linux root certificates - ghdrako/doc_snipets GitHub Wiki

To install a certificate in the trust store it must be in PEM form. A PEM-formatted certificate is human-readable in base64 format, and starts with the lines ----BEGIN CERTIFICATE----.

Note: It is important to have the .crt extension on the file, otherwise it will not be processed.

import the certificate in debian and ubuntu

$ sudo apt-get install -y ca-certificates
$ sudo cp local-ca.crt /usr/local/share/ca-certificates
$ sudo update-ca-certificates

import certificate on CentOS, Fedora, or RedHat

yum install ca-certificates
update-ca-trust force-enable # Enable the dynamic CA configuration feature
sudo cp /tmp/ca.crt /etc/pki/ca-trust/source/anchors/ 
sudo update-ca-trust 
sudo update-ca-trust extract

The CA trust store location

The CA trust store as generated by update-ca-certificates is available at the following locations:

• As a single file (PEM bundle) in /etc/ssl/certs/ca-certificates.crt
• As an OpenSSL compatible certificate directory in /etc/ssl/certs