添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
焦虑的面包  ·  node: ...·  6 天前    · 
谈吐大方的薯片  ·  【OpenSSL ...·  3 天前    · 
不羁的感冒药  ·  花生13网课-花生13网课促销价格、花生13 ...·  4 月前    · 
深沉的蚂蚁  ·  《交通财会》2024年第6期目录-学术交流- ...·  5 月前    · 
会开车的钱包  ·  Django 之 ...·  5 月前    · 
英姿勃勃的黄豆  ·  抗癌斗士中山六院副院长王磊,与肿瘤抗争到生命 ...·  5 月前    · 
任性的弓箭  ·  《雪中悍刀行》徐凤年为何赠姜泥铜钱?大凉龙雀 ...·  6 月前    · 
link管理  ›  Syncing macOS Keychain certificates with Homebrew’s OpenSSL – Rob Allen
mac openssl
https://akrabat.com/syncing-macos-keychain-certificates-with-homebrews-openssl/
豪情万千的橙子
6 月前

One of my clients runs their own Composer repository for some packages which is hosted on internal system where the SSL is signed by an internal root CA cert. I installed the relevant certificates into my Keychain, but Composer complained about not being able to trust the certificate.

I use the Homebrew version of PHP which links to Homebrew’s OpenSSL, so I realised that OpenSSL wasn’t looking at the keychain, but instead at its own store, cert.pem which can be found in the OpenSSL directory. OpenSSL will tell you where that directory is if you use openssl version -d :

$ openssl version -d OPENSSLDIR: "/usr/local/etc/[email protected]"

Apple provides the security command line to work with your keychain. You can use this to create a cert.pem file of every certificate in the keychain:

security find-certificate -a -p \ /System/Library/Keychains/SystemRootCertificates.keychain \ /Library/Keychains/System.keychain \ ~/Library/Keychains/login.keychain-db > keychain_certificates.pem

However , this does not take into account your trust settings and so includes any certificates you have not trusted.

So the next step is to
check each one with system verify-cert and then add to cert.pem . This requires splitting up the output of system find-certificate which is a hassle!

Fortunately someone else has done the work for us!

James Tucker has created openssl-osx-ca .

To use:

$ brew tap raggi/ale $ brew install openssl-osx-ca $ brew services start openssl-osx-ca

Now your Homebrew OpenSSL certificate store will be automatically synced from your Keychain every hour.

Job done!

This article was posted on in Software

I'm Rob Allen , a software consultant and engineering leader, concentrating on HTTP APIs. A proponent of Open Source, I maintain rst2pdf and Slim Framework , and contribute to Apache OpenWhisk amongst other OSS projects.

I live in the UK, run 19FT and publish Daily Jotter for Mac. I am a public speaker and wrote Zend Framework in Action .

Follow

  • @[email protected] on Mastodon
  • @akrabat on Twitter
  • Akrabatic on Twitch
  • Photos on Flickr
  • Code on GitHub
  • Videos on YouTube
    •  
    推荐文章
    焦虑的面包  ·  node: --openssl-legacy-provider is not allowed in NODE_OPTIONS 怎么解决
    6 天前
    谈吐大方的薯片  ·  【OpenSSL 之五】:HMAC算法分析_算法_KXue0703-GitCode 开源社区
    3 天前
    不羁的感冒药  ·  花生13网课-花生13网课促销价格、花生13网课品牌 - 淘宝
    4 月前
    深沉的蚂蚁  ·  《交通财会》2024年第6期目录-学术交流-财务审计司
    5 月前
    会开车的钱包  ·  Django 之 ContentType组件 - Hubery_Jun - 博客园
    5 月前
    英姿勃勃的黄豆  ·  抗癌斗士中山六院副院长王磊,与肿瘤抗争到生命最后一刻-中华肿瘤康复网-肿瘤康复网-癌症康复网
    5 月前
    任性的弓箭  ·  《雪中悍刀行》徐凤年为何赠姜泥铜钱?大凉龙雀换神符,情真意切_腾讯新闻
    6 月前
    Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
    link管理 - 链接快照平台