# Location of X509 certificates on a 12.2 system



## scotia (Nov 16, 2020)

Hi all,

After a recent upgrade to 12.2 I notice there's certs in /usr/share/certs/{blacklisted,trusted} and symlinks in
* /usr/local/share/certs/
* /etc/ssl/
Could someone please kindly describe what an ideal/pristine directory structure looks like?  Including which dirs contain certs and which contain symlinks, etc.
For some reason my /usr/local/share/certs/ directory contains symlinks to non-existent files.  For example:
ee64a828.0@ -> ../../../usr/share/certs/trusted/Comodo_AAA_Services_root.pem
It needs another ../.  I'm not sure when those symlinks were created.  I don't recall doing so.
Thanks


----------



## ShelLuser (Nov 16, 2020)

/usr/local/* has, _per definition_, nothing to do with the base system. Whatever happens there is based on the ports you've installed. If you have broken symlinks then I'd suggest you check which packages installed those. On my system the only file in /usr/local/share/certs is ca-root-nss.crt which is courtesy of security/ca_root_nss.

Alas...  /usr/share/certs only contain full certificates on my system, /etc/ssl contains links.


----------



## richardtoohey2 (Nov 16, 2020)

I did notice on one machine (during upgrade to 12.2) there was a message about it (freebsd-update) was not handling some local files, and for one of the files the format was like you've mentioned - the "odd" (to me!) file.  I meant to come back and see what it was about but never did.  Will have to see if I can find the machine it was on ...

Sorry for a not very useful report, but there was _something_ along the lines of what you've said.

Do you use base or ports OpenSSL (I use the ports version)?  Would that make a difference?

I've also got a /usr/local/etc/ssl


----------



## richardtoohey2 (Nov 16, 2020)

Are you sure it needs another ../ added?


```
root@dev:/etc/ssl/certs # ls -l ee64a828.0
lrwxr-xr-x  1 root  wheel  61 Oct 28 15:42 ee64a828.0 -> ../../../usr/share/certs/trusted/Comodo_AAA_Services_root.pem
root@dev:/etc/ssl/certs # ls -l ../../../usr/share/certs/trusted/Comodo_AAA_Services_root.pem
-r--r--r--  1 root  wheel  5281 Oct 28 15:47 ../../../usr/share/certs/trusted/Comodo_AAA_Services_root.pem
root@dev:/etc/ssl/certs # cd /tmp/
root@dev:/tmp # ls -l /etc/ssl/certs/ee64a828.0
lrwxr-xr-x  1 root  wheel  61 Oct 28 15:42 /etc/ssl/certs/ee64a828.0 -> ../../../usr/share/certs/trusted/Comodo_AAA_Services_root.pem
root@dev:/tmp # md5 /etc/ssl/certs/ee64a828.0
MD5 (/etc/ssl/certs/ee64a828.0) = 3ea008567b243cad036d9400ea960de7
root@dev:/tmp # md5 /usr/share/certs/trusted/Comodo_AAA_Services_root.pem
MD5 (/usr/share/certs/trusted/Comodo_AAA_Services_root.pem) = 3ea008567b243cad036d9400ea960de7
```
BUT you were talking about files in /usr/local/share/certs, and all I have is this:


```
root@dev:/tmp # cd /usr/local/share/certs/
root@dev:/usr/local/share/certs # ls
ca-root-nss.crt
```


----------

