=========================================================================== $NetBSD: MESSAGE,v 1.3 2011/06/10 16:23:45 drochner Exp $ Execute these commands to extract and rehash all CA root certificates distributed by the Mozilla Project, so that they can be used by third party applications using OpenSSL: # cd /etc/openssl/certs # Default SSLCERTS path for NetBSD # mozilla-rootcerts extract # mozilla-rootcerts rehash To create a single file certificate bundle in PEM format which can be used by applications using GnuTLS, do the following: # mkdir -p /etc/ssl/certs # cd /etc/ssl/certs # cat ../../openssl/certs/*.pem >ca-certificates.crt To mark these certificates as trusted for users of gnupg2, do the following (assuming default PKG_SYSCONFBASE and a Bourne shell): # mkdir /usr/pkg/etc/gnupg # cd /usr/pkg/etc/gnupg # for c in /etc/openssl/certs/*.pem; do > openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|' > done > trustlist.txt ===========================================================================