Custom SSL Certificate with fossa-cli
Point the CLI at custom root certificate stores for TLS in locked-down networks.
Custom SSL Certificate with fossa-cli
fossa-cli uses the path provided in the following environment variable to infer root certificate store:
SSL_CERT_FILESSL_CERT_DIRSYSTEM_CERTIFICATE_PATH(only for linux)
If none of these environment variables are provided, fossa-cli uses a system store to retrieve signed certificates.
Linux
fossa-cli looks for certificate store in the following paths:
/etc/ssl/certs//system/etc/security/cacerts//usr/local/share/certs//etc/ssl/cert.pem
macOS
fossa-cli creates a certificate store by finding all signed certificates.
We use following command to retrieve all signed certificates: security find-certificate -pa /System/Library/Keychains/SystemRootCertificates.keychain /Library/Keychains/System.keychain
Windows
fossa-cli retrieves certificates store by performing,
From which, CertEnumCertificatesInStore perform until exhaustion to retrieve all signed certificates.
Recommendations
We recommended that you leverage the operating system's certificate store instead of using environment variables.
Examples
In Windows:
$Env:SSL_CERT_FILE = "\path\to\rootCa"
fossa analyzeIn Linux:
SSL_CERT_FILE=path/to/rootCa fossa analyzeIn Osx:
SSL_CERT_FILE=path/to/rootCa fossa analyze