[Psi-devel] CA Certificates with QCA2

[Justin Karneges]

On Friday 17 March 2006 16:12, Richard Houser wrote:
> Previously, to add a custom CA cert, all I needed was to craft an xml
> file with the data and drop it next to the rootcert xml file.  My
> understanding was that QCA2 centralizes this functionality to a system
> level.

Right.  Psi no longer ships root certs.  Instead, it queries QCA for them.  
QCA can use the root certs of the operating system.  QCA can also be 
configured to use its own bundled root certs if your operating system doesn't 
have them.

> The Qt4 builds recognize this xml, but I see "Loading certificate in
> obsolete XML format" which indicates to me I am not doing this in the
> proper way.  I had already tried to just drop a PEM file in the qca cert
> directory with no luck.

There is only a certs directory if you are using the bundled root certs, and 
in this case only a single file is used: "rootcerts.pem".  You can't drop 
extra files next to it, you can only append PEM data into this one file.

I believe Psi itself can still use extra certs if you put XML or PEM files 
in /usr/share/psi/certs.  Use PEM to avoid that warning.

Where you decide to put your cert depends on if you want it to be just for Psi 
or system-wide (although if you're using QCA bundled certs then this is 
hardly system-wide).

-Justin