-
Notifications
You must be signed in to change notification settings - Fork 0
*. SSL certification file
` This directory /etc/pki/ca-trust/source/ contains CA certificates and trust settings in the PEM file format. The trust settings found here will be interpreted with a high priority - higher than the ones found in /usr/share/pki/ca-trust-source/.
============================================================================= QUICK HELP: To add a certificate in the simple PEM or DER file formats to the list of CAs trusted on the system:
Copy it to the
/etc/pki/ca-trust/source/anchors/
subdirectory, and run the
update-ca-trust
command.
If your certificate is in the extended BEGIN TRUSTED file format,
then place it into the main source/ directory instead.
=============================================================================
Please refer to the update-ca-trust(8) manual page for additional information. `
- create cdrt file
cat > /etc/pki/ca-trust/source/anchors/HQSSL-cdr-base64.cert -----BEGIN CERTIFICATE----- MIID+zCCAuOgAwIBAgIJANqReN1JmICnMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD VQQGEwJLUjETMBEGA1UECAwKZ2FuZ25hbS1ndTEOMAwGA1UEBwwFc2V1b2wxEjAQ 중략 SkO8SwfwiRWcW04Jp06kScAXDsL5bjl59B7Sr9oE6HgHB43bACMdRnqG3AbZ768p 4SkzTJheAGgOwLdl5Iyw -----END CERTIFICATE-----
-
update-ca-trust
-
grep "4SkzTJheAGgOwLdl5Iyw" /etc/pki/ca-trust/extracted//
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:4SkzTJheAGgOwLdl5IywMAcMBUhRU1NM /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:4SkzTJheAGgOwLdl5Iyw /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:4SkzTJheAGgOwLdl5Iyw /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:4SkzTJheAGgOwLdl5Iyw