Where's the ca cert bundle on OSX?
I'm debugging some curl ssl configuration stuff and was wondering where the ca cert bundle is installed on OSX.
I'm pretty sure there isn't one.
Install curl via MacPorts to get one.
You can probably use Fink or Homebrew as alternatives to MacPorts if you prefer.
Mac OS X's own Security Framework, used by Cocoa apps and the like, uses the Mac OS X Keychain-format files in...
/System/Library/Keychains/
/Library/Keychains/
~/Library/Keychains/
...to find trusted CA certs. I doubt Mac OS X's built-in curl
has been modified to use those Keychain files though, so I'm not sure why Apple doesn't ship a CA cert bundle for curl
.
I have a good usable one at /usr/local/etc/openssl/cert.pem
; I believe that got installed via Homebrew's openssl package. This isn't necessarily useful if you need to verify how other parts of the system work, but if you're doing some debugging that requires specifying a singular PEM file to use for verifying a certificate.
See also the answers to this Stack Overflow question for additional ways to get a PEM to use in this way.