PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-27 18:09:01 +00:00
Code Issues Projects Releases Wiki Activity
Files
e296cdea2a70ba1bb1663e4656dfe15d9c68e4d2
nmap/ncat/certs/README
david ed2ba4e168 Copy nping, nsock, nbase, zenmap, ncat from their homes in /. 
If you have trouble updating after this revision you need to follow
these instructions. You have probably just seen an error like this:

svn: URL 'svn://svn.insecure.org/nping' of existing directory 'nping'
does not match expected URL 'svn://svn.insecure.org/nmap/nping'

This is caused by the replacement of SVN externals.

Here's what you need to do. First, save any local changes you might have
in the nping, nsock, nbase, ncat, and zenmap directories. (For example
by running "cd nping; svn diff > ../nping.diff".) If you don't have any
local changes you can skip this step.

Then run these commands:

rm -rf nping/ nsock/ nbase/ ncat/ zenmap/
svn update
svn cleanup

If all else fails, you can just delete your whole working directory and
check out anew:

svn co --username guest --password "" svn://svn.insecure.org/nmap

There may be further discussion in the mailing list thread at
http://seclists.org/nmap-dev/2011/q4/303.
2011-11-16 21:49:44 +00:00

48 lines
2.2 KiB
Plaintext
Raw Blame History

The file ca-bundle.crt contains certificates extracted from Microsoft
Windows. These are installed and used as the default trusted root
certificates when SSL certificate verification is requested with
--ssl-verify. On some platforms (some Unixes), these certificates are
used in addition to any certificates installed by the operating system.
Microsoft's bundle was preferred over Mozilla's because Microsoft may be
more selective in the organizations it trusts. When this bundle was
created, Microsoft's store had 107 certificates while Mozilla's had 126.
See below for how to use an alternative trust store.
== How to extract the trusted root CA certificates on Windows
These instructions require the openssl command-line utility.
On Windows XP, run the rootsupd.exe tool to downoad the full list of
trusted certificates. Otherwise there is only a partial list
(certificates are downloaded on demand).
http://support.microsoft.com/kb/931125
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe
Press "Start", then "Run...". Type "certmgr.msc" and press Enter. Open
the folder "Trusted Root Certification Authorities" and its subfolder
"Certificates". Click on "Expiration Date" to sort. Select the first
certificate that is not expired, then press Shift+down arrow until all
the non-expired certificates are selected. Right-click on the list of
certificates, and in the context menu, select "All Tasks", then
"Export...". Export to the file ca-bundle.p7b.
In a Cygwin shell, enter the directory containing ca-bundle.p7b and run
the command
openssl pkcs7 -in ca-bundle.p7b -inform der -print_certs -out ca-bundle.crt
That will create a file ca-bundle.crt containing all the certificates,
each preceded by its subject and issuer.
== Alternative sources for a certificate bundle
Another commonly used trust store is the one provided by Mozilla. The
cURL package includes a script that automatically creates a suitable PEM
file from a file in Mozilla's source repository. They also provide
ready-made PEM files to download. See http://curl.haxx.se/docs/caextract.html.
Here is how to download Mozilla's trust store:
$ wget https://raw.github.com/bagder/curl/master/lib/mk-ca-bundle.pl
$ perl mk-ca-bundle.pl
Reference in New Issue View Git Blame Copy Permalink