Instructions for testing the Features/SharedSystemCertificates feature of Fedora 19.
Commands used for testing system behaviour
In order to test the feature, we will modify the system, and it will change how tools behave.
Preparation
Install the required tools
yum install gnutls-utils nss-tools openssl firefox epiphany
Download a file that we'll use later:
cd /tmp/ wget http://kuix.de/fedora/p11-kit-f19/ca.pem
Test commands
This section lists the commands that we will use to see the current system behaviour, and that we will re-run times whenever we modify the system configuration.
Testing with OpenSSL command line tool:
openssl s_client -verify 5 -connect kuix.de:9431 openssl s_client -verify 5 -connect kuix.de:9430
Testing with GnuTLS command line tool:
gnutls-cli -p 9431 kuix.de gnutls-cli -p 9430 kuix.de
Testing with Epiphany (uses GnuTLS), open:
https://kuix.de:9431 https://kuix.de:9430
Testing with Firefox (uses NSS), open:
https://kuix.de:9431 https://kuix.de:9430
Adding a CA
Status: Ready to be tested
Test that adding a new root CA certificate works.
Test that blacklisted CAs work
Status: Only works in applications based on NSS.
Removing an added CA
Status: Ready to be tested
Advanced testing
Overriding trust of one of the built-in CAs
Status: Cannot test yet. Priorities not yet implemented
... get the pem ... use openssl -addreject ... add to source directory ...