Note that you can also distrust a certificate by placing it in the directory /etc/pki/ca-trust/source/blacklist/. A benefit of this system is that it works for NSS and GnuTLS-based applications as well as OpenSSL-based ones. In RHEL 6 with the update and any newer RHEL, the 'shared system certificates' system is available (you must run update-ca-trust enable to enable it) and the best method is that given by lzap. In RHEL 5 and earlier it is part of the 'openssl' package. In RHEL 6 and newer, the bundle is part of the 'ca-certificates' package. RHEL 6's certificates were updated twice in 2013 and twice in 2014.Īll RHEL and related / clone / derived distros provide a bundle file at /etc/pki/tls/certs/ca-bundle.crt, and the same file at /etc/pki/tls/cert.pem (on older distros cert.pem is a symlink to ca-bundle.crt on newer distros both are symlinks to a file output by update-ca-trust). Since Dan Pritts' comment, Red Hat has been updating the certificate bundles for supported RHEL releases more often you can see this quite easily in the package changelog. This is safe to do, you don't need to do any backups. Therefore, you only need to drop your crt file to the /etc/pki/ca-trust/source/anchors/ and to run the tool. Please refer to the update-ca-trust(8) manual page for additional information Then place it into the main source/ directory instead. If your certificate is in the extended BEGIN TRUSTED file format, QUICK HELP: To add a certificate in the simple PEM or DER file formats to the Interpreted with a high priority - higher than the ones found in This directory /etc/pki/ca-trust/source/ contains CA certificates and
The recommended way of doing that on RHEL 6+ systems is to use update-ca-trust tool, which is now installed by default.
0 kommentar(er)
