Install a root certificate in CentOS 6

certificate ssl ssl-certificate centos certificate-authority

Solution 1:

On my RHEL 6 box the man 8 update-ca-trust manual page has a pretty extensive explanation on how the system-wide CA certificates and associated trusts can/should be managed.

More often then not configuration is application specific as the comments above indicate.

Solution 2:

I wrote some command lines so it is more accessible to novice in SSL:

Navigate to the PKI Folder

$ cd /etc/pki/tls/certs/
 

VERIFY (hard) links and Backup certificates

$ cp ca-bundle.crt /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.bak
$ cp ca-bundle.trust.crt /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt.bak
 

Upload CA chain to CentOS

$ scp <cachain> root@sydapp28:/tmp 
 

Connect to CentOS via SSH (Putty?) or local 

$ ssh -C root@sydapp28
 

IF PKCS12 CAChain: “Convert your Internal CA chain certificate to PEM format & remove headers”:

$ cd /tmp ; openssl pkcs12 -nodes -in <cachain.pfx.p12> | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cachain.pem
 

Append your Internal CA to CentOS

$ cat /tmp/cachain.pem >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
$ cat /tmp/cachain.pem >> /etc/pki/ca-trust/extracted/pem/ca-bundle.trust.crt
$ reboot

Related

Do I Need to Replace Keys for OpenSSH in Response to Heartbleed?
Can a PowerShell DSC configuration file be created from a current system build?
Nginx prevent redirect for a single location
What does "Server ****** is not blacklisted" means in curl verbose output? [closed]
nginx - specify different index file name for subdirectory
Is it possible to configure a reverse VPN tunnel?
Filesystem Hierarchy Standard - Where to put sourceable functions?
Ansible Fails to Authenticate Sudo Even When Sudo Pass is Given
Postfix TLS Error
Fixing the IIS tilde vulnerability
Ansible: restart service only if it was running
Server 'unix_http_server' running without any HTTP authentication checking