Location of ca-certificate-bundle file?

TOS 3.10
ca-certificates 20170717


Where is the ca-certificate-bundle file located? I would have expected ca-bundle.crt in /etc/ssl/certs/ but there it is not. And could not trace it elsewhere either.

Hello,
I think you’re looking for output from this command:

root@turris:~# opkg files ca-certificates

That is just listing the files from /etc/ssl/certs/ and there is no ca-certificate-bundle but a bunch of single certificates. For TLS validation however ca-certificate-bundle is required and common in any linux disto, usually /etc/ssl/certs/ca-certificates.crt or /etc/ssl/certs/ca-bundle.crt

the ca-certificate-bundle can be created from those single certificates with cat /etc/ssl/certs/* > /etc/ssl/certs/cert-bundle.pem

Wish this could be somehow implemented with the TO repo, in general or the unbound package in particular.

In order to utilize the TLS certificate verfication in unbound DNS-over-TLS such comprehensive ca-certificate-bundle file is required in the unbound server directive tls-cert-bundle:


perhaps a better alternative though is a cron job to curl frequently the ca-certificate-bundle from Mozilla