- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Updating HPUX Root CA Certificates
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2018 04:06 AM
11-12-2018 04:06 AM
Updating HPUX Root CA Certificates
Greetigns all
• Basically I am trying to expand the root CA certificates. I know that openssl only comes with a few pre-installed:
swlist | grep -i openssl
openssl 1.0.2h openssl
swlist | grep BOE
HPUX11i-BOE B.11.31.1705 HP-UX Base Operating Environment
# openssl version -d
OPENSSLDIR: "/opt/openssl"
# ll /opt/openssl/certs
total 224
-rw-r--r-- 1 bin bin 1842 Sep 10 2010 C1_PCA_G3v2.pem
-rw-r--r-- 1 bin bin 1838 Sep 10 2010 C2_PCA_G3v2.pem
-rw-r--r-- 1 bin bin 1842 Sep 10 2010 C3_PCA_G3v2.pem
-rw-r--r-- 1 bin bin 1842 Sep 10 2010 C4_PCA_G3v2.pem
-rw-r--r-- 1 bin bin 1443 Sep 10 2010 Class1_PCA_G2_v2.pem
-rw-r--r-- 1 bin bin 1447 Sep 10 2010 Class2_PCA_G2_v2.pem
-rw-r--r-- 1 bin bin 1443 Sep 10 2010 Class3_PCA_G2_v2.pem
-rw-r--r-- 1 bin bin 1443 Sep 10 2010 Class4_PCA_G2_v2.pem
-rw-r--r-- 1 bin bin 1011 Sep 10 2010 PCA1ss_v4.pem
-rw-r--r-- 1 bin bin 1006 Sep 10 2010 PCA2ss_v4.pem
-rw-r--r-- 1 bin bin 1006 Sep 10 2010 PCA3ss_v4.pem
-rw-r--r-- 1 bin bin 998 Sep 10 2010 SecureServer.pem
-rw-r--r-- 1 bin bin 1402 Sep 10 2010 VeriSign_TSA_CA.pem
-rw-r--r-- 1 root sys 1159 Mar 3 2014 host.pem
• Looking on a Linux server, they had 280 certificates installed. I getting errors such as below which I believe is because the HPUX servers just don’t have all the certificates.:
CONNECTED(00000003)
depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 verify error:num=20:unable to get local issuer certificate---
• So…I found a script that you can run to download a copy of recent root CA certificates from Mozilla:
# ./mk-ca-bundle.pl -k
/usr/lib/hpux64/dld.so: Unable to find library 'libidn2.so'.
SHA256 of old file: 3f875d87fee4ce3d966c69f1d6c111aa95c0143ade59e4fa24882c582bb5f0ca
Downloading certdata.txt ...
curl not found
Falling back to HTTP
Get certdata with LWP!
Downloaded certdata.txt
Downloaded file identical to previous run's source file. Exiting
• This downloads a bundle of certificates as below:
-rw-r--r-- 1 root sys 209316 Nov 1 15:37 ca-bundle.crt
-rw-r--r-- 1 root sys 1249935 Nov 1 16:23 certdata.txt
-rwxr-xr-x 1 root sys 19352 Nov 1 15:36 mk-ca-bundle.pl
• But so far I can’t find a way to convert ca-bundle.crt into induvudual .pem files. I've been trawling through a OpenSSL manual and HP Certified Systems Admin book but had no luck. Has anyone found a way of updating the certificates??
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-14-2018 10:36 PM
11-14-2018 10:36 PM
Re: Updating HPUX Root CA Certificates
Hello
This thread may help you .
https://community.hpe.com/t5/Security/Install-openssl-certificates-on-HPUX-11-31/td-p/6745505
Also ref: http://www.openssl.org/docs/HOWTO/certificates.txt
I am an HPE employee