发表新帖
发表新帖

How to add Certificate Authority file in CentOS 7

前端 未结
关注
6 1274
天命终不由人
天命终不由人 2020-12-07 20:13

I am trying to add certificate Authority (CA) file name - ca.crt to /etc/ssl/certs, for that I followed this article.

I copied my ca.

相关标签:
6条回答
  • 时光取名叫无心
    2020-12-07 20:43

    Maybe late to the party but in my case it was RHEL 6.8:

    Copy certificate.crt issued by hosting to:

    /etc/pki/ca-trust/source/anchors/

    Then:

    update-ca-trust force-enable (ignore not found warnings)
update-ca-trust extract

    Hope it helps

    0 讨论(0)
  • 深忆病人
    2020-12-07 20:45

    copy your certificates inside 

    /etc/pki/ca-trust/source/anchors/

    then run the following command

    update-ca-trust
    0 讨论(0)
  • 长发绾君心
    2020-12-07 20:45

    Find *.pem file and place it to the anchors sub-directory or just simply link the *.pem file to there.

    yum install -y ca-certificates
update-ca-trust force-enable
sudo ln -s /etc/ssl/your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem
update-ca-trust
    0 讨论(0)
  • 别跟我提以往
    2020-12-07 20:45

    Complete instruction is as follow:

    1. Extract Private Key from PFX

    openssl pkcs12 -in myfile.pfx -nocerts -out private-key.pem -nodes

    1. Extract Certificate from PFX

    openssl pkcs12 -in myfile.pfx -nokeys -out certificate.pem

    1. install certificate

    yum install -y ca-certificates,

    cp your-cert.pem /etc/pki/ca-trust/source/anchors/your-cert.pem ,

    update-ca-trust ,

    update-ca-trust force-enable

    Hope to be useful

    0 讨论(0)
  • 长发绾君心
    2020-12-07 20:48

    QUICK HELP 1: To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system:

    • add it as a new file to directory /etc/pki/ca-trust/source/anchors/

    • run update-ca-trust extract

    QUICK HELP 2: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:

    • add it as a new file to directory /etc/pki/ca-trust/source/
    • run update-ca-trust extract

    More detail infomation see man update-ca-trust

    0 讨论(0)
  • 囚心锁ツ
    2020-12-07 20:49

    Your CA file must have been in a binary X.509 format instead of Base64 encoding; it needs to be a regular DER or PEM in order for it to be added successfully to the list of trusted CAs on your server.

    To proceed, do place your CA file inside your /usr/share/pki/ca-trust-source/anchors/ directory, then run the command line below (you might need sudo privileges based on your settings);

    # CentOS 7, Red Hat 7, Oracle Linux 7
update-ca-trust

    Please note that all trust settings available in the /usr/share/pki/ca-trust-source/anchors/ directory are interpreted with a lower priority compared to the ones placed under the /etc/pki/ca-trust/source/anchors/ directory which may be in the extended BEGIN TRUSTED file format.

    For Ubuntu and Debian systems, /usr/local/share/ca-certificates/ is the preferred directory for that purpose.

    As such, you need to place your CA file within the /usr/local/share/ca-certificates/ directory, then update the of trusted CAs by running, with sudo privileges where required, the command line below;

    update-ca-certificates
    0 讨论(0)
 看不清?
提交回复
热议问题