installRoot installs this CA's root certificate into the local trust store(s) if it is not already trusted. The CA must already be provisioned.
()
| 434 | // local trust store(s) if it is not already trusted. The CA |
| 435 | // must already be provisioned. |
| 436 | func (ca CA) installRoot() error { |
| 437 | // avoid password prompt if already trusted |
| 438 | if trusted(ca.root) { |
| 439 | ca.log.Info("root certificate is already trusted by system", |
| 440 | zap.String("path", ca.rootCertPath)) |
| 441 | return nil |
| 442 | } |
| 443 | |
| 444 | ca.log.Warn("installing root certificate (you might be prompted for password)", |
| 445 | zap.String("path", ca.rootCertPath)) |
| 446 | |
| 447 | return truststore.Install(ca.root, |
| 448 | truststore.WithDebug(), |
| 449 | truststore.WithFirefox(), |
| 450 | truststore.WithJava(), |
| 451 | ) |
| 452 | } |
| 453 | |
| 454 | // AuthorityConfig is used to help a CA configure |
| 455 | // the underlying signing authority. |