Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tools:certificates [2024/02/05 13:04] – [UPMC Certificates] willtools:certificates [2025/04/25 16:42] (current) – [Terminal] will
Line 21: Line 21:
 To allow UPMC's cert in the SSL chain on debian, run: To allow UPMC's cert in the SSL chain on debian, run:
 <code> <code>
-  # as root +# as root 
-  cd /usr/local/share/ca-certificates/ +[ $(id -u) -ne 0 ] && echo "with sudo" && exit 1 
-  cert_loc=http://upmccrl.upmc.com/CDP/ + 
-  for crt in UPMC-CA23 UPMC-CA20 UPMC-ROOT-CA; do +cd /usr/local/share/ca-certificates/ 
-     wget "$cert_loc/$crt.crt" -O "$crt.crt-der" +cert_loc=https://upmccrl.upmc.com/cdp 
-     # added 20230707 +# 20250313 - added "UPMC ROOT CA 2023" via Nathan Safran 
-     openssl x509 -in $crt.crt-der -out $crt.crt -outform PEM +for crt in UPMC-CA23 UPMC-CA20 UPMC-ROOT-CA "UPMC ROOT CA 2023"; do 
-  done +   ! wget "$cert_loc/$crt.crt" -O "$crt.crt-der" && echo "ERROR: cannot get '$crt'" && continue 
-  update-ca-certificates+   # added 20230707 
 +   openssl x509 -in "$crt.crt-der-out "$crt.crt-outform PEM 
 +done 
 +update-ca-certificates
 </code> </code>
  
Line 66: Line 69:
 pip install urllib3==1.26.12 pip install urllib3==1.26.12
 </code> </code>
 +
 +For python virtual enviornments, you may also want to manually append certificates to ''cacert.pem'' bundled with ''certifi''
 +<code>
 +pycert=$(python -c 'import certifi,os; print(os.readlink(os.path.dirname(certifi.__file__)+"/cacert.pem"))')
 +
 +cat $newcert_pem >> $pycert
 +</code>
 +
 +(Will note: ''cirtifi'' munged also useful for mitmproxy)