Re: Updating HPUX Root CA Certificates

PHSC · ‎11-12-2018

Greetigns all

• Basically I am trying to expand the root CA certificates. I know that openssl only comes with a few pre-installed:

swlist | grep -i openssl
openssl 1.0.2h openssl

swlist | grep BOE
HPUX11i-BOE B.11.31.1705 HP-UX Base Operating Environment

# openssl version -d
OPENSSLDIR: "/opt/openssl"
# ll /opt/openssl/certs
total 224
-rw-r--r--   1 bin        bin           1842 Sep 10 2010 C1_PCA_G3v2.pem
-rw-r--r--   1 bin        bin           1838 Sep 10 2010 C2_PCA_G3v2.pem
-rw-r--r--   1 bin        bin           1842 Sep 10 2010 C3_PCA_G3v2.pem
-rw-r--r--   1 bin        bin           1842 Sep 10 2010 C4_PCA_G3v2.pem
-rw-r--r--   1 bin        bin           1443 Sep 10 2010 Class1_PCA_G2_v2.pem
-rw-r--r--   1 bin        bin           1447 Sep 10 2010 Class2_PCA_G2_v2.pem
-rw-r--r--   1 bin        bin           1443 Sep 10 2010 Class3_PCA_G2_v2.pem
-rw-r--r--   1 bin        bin           1443 Sep 10 2010 Class4_PCA_G2_v2.pem
-rw-r--r--   1 bin        bin           1011 Sep 10 2010 PCA1ss_v4.pem
-rw-r--r--   1 bin        bin           1006 Sep 10 2010 PCA2ss_v4.pem
-rw-r--r--   1 bin        bin           1006 Sep 10 2010 PCA3ss_v4.pem
-rw-r--r--   1 bin        bin            998 Sep 10 2010 SecureServer.pem
-rw-r--r--   1 bin        bin           1402 Sep 10 2010 VeriSign_TSA_CA.pem
-rw-r--r--   1 root       sys           1159 Mar 3 2014 host.pem

• Looking on a Linux server, they had 280 certificates installed. I getting errors such as below which I believe is because the HPUX servers just don’t have all the certificates.:

CONNECTED(00000003)
depth=3 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2 verify error:num=20:unable to get local issuer certificate---

• So…I found a script that you can run to download a copy of recent root CA certificates from Mozilla:

# ./mk-ca-bundle.pl -k
/usr/lib/hpux64/dld.so: Unable to find library 'libidn2.so'.
SHA256 of old file: 3f875d87fee4ce3d966c69f1d6c111aa95c0143ade59e4fa24882c582bb5f0ca
Downloading certdata.txt ...
curl not found
Falling back to HTTP
Get certdata with LWP!
Downloaded certdata.txt
Downloaded file identical to previous run's source file. Exiting

• This downloads a bundle of certificates as below:

-rw-r--r--   1 root       sys         209316 Nov 1 15:37 ca-bundle.crt
-rw-r--r--   1 root       sys        1249935 Nov 1 16:23 certdata.txt
-rwxr-xr-x   1 root       sys          19352 Nov 1 15:36 mk-ca-bundle.pl

• But so far I can’t find a way to convert ca-bundle.crt into induvudual .pem files. I've been trawling through a OpenSSL manual and HP Certified Systems Admin book but had no luck. Has anyone found a way of updating the certificates??

Thanks

PSPrakash · ‎11-14-2018

Hello

This thread may help you .

https://community.hpe.com/t5/Security/Install-openssl-certificates-on-HPUX-11-31/td-p/6745505

Also ref: http://www.openssl.org/docs/HOWTO/certificates.txt

I am an HPE employee

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Updating HPUX Root CA Certificates

Updating HPUX Root CA Certificates

Re: Updating HPUX Root CA Certificates