S3Sync.net
February 02, 2014, 01:19:25 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Getting CA certificates, re-examined  (Read 7137 times)
ferrix
Sr. Member
****
Posts: 363


(I am greg13070 on AWS forum)


View Profile
« on: February 15, 2008, 12:47:05 AM »

For -s (--ssl) You used to be able to use just one certificate (with SSL_CERT_FILE) to identify all the s3.amazonaws.com, but recently AWS has started using more than one CA.  So oops, syncs will start failing....

There is a debian package ca-certificates; this is what I'm using now.
apt-get install ca-certificates
and then use:
SSL_CERT_DIR=/etc/ssl/certs

But what if you don't know how to get certs for your platform in a format that ruby can digest?
Well first I recommend seeing if your vendor has a "correct" way to get a trusted CA list set up. 

In case it's helpful, I synced my "/etc/ssl/certs" dir to ServEdge_pub:s3sync/certs
So you can pull my copy of the certs dir down if you want.  It turns out all the cert files are just symlinks to the ca-certificates.crt file.  So you could just use s3cmd to get ServEdge_pub:s3sync/certs/ca-certificates.crt, and then use the SSL_CERT_FILE setting to point ruby at that.  That's how I do it in Windows, because the symlinks don't translate cross platform anyway.
Logged
maelcum
Newbie
*
Posts: 43



View Profile
« Reply #1 on: February 15, 2008, 07:36:07 AM »

Works like a charm.
Thanks for providing the ca-certificates.cer directly! Makes things so much easier.

Cheers

maelcum
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!