network CA cert
|
24th Dec, 2019, 12:42 AM
Post: #1
|
|||
|
|||
network CA cert
should I install my network's ca.crt on my xbian unit? it has been working quite well without it - how might that change if I were to proceed?
(this is also opening a small door to my next question about VPNs and kodi/xbian...but first things first, right?) It may be taken for granted around here that it's the way to proceed, but I'm just looking for a bit of confirmation. I already encrypt my DNS lookups on a network basis (DNS-over-TLS and CloudFlare - a big improvement over my ISP), so putting that inside a tunnel would make for gold-standard (to the best of my knowledge/understanding) privacy and possibly network security. I'm hoping there is someone here with experience/expertise to offer insight. Thanks in advance! |
|||
31st Dec, 2019, 03:40 AM
Post: #2
|
|||
|
|||
RE: network CA cert
Why not:
Terminal xbian@avr ~ $ man update-ca-certificates [..] DESCRIPTION This manual page documents briefly the update-ca-certificates command. update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certifi‐ cates.crt, a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines that begin with "#" are comment lines and thus ignored. Lines that begin with "!" are dese‐ lected, causing the deactivation of the CA certificate in ques‐ tion. Certificates must have a .crt extension in order to be included by update-ca-certificates. Furthermore all certificates with a .crt extension found below /usr/local/share/ca-certificates are also included as implicitly trusted. [..] Drop the CA cert in below folder: Code: /usr/local/share/ca-certificates/ And run below to apply: Code: sudo update-ca-certificates There are only 10 types of people in the world: those who understand binary, and those who don't |
|||
1st Jan, 2020, 02:00 AM
Post: #3
|
|||
|
|||
RE: network CA cert
I'll let everyone know how that works when I get to it later this week.
UPDATE - if your network requires credentials such as ca.crt, you should install it on your xbian system. It'll work faster/better/stronger. |
|||
« Next Oldest | Next Newest »
|