diff options
| author | Pjotr Prins | 2024-06-24 02:25:38 -0500 |
|---|---|---|
| committer | Pjotr Prins | 2024-06-24 02:25:38 -0500 |
| commit | 08e471f2ce4cc31adc3f0e632a850c5c693c7633 (patch) | |
| tree | 1198527e3f38e043a2a5be950e84ab09564be37b | |
| parent | a3b44bb28ee2ef5895a4c379ed2cc53d4dd1e459 (diff) | |
| download | gn-gemtext-08e471f2ce4cc31adc3f0e632a850c5c693c7633.tar.gz | |
VPN: more on certificates
| -rw-r--r-- | topics/deploy/uthsc-vpn-with-free-software.gmi | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/topics/deploy/uthsc-vpn-with-free-software.gmi b/topics/deploy/uthsc-vpn-with-free-software.gmi index 914abbc..344772c 100644 --- a/topics/deploy/uthsc-vpn-with-free-software.gmi +++ b/topics/deploy/uthsc-vpn-with-free-software.gmi @@ -69,10 +69,23 @@ When the certificate expires you can download the new one with: * Move it to /usr/local/share/ca-certificates (with .crt extension) or equivalent * On Debian/Ubuntu update the certificate store with update-ca-certificates +You should see + +``` +Updating certificates in /etc/ssl/certs... +1 added, 0 removed; done. +``` + Thanks Niklas. See also => https://superuser.com/a/719047/914881 +On GUIX you may need to point to the updated certificates file with: + +``` +env REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt openconnect-sso --server uthscvpn1.uthsc.edu --authgroup UTHSC +``` + ## Acknowledgement Many thanks to Pjotr Prins and Erik Garrison without whose earlier work this guide would not be possible. |