Topic: Long-term updating of ca-certificates

The content of this topic has been archived on 21 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

macb

22 Jan 2018, 23:29

My employer is developing an OpenWRT device that's an HTTPS client. Naturally, we install ca-certificates. Which works great together with our HTTPS client code (libcurl).

However, thinking long-term, over the years certificate authorities come and go. So it seems like our device should also periodically update its ca-certificates.

I'm curious how have others solved this issue. Perhaps a cron job that periodically updates ca-certificates via opkg?

Or am I missing something, and updating ca-certificates isn't really necessary?

Thanks!

Post #2

nozombian

23 Jan 2018, 16:51

Nothing works forever, but I'd suggest to check curl pages (using cron), see https://curl.haxx.se/docs/caextract.html, there's direct link to cert file.

Post #3

macb

23 Jan 2018, 20:52

Thanks, I'll try updating just that file. If that works, I suppose I don't even need ca-certificates installed.

Post #4

macb

24 Jan 2018, 01:34

It worked! Thanks nozombian

The discussion might have continued from here.

Page 1 of 1