For some reason the OpenWRT repo does not seem to provide a single
tls-cert-bundle file but rather rather a collection of single root
certificates from different providers located in /etc/ssl/certs.
Does Unbound require a single bundle file or can it utilize those single
root certificates by just providing tls-cert-bundle: /etc/ssl/certs?
Hi,
No, it wants them in one file. I think you can create the file easily
with cat /etc/ssl/certs/* > cert-bundle.pem
Thank you! That worked and sorted the matter.
Or you can simple add shell script in cron, which will update CA bundle
from Mozilla.
08.06.2018 13:58, ѽ҉ᶬḳ℠ via Unbound-users пишет:
update_ca.sh (2.18 KB)
Or you can simple add shell script in cron, which will update CA bundle
from Mozilla.
Indeed, that seems more elegant and keeps the bundle fresh.
08.06.2018 15:14, ѽ҉ᶬḳ℠ via Unbound-users пишет:
Or you can simple add shell script in cron, which will update CA bundle
from Mozilla.Indeed, that seems more elegant and keeps the bundle fresh.
Yessssss, exactly. CA bundle(s) relatively often updates, so keep it
calm and bwaaaaaaah 
Yessssss, exactly. CA bundle(s) relatively often updates, so keep it
calm and bwaaaaaaah
Just bi-monthly ought to be ok I reckon. Mozilla seems to be aware of
some folks curling it by the hour
08.06.2018 15:30, ѽ҉ᶬḳ℠ via Unbound-users пишет:
Yessssss, exactly. CA bundle(s) relatively often updates, so keep it
calm and bwaaaaaaahJust bi-monthly ought to be ok I reckon. Mozilla seems to be aware of
some folks curling it by the hour
Sure. I'm do check no more than once per week. It seems enough.