How to add Certificate Authority file in CentOS 7

Question

I am trying to add certificate Authority  CA  file name - ca crt to  etc ssl certs  for that I followed this article   I copied my ca crt file  to  etc pki ca-trust source anchors  and run the command below   update-ca-trust extract   After that I checked  etc pki ca-trust extracted openssl ca-bundle trust crt file  but I didn t find my CA   I am not able to figure out what may be the problem   What am I doing wrong and how can I fix it

User · Answer

Your CA file must have been in a binary X.509 format instead of Base64 encoding; it needs to be a regular DER or PEM in order for it to be added successfully to the list of trusted CAs on your server.

To proceed, do place your CA file inside your /usr/share/pki/ca-trust-source/anchors/ directory, then run the command line below (you might need sudo privileges based on your settings);

# CentOS 7, Red Hat 7, Oracle Linux 7
update-ca-trust

Please note that all trust settings available in the /usr/share/pki/ca-trust-source/anchors/ directory are interpreted with a lower priority compared to the ones placed under the /etc/pki/ca-trust/source/anchors/ directory which may be in the extended BEGIN TRUSTED file format.

For Ubuntu and Debian systems, /usr/local/share/ca-certificates/ is the preferred directory for that purpose.

As such, you need to place your CA file within the /usr/local/share/ca-certificates/ directory, then update the of trusted CAs by running, with sudo privileges where required, the command line below;

update-ca-certificates

User · Answer

Maybe late to the party but in my case it was RHEL 6 8   Copy certificate crt issued by hosting to    etc pki ca-trust source anchors    Then   update-ca-trust force-enable  ignore not found warnings  update-ca-trust extract   Hope it helps

User · Answer

Find   pem file and place it to the anchors sub-directory or just simply link the   pem file to there  yum install -y ca-certificates update-ca-trust force-enable sudo ln -s  etc ssl your-cert pem  etc pki ca-trust source anchors your-cert pem update-ca-trust

User · Answer

copy your certificates inside    etc pki ca-trust source anchors    then run the following command  update-ca-trust

User · Answer

QUICK HELP 1  To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system    add it as a new file to directory  etc pki ca-trust source anchors    run update-ca-trust extract   QUICK HELP 2  If your certificate is in the extended BEGIN TRUSTED file format  which may contain distrust blacklist trust flags  or trust flags for usages other than TLS  then    add it as a new file to directory  etc pki ca-trust source  run update-ca-trust extract   More detail infomation see man update-ca-trust

User · Answer

Complete instruction is as follow    Extract Private Key from PFX   openssl pkcs12 -in myfile pfx -nocerts -out private-key pem -nodes   Extract Certificate from PFX   openssl pkcs12 -in myfile pfx -nokeys -out certificate pem   install certificate    yum install -y ca-certificates    cp your-cert pem  etc pki ca-trust source anchors your-cert pem    update-ca-trust    update-ca-trust force-enable   Hope to be useful

[ssl-certificate] How to add Certificate Authority file in CentOS 7

Examples related to ssl-certificate

Examples related to ca