[Psi-devel] CA Certificates with QCA2
justin-psi2 at affinix.com
Fri Mar 17 16:52:57 PST 2006
On Friday 17 March 2006 16:12, Richard Houser wrote:
> Previously, to add a custom CA cert, all I needed was to craft an xml
> file with the data and drop it next to the rootcert xml file. My
> understanding was that QCA2 centralizes this functionality to a system
Right. Psi no longer ships root certs. Instead, it queries QCA for them.
QCA can use the root certs of the operating system. QCA can also be
configured to use its own bundled root certs if your operating system doesn't
> The Qt4 builds recognize this xml, but I see "Loading certificate in
> obsolete XML format" which indicates to me I am not doing this in the
> proper way. I had already tried to just drop a PEM file in the qca cert
> directory with no luck.
There is only a certs directory if you are using the bundled root certs, and
in this case only a single file is used: "rootcerts.pem". You can't drop
extra files next to it, you can only append PEM data into this one file.
I believe Psi itself can still use extra certs if you put XML or PEM files
in /usr/share/psi/certs. Use PEM to avoid that warning.
Where you decide to put your cert depends on if you want it to be just for Psi
or system-wide (although if you're using QCA bundled certs then this is
More information about the psi-devel