curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Certificate update question

From: Dave S via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 22 Jan 2018 12:40:03 -0800

[Resend to list]

On Mon, Jan 22, 2018 at 12:37 PM, Dave S <snidely.too_at_gmail.com> wrote:

> On Sat, Jan 20, 2018 at 2:49 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Thu, 21 Dec 2017, Dave S via curl-library wrote:
>>
>> (Sorry for not having responded sooner.)
>>
>> The certificates for TBD Portal (tbd.tbdservice.com) and MainTBD Portal
>>> (*.
>>> tbdservice.com) will be updated
>>>
>>
>> I don't see anything I have to do on my development systems -- the
>>> browser should handle the certificate update for me, right?
>>>
>>
>> In the case of Firefox it has its own certificate store, the other
>> browsers use the operating system's store (on Windows and Mac at least).
>>
>> But curl typically doesn't use those but instead uses a separate store.
>>
>> I currently don't do anything explicit about certs, letting libcurl find
>>> the system defaults. Do I need to take action, and if so ... what? Or
>>> will it all get worked out for me behind the curtain?
>>>
>>
>> It depends. On most linux (like) distros, the OS will keep the cert store
>> in shape when you update that, in other situations you may need to update a
>> private store every now and then. Possibly from the one we provide on the
>> curl site: https://curl.haxx.se/docs/caextract.html
>>
>> --
>>
>> / daniel.haxx.se
>>
>
>
>
> I've been meaning to update this thread with the results of my support
> inquiry. It seems the concern is mainly for server-to-server operations,
> which we currently aren't doing, rather than client-to-server.
>
> quote:
>
>> There is no need to bundle the certs to supply to the clients. The cert
>> is needed if you have an integration such as web services or batch
>> processing that uses these endpoints.
>>
>> If a user has any issues acquiring the cert due to security or OS
>> specific, they can visit the site to obtain it.
>>
>> The only OS that may be of issue is Win10. We found that Microsoft no
>> longer includes the standard root certificates with Win10 as they did with
>> previous versions. As such new installs of Win10 do not have the root ca
>> cert in their keystore. Browsing to a web page that has the root cert will
>> add it.
>>
> end quote
>
> Dave S
> /dps
>
>
> --
> test signature -- please apply at front gate on Tuesdays only.
>

-- 
test signature -- please apply at front gate on Tuesdays only.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-01-22