What is difference between /etc/ssl/certs/ca-bundle.crt and /etc/ssl/certs/ca-bundle.trust.crt in centos7?
@YogeshJilhawar:Tls ca file which is signed by private institute must be added to the ca-bundle files on OS(such as centos7.x),but there is a little different(bwtween ca-bundle.crt with ca-bundle.trust.crt) as following:
ca-bundle.crt contains a list of CA certificates trusted for TLS server authentication usage without distrust information.
ca-bundle.trust.crt contains a list of CA certificates which includes trust (and/or distrust) flags specific to certificate usage.
Both files contain CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format.
What's more,ca-trust-source contains low priority source configurations but ca-trust/source contains high priority source configurations.Good luck!
Yogesh Jilhawar
Updated on June 22, 2022Comments
-
Yogesh Jilhawar almost 2 years
I am using certificates signed by CA file for securing kubernetes API. For that I added my CA file say ca.crt to
/etc/pki/ca-trust/source/anchors/
and used the command$ update-ca-trust
to add it to the trusted list. I found my certificate in/etc/ssl/certs/ca-bundle.crt
file and also in/etc/ssl/certs/ca-bundle.trust.crt
file with some appended string of 20 (not exactly) characters. Why there are these two files and what is difference between them ? -
duct_tape_coder over 2 yearsWhat do the terms "low priority source configurations" and "high priority source configurations" mean?