![]() ![]() # trust anchor –remove /etc/pki/ca-trust/source/RapidSSL_RSA_CA_2018.p11-kit List all CA certificates in Linux ![]() If we want to remove the CA certificate, run trust anchor –remove as follows: Verify the server certificate:# openssl verify server.crt Run trust anchor –store by specifying CA certificate:# trust anchor –store ca.crt Using trust anchor to add a CA certificate Verify the SSL certificate:# openssl verify server.crt server.crt : OK.Extract a CA certificate to the list of trusted CA’s:# update-ca-trust.Copy the CA certificate to the directory /etc/pki/ca-trust/source/anchors/:# cp rapidSSL-ca.crt /etc/pki/ca-trust/source/anchors/.Using update-ca-trust to install a CA certificate This allows our computer to be able to tell whether or not a certificate is invalid, because if its root certificate isn’t on their trusted root CA list, then it’ll warn us that the certificate is not a trusted one. Typically, we don’t need to install a Root CA certificate, as they are included in web browsers’ trust stores and are even pre-installed on some operating systems. Every valid SSL certificate is under a Root CA certificate, as these are trusted parties.Ĭheck SSL Certificate Chain with OpenSSL Examples These certificates consist of root certificates, intermediate certificates, and leaf (server) certificates.Īs for Root CA certificates, these are certificates that are self-signed by their respective CA (as they have the authority to do so). SSL certificates operate on a structure called the certificate chain - a network of certificates starting back at the issuing company of the certificate, also known as a certificate authority (CA). We need to install the ca-certificates package first with the command yum install ca-certificates. We have two methods to use update-ca-trust or trust anchor to add a CA certificate on Linux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |