worked out for me behind the curtain?
>> It depends. On most linux (like) distros, the OS will keep the cert store
>> in shape when you update that, in other situations you may need to update a
>> private store every now and then. Possibly from the one we provide on the
>> curl site: https://curl.haxx.se/docs/caextract.html
>> / daniel.haxx.se
> I've been meaning to update this thread with the results of my support
> inquiry. It seems the concern is mainly for server-to-server operations,
> which we currently aren't doing, rather than client-to-server.
>> There is no need to bundle the certs to supply to the clients. The cert
>> is needed if you have an integration such as web services or batch
>> processing that uses these endpoints.
>> If a user has any issues acquiring the cert due to security or OS
>> specific, they can visit the site to obtain it.
>> The only OS that may be of issue is Win10. We found that Microsoft no
>> longer includes the standard root certificates with Win10 as they did with
>> previous versions. As such new installs of Win10 do not have the root ca
>> cert in their keystore. Browsing to a web page that has the root cert will
>> add it.
> end quote
> Dave S
> test signature -- please apply at front gate on Tuesdays only.
-- test signature -- please apply at front gate on Tuesdays only.
Received on 2018-01-22