how to update ca-bundle.crt with local company-root.crt

rhel rpm curl ssl certificates
8,047

You need to add the certificate in PEM format to /etc/pki/ca-trust/source/anchors/ then run

# sudo update-ca-trust

This will import the certificate into the Redhat trust store. You might also need to enable the trust store before running the above with the command:

# update-ca-trust enable

To convert the key to PEM format check out this link: How to convert SSL/TLS certificate from .crt to .pem format

Further information from Redhat on adding the key to the truststore, this doesn't talk about converting to PEM format but it all depends on the original format of your CRT.

How to install a CA certificate on Red Hat Enterprise Linux 6 and later

Share:
8,047

Related videos on Youtube

Tim
Author by

Tim

I love to program! I like hiking and outdoor activities. I am currently a Software Engineer and I really enjoy What I do.

Updated on September 18, 2022

Comments

  • Tim
    Tim over 1 year

    I am on RHEL 6.9

    When I run the command sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

    I get the following message

     curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
error: https://packages.microsoft.com/keys/microsoft.asc: import read failed(2).

    I have tried to use -k and --insecure both fail with something like --inecure: unknown option

    I am behind a company firewall intercepts all TLS/SSL certs and replaces it with it's own.

    Question: how do I get around this problem?

    • I have a company rootCert.crt on my desktop is there a way to make this the default system cert? Would it fix the problem?
  • Tim
    Tim almost 6 years
    right now the cert is in .crt format. Could you add an explanation on how to convert it? Thanks!
  • Tim Brandrick
    Tim Brandrick almost 6 years
    try the redhat process first on this page access.redhat.com/solutions/1519813
  • Tim
    Tim almost 6 years
    Just a quick note: I had to use update-ca-trust force-enable to get this to work... Also, I cannot access the redhat links because I do not have an account...(I found the conversion on stackexchange) ☺ Thanks again!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

12.04.4 server can't verify common SSL certificates, usual fixes failing
How to fix CA cert issues with Curl in Ubuntu 14.04?
Disable SSL check rpm
How can I update certificates on my system to fix wget's error: "Unable to establish SSL connection."?
Adding a self-signed certificate to the "trusted list"
Permission denied to cacerts file - SSL
curl NSS -12286 error in TLS handshake
cURL/PHP Request Executes 50% of the Time
OS X 10.11.6 El Capitan SSLRead() return error -9841
curl -i and curl -I returning different results