How to add Certificate Authority file in CentOS 7

Question

I am trying to add certificate Authority  CA  file name - ca crt to  etc ssl certs  for that I followed this article   I copied my ca crt file  to  etc pki ca-trust source anchors  and run the command below   update-ca-trust extract   After that I checked  etc pki ca-trust extracted openssl ca-bundle trust crt file  but I didn t find my CA   I am not able to figure out what may be the problem   What am I doing wrong and how can I fix it

User · Answer

Find   pem file and place it to the anchors sub-directory or just simply link the   pem file to there  yum install -y ca-certificates update-ca-trust force-enable sudo ln -s  etc ssl your-cert pem  etc pki ca-trust source anchors your-cert pem update-ca-trust

User · Answer

copy your certificates inside    etc pki ca-trust source anchors    then run the following command  update-ca-trust

User · Answer

Complete instruction is as follow    Extract Private Key from PFX   openssl pkcs12 -in myfile pfx -nocerts -out private-key pem -nodes   Extract Certificate from PFX   openssl pkcs12 -in myfile pfx -nokeys -out certificate pem   install certificate    yum install -y ca-certificates    cp your-cert pem  etc pki ca-trust source anchors your-cert pem    update-ca-trust    update-ca-trust force-enable   Hope to be useful

User · Answer

Your CA file must have been in a binary X 509 format instead of Base64 encoding  it needs to be a regular DER or PEM in order for it to be added successfully to the list of trusted CAs on your server   To proceed  do place your CA file inside your  usr share pki ca-trust-source anchors  directory  then run the command line below  you might need sudo privileges based on your settings      CentOS 7  Red Hat 7  Oracle Linux 7 update-ca-trust   Please note that all trust settings available in the  usr share pki ca-trust-source anchors  directory are interpreted with a lower priority compared to the ones placed under the  etc pki ca-trust source anchors  directory which may be in the extended BEGIN TRUSTED file format   For Ubuntu and Debian systems   usr local share ca-certificates  is the preferred directory for that purpose   As such  you need to place your CA file within the  usr local share ca-certificates  directory  then update the of trusted CAs by running  with sudo privileges where required  the command line below   update-ca-certificates

User · Answer

QUICK HELP 1  To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system    add it as a new file to directory  etc pki ca-trust source anchors    run update-ca-trust extract   QUICK HELP 2  If your certificate is in the extended BEGIN TRUSTED file format  which may contain distrust blacklist trust flags  or trust flags for usages other than TLS  then    add it as a new file to directory  etc pki ca-trust source  run update-ca-trust extract   More detail infomation see man update-ca-trust

User · Answer

Maybe late to the party but in my case it was RHEL 6 8   Copy certificate crt issued by hosting to    etc pki ca-trust source anchors    Then   update-ca-trust force-enable  ignore not found warnings  update-ca-trust extract   Hope it helps

[ssl-certificate] How to add Certificate Authority file in CentOS 7

Examples related to ssl-certificate

Examples related to ca