how to update ca-bundle.crt with local company-root.crt
You need to add the certificate in PEM format to /etc/pki/ca-trust/source/anchors/
then run
# sudo update-ca-trust
This will import the certificate into the Redhat trust store. You might also need to enable the trust store before running the above with the command:
# update-ca-trust enable
To convert the key to PEM format check out this link: How to convert SSL/TLS certificate from .crt to .pem format
Further information from Redhat on adding the key to the truststore, this doesn't talk about converting to PEM format but it all depends on the original format of your CRT.
How to install a CA certificate on Red Hat Enterprise Linux 6 and later
Related videos on Youtube
Tim
I love to program! I like hiking and outdoor activities. I am currently a Software Engineer and I really enjoy What I do.
Updated on September 18, 2022Comments
-
Tim over 1 year
I am on RHEL 6.9
When I run the command
sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
I get the following message
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. error: https://packages.microsoft.com/keys/microsoft.asc: import read failed(2).
I have tried to use
-k
and--insecure
both fail with something like--inecure: unknown option
I am behind a company firewall intercepts all TLS/SSL certs and replaces it with it's own.
Question: how do I get around this problem?
- I have a company
rootCert.crt
on my desktop is there a way to make this the default system cert? Would it fix the problem?
- I have a company
-
Tim almost 6 yearsright now the cert is in .crt format. Could you add an explanation on how to convert it? Thanks!
-
Tim Brandrick almost 6 yearstry the redhat process first on this page access.redhat.com/solutions/1519813
-
Tim almost 6 yearsJust a quick note: I had to use
update-ca-trust force-enable
to get this to work... Also, I cannot access the redhat links because I do not have an account...(I found the conversion on stackexchange) ☺ Thanks again!