I'm trying to install a certificate for my internal certificate server on a series of CentOS systems, and I'm finding the documentation on this to be almost non existent.
My end goal is to be able to use git
, curl
, and others against internal secure servers without errors.
On Ubuntu it's simple enough, you throw the certificate in a folder and run a command to generate a series of links to add the CA cert to the certification path.
I can not for the life of me find out how to do this on CentOS.. plenty of information is available on trusting random certificates. (To wit: create a symlink in /etc/pki/tls/certs
to the PEM encoded cert file, named with the hash of the certificate. Didn't work for my CA, since the aforementioned apps still can't verify a certificate signed by the CA).
How do you install a new root CA on a CentOS system?
Best Answer
As of CentOS 6+, there is a tool for this. Per this guide, certificates can be installed first by enabling the system shared CA store:
Then placing the certificates to trust as CA's in
/etc/pki/ca-trust/source/anchors/
for high priority (non-overridable), or/usr/share/pki/ca-trust-source/
(lower priority, overridable), and finally updating the system store with:Et voila, system tools will now trust those certificates when making secure connections!