HOWTO - OS X - how can I use sslcertfile
Justin Abrahms
justin at abrah.ms
Wed Aug 6 17:10:32 BST 2014
Rainer M Krug <Rainer <at> krugs.de> writes:
>
> Hi
>
> I had the problem, that I dad to regularly (sometimes daily) have to
> switch between different cert_fingerprints for gmail.
>
> Now under Linux I was using the sslcacertfile, and it worked perfectly,
> but I did not find a solution for OS X thanks to a question on
> superuser.com [1]:
>
> 1) Install curl-ca-bundle using e.g. homebrew:
> ,----
> | brew install curl-ca-bundle
> `----
>
> 2) Now the certificates are installed, and you can use them by adding
> ,----
> | sslcacertfile = /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt
> `----
> to the .offlineimaprc file in the appropriate repository
>
> You can also use Macports, but then the path will be:
> ,----
> | sslcacertificate = /opt/local/share/curl/curl-ca-bundle.crt
> `----
>
> Hope that this is useful for somebody,
>
> Cheers,
>
> Rainer
>
> Footnotes:
> [1] http://superuser.com/questions/262809/where-do-i-install-certificates-so-that-wget-and-
other-macports-programs-will-fi
>
Thanks, Rainer.
This was helpful. Just to update this for the next person who finds
it.
curl-ca-bundle doesn't exist in homebrew anymore thanks to this PR[0].
To fix that, download the ca-cert bundle from
https://downloads.sourceforge.net/project/machomebrew/mirror/
curl-ca-bundle-1.87.tar.bz2 and copy the ca-bundle.crt file to
/usr/local/etc/openssl/certs/ You'll probably need to run
/usr/local/opt/openssl/bin/c_rehash to make openssl take count of the
new certs.
Also, instead of using sslcacertificate, the new option is
sslcacertfile, so use that in your config.
Cheers,
-justin
[0]: https://github.com/Homebrew/homebrew/pull/28658
More information about the OfflineIMAP-project
mailing list