Instructions for testing the Features/SharedSystemCertificates feature of Fedora 19.

Commands used for testing system behaviour

In order to test the feature, we will modify the system, and it will change how tools behave.

Preparation

Install the required tools

yum install gnutls-utils nss-tools openssl firefox epiphany

Download a file that we'll use later:

cd /tmp/
wget http://kuix.de/fedora/p11-kit-f19/ca.pem

Test commands

This section lists the commands that we will use to see the current system behaviour, and that we will re-run times whenever we modify the system configuration.

Testing with OpenSSL command line tool:

openssl s_client -verify 5 -connect kuix.de:9431
openssl s_client -verify 5 -connect kuix.de:9430

Testing with GnuTLS command line tool:

gnutls-cli -p 9431 kuix.de
gnutls-cli -p 9430 kuix.de

Testing with Epiphany (uses GnuTLS), open:

https://kuix.de:9431
https://kuix.de:9430

Testing with Firefox (uses NSS), open:

https://kuix.de:9431
https://kuix.de:9430

Adding a CA

Status: Ready to be tested

Test that adding a new root CA certificate works.

Test that blacklisted CAs work

Status: Only works in applications based on NSS.

Removing an added CA

Status: Ready to be tested

Advanced testing

Overriding trust of one of the built-in CAs

Status: Cannot test yet. Priorities not yet implemented

... get the pem ... use openssl -addreject ... add to source directory ...