From c684ba7d9c8e577ef510f816a74fe423863fb367 Mon Sep 17 00:00:00 2001 From: Dirk Date: Fri, 25 Mar 2016 11:52:23 +0100 Subject: [PATCH] - polishing --- etc/README.md | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/etc/README.md b/etc/README.md index 35fd1d9..4df8d95 100644 --- a/etc/README.md +++ b/etc/README.md @@ -5,26 +5,25 @@ The certificate stores were retrieved by * Mozilla; see https://curl.haxx.se/docs/caextract.html * Linux: Just copied from an up-to-date Linux machine -* Microsoft: under Windows >= 7,2008 MS decided not to provide - a full certificate store by default/via update as all other OS do. +* Microsoft: For Windows >= 7/2008 Microsoft decided not to provide + a full certificate store by default or via update as all other OS do. It's being populated with time -- supposed you use e.g. IE while browsing. This store was destilled from three different windows installations via - certmgr.msc and is an export of "Trusted Root Certification Authorities" - --> "Certificates". Third Party Root Certificates were for now deliberately - omitted. Feedback is welcome, see #317. -* Apple.pem : it comes from Apple OS X keychain app - Open Keychain Access. - In the Finder window, under Favorites, click Applications, click Utilities - and then double-click Keychain Access. - In the Keychain Access window, under Keychains, click System and then - under Category, click All Items. - Select now all CA certificate then File, Export Items + "certmgr.msc". It's a PKCS7 export of "Trusted Root Certification Authorities" + --> "Certificates". + Third Party Root Certificates were for now deliberately omitted. + Feedback is welcome, see #317. +* Apple: It comes from Apple OS X keychain app. Open Keychain Access. + In the Finder window, under Favorites --> "Applications" --> "Utilities" + --> "Keychain Access" (2 click). In that window --> "Keychains" --> "System" + --> "Category" --> "All Items" + Select all CA certificates, "File" --> "Export Items" In this directory you can also save e.g. your company Root CA(s) in PEM format, extension ``pem``. This has two catches momentarily: You will still -get a warning for the other certificate storesthough while scanning internal -networks. If you scan other hosts in the internet the check against your -Root CA will fail, too. This will be fixed in the future, see #230. +get a warning for the other certificate stores while scanning internal net- +works. Second catch: If you scan other hosts in the internet the check against +your Root CA will fail, too. This will be fixed in the future, see #230. #### Mapping files The file ``mapping-rfc.txt`` uses the hexcode to map OpenSSL names