SSL Certificate Authorities

From WebOS Internals
Jump to: navigation, search

The Palm Pre ships with a default list of certificate authorities which are used for verifying that SSL sites are who you think they are. For general use this list of certificates is adequate but for homes or businesses which handle their own SSL certificates the default list of certificate authority certificates may not be adequate.

Palm Recommended Solution

Palm has foreseen the need to import new SSL certificates and has built in a utility to do so. Located the certificate you would like to import to your Pre and send it in an email to yourself. Tap the certificate attachment and a certificate management dialog will pop up which will allow you to trust or not trust the certificate. Ideally after trusting the certificate you should be able to communicate with a server using that certificate or has a certificate signed by that certificate. However, this mechanism does not seem to work appropriately.

You can find a reference article on this on Palm's website.

Linux Solution

Once you have set up your Pre to begin accessing linux, the procedure to add new root certificates is relatively simple.

The list of root certificate authorities is located at:

/etc/ssl/certs/ca-certificates.crt

You should not remove any of the existing entries from the list, but you can append your certificate here. You the entry you will add will resemble something like

subject= /C=US/O=yourcommonname.org/CN=yourcommonname.orig
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJANc6kCH5g7ojMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMDkwNzI0MDE1MjM3WhcNMTAwNzI0MDE1MjM3WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDZtAfL6iZtsVLEbZExBLo9RV73l/P9527lmoxg+QQ8SebAvjzdZMe1kvBef5mM
bOu+Q+XsaH+K8NopWbnuu1/JxLD/A8Dec6NyhiDGqLkZpyggSgeGODu8QDjVQjzS
JVp/10hxlMVdXK8NETLA3jo9NyT51HIluHlodKDm0mfe7wIDAQABo4GnMIGkMB0G
A1UdDgQWBBRMOHuWrDCn6hC4iZCIkCvnoGH0hDB1BgNVHSMEbjBsgBRMOHuWrDCn
6hC4iZCIkCvnoGH0hKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJANc6kCH5
g7ojMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAZy3zLGYXkCpLuQ37
S66hLrD1FocauQOm/AKAnmq/5ebjWx8eqedefB6nazn/Ygv9kNsgjcMrLictFcTg
0jAzKqQI4enfvBxeHcAKxh0jyvXKot5L9yoUH5whCoBtoVAlsxH4+P/NDNhnLris
CljJXmG3t9+jU7BjkXVchhDXkKk=
-----END CERTIFICATE-----

Once you have successfully added your new certificate to the CA list you should reboot your Pre and all of your SSL certificates signed by that certificate authority should be valid.