Add CA certificates to OpenSSL chain

Clemens Lang cal at
Mon Mar 29 18:16:23 UTC 2021


On Mon, Mar 29, 2021 at 09:54:20AM -0600, Gregory Anders wrote:
> Does MacPorts provide a mechanism for adding certificates to the MP
> version of OpenSSL?


> My system keychain contains some certificates used by my work proxy,
> which are (obviously) not in the default CA bundle installed by
> MacPorts. Right now, while I'm connected to my work proxy I cannot
> connect to anything since the CA is not present in the bundle. I
> realize I can just append my CA certificate onto
> /opt/local/share/curl/curl-ca-bundle.crt, but I'm wondering if there's
> a more "official" or "robust" way.

Install the certsync port instead of curl-ca-bundle. That will generate
/opt/local/share/curl/curl-ca-bundle.crt as an export from your system
trust store, and automatically export your workplace root CAs.

Note that you'll have to force-uninstall curl-ca-bundle since many ports
will depend on it. Having certsync installed is a drop-in replacement,
though, and any future installations will have the curl-ca-bundle
dependency fulfilled by certsync instead.


More information about the macports-users mailing list