import self signed certificate in redhat

ssl https openssl redhat self-signed
57,840

Solution 1

I don't know of a way to import a specific site-cert into OpenSSL's trust db (I wish I did!), but since you're talking about a self-signed cert we can approach it by importing your cert as new trusted CA cert. Warning though: you're also going to be trusting any sites that are signed by that cert.

Find and download the cert

You can download a self-signed cert directly from a site quickly with:

openssl s_client -connect server:443 <<<'' | openssl x509 -out /path/file

Note that you should only do this in the case of a self-signed cert (as mentioned in the original question). If the cert is signed by some other CA, you can't run with the above; instead, you will need to find the appropriate CA cert and download that.

Import the cert and make it trusted

The update-ca-trust command was added in Fedora 19 and RHEL6 via RHEA-2013-1596. If you have it, your steps are dumb-simple (but require root/sudo):

  1. copy the CA cert to /etc/pki/ca-trust/source/anchors/
  2. update-ca-trust enable; update-ca-trust extract
  3. (Note that the enable command isn't necessary in RHEL7 & modern Fedora)

If you don't have update-ca-trust, it's only a little harder (and still requires root/sudo):

  1. cd /etc/pki/tls/certs
  2. copy the CA cert here
  3. ln -sv YOURCERT $(openssl x509 -in YOURCERT -noout -hash).0

PS: The question mentioned Red Hat, but for anyone looking at doing the same with something besides Fedora/RHEL, wiki.cacert.org/FAQ/ImportRootCert might be helpful.

Solution 2

You can do what you want to do using these steps:

  1. Put the SSL certificate (including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines) into a file in the directory "/etc/pki/tls/certs" - for the sake of example, let's call it "myserver.pem".

  2. Compute the certificate hash of this certificate by running

    openssl x509 -noout -hash -in /etc/pki/tls/certs/myserver.pem

    for the sake of example, let's assume the hash value is "1a2b3c4d".

  3. Make a symbolic link in the certs directory based on this hash value, like this:

    ln -s /etc/pki/tls/certs/myserver.pem /etc/pki/tls/certs/1a2b3c4d.0

    I'm assuming that there are no other certificates already in this directory that hash to the same hash value - if there already is a "1a2b3c4d.0", then make your link "1a2b3c4d.1" instead (or if there's already a ".1", make yours ".2", etc...)

wget and other tools that use SSL will then recognize that certificate as valid. There may be a simpler way to do this using a GUI but works to do it via the command line.

Share:
57,840
Admin
Author by

Admin

Updated on February 15, 2020

Comments

  • Admin
    Admin about 4 years

    How can I import a self-signed certificate in Red-Hat Linux.

    I'm not an expert with respect to certificates and find it difficult to find the right answer through googling, since I don't know the difference between a .cer, .crt or a .pem. Having said that, what I would like to do should not be rocket science (In windows I can do this with a few clicks in my browser) I want to connect to a server that makes use of a self-signed certificate. For example using wget, without having to use the --no-check-certificate option. To make this work I will have to add the self-signed certificate of the server to my RedHat box. I have found out the certificates reside in /etc/pki/tls. But I am at a loss what actions I should perform to make wget function without complaining.

    I can get the SSL certificate from the server using:

    openssl s_client -connect server:443

    The certificate is between "BEGIN CERTIFICATE and END CERTIFICATE" I do not know what kind of certificate this is. Next I will have to put it in the /etc/pki/tls/certs directory and apply some openssl secert sauce I don't know about. Can you help?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to test https rest webservice in postman
SSL/HTTPS client in C
Invalid CA certificate with self signed certificate chain
Self signed certificate honoring both, Machine Name & IP Address
How to create an OpenSSL Self-Signed Certificate using SAN?
SSL/TLS protocols and cipher suites with the AndroidHttpClient
Making HTTPS request in iOS 9 with self-signed certificate
SVN over HTTPS and SSL handshake fails
self signed certificate with openssl for server at home and no domain name
How can I get Chrome accepting self signed certificates?