I'm trying to install a certificate for my internal certificate server on a series of CentOS systems, and I'm finding the documentation on this to be almost non existent.
My end goal is to be able to use git, curl, and others against internal secure servers without errors.
On Ubuntu it's simple enough, you throw the certificate in a folder and run a command to generate a series of links to add the CA cert to the certification path.
I can not for the life of me find out how to do this on CentOS.. plenty of information is available on trusting random certificates. (To wit: create a symlink in /etc/pki/tls/certs to the PEM encoded cert file, named with the hash of the certificate. Didn't work for my CA, since the aforementioned apps still can't verify a certificate signed by the CA).
How do you install a new root CA on a CentOS system?
Best Answer
As of CentOS 6+, there is a tool for this. Per this guide, certificates can be installed first by enabling the system shared CA store:
Then placing the certificates to trust as CA's in
/etc/pki/ca-trust/source/anchors/for high priority (non-overridable), or/usr/share/pki/ca-trust-source/(lower priority, overridable), and finally updating the system store with:Et voila, system tools will now trust those certificates when making secure connections!