Is it possible to install a custom ca certificate on Debian without installing the ca-certificate
package?
I tend to run my servers beyond the lifespan of each release, and I always seem to have problems after a few years. Simple problems, like cURL not being able to verify the legitimacy of the server, PHP's openssl.cafile
and curl.cainfo
, etc. Nothing devastating, but annoying.
I'm installing Buster now and want to avoid any problems from the start this time.
Ideally I'd like to download cacert.pem from curl.se (Mozilla source), put it in a directory, then tell the OS and any software that asks for it to use it. That way, when it expires I can just re-download the latest from curl.se or the Mozilla source.