I m trying to install a root certificate in my cent OS box. I did the following
-
Enable the dynamic CA configuration feature:
update-ca-trust force-enable -
Add it as a new file to /etc/pki/ca-trust/source/anchors/ cp foo.crt /etc/pki/ca-trust/source/anchors/
-
Use command: update-ca-trust extract
Then I m running below command to verify the certificate.
openssl s_client -connect my_AD_server_IP:636 -CApath /etc/ssl/certs
Bur getting below error(This is part of the error)
Verify return code: 20 (unable to get local issuer certificate)
Best Answer
Did you confirm that your cert made it into the /etc/pki/tls/certs/ca-bundle.crt file?
The certs are transformed before they make it into that file, so you can't just look for a string that matches your cert.
Here's a quick awk script to dump the subject fields from each cert in that certificate file so you can look for yours:
(I found that awk script here)