Get the SSL certificate of a website using openssl command:
$ echo | openssl s_client -servername NAME -connect HOST:PORT |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt
| Distro | Package | Path to CA |
|---|---|---|
| Fedora, RHEL, CentOS | ca-certificates | /etc/pki/tls/certs/ca-bundle.crt |
| Debian, Ubuntu, Gentoo, Arch Linux | ca-certificates | /etc/ssl/certs/ca-certificates.crt |
| SUSE, openSUSE | ca-certificates | /etc/ssl/ca-bundle.pem |
| FreeBSD | ca_root_nss | /usr/local/share/certs/ca-root-nss.crt |
| Cygwin | - | /usr/ssl/certs/ca-bundle.crt |
| macOS (MacPorts) | curl-ca-bundle | /opt/local/share/curl/curl-ca-bundle.crt |
| Default cURL CA bunde path (without --with-ca-bundle option) | /usr/local/share/curl/curl-ca-bundle.crt | |
| Really old RedHat? | /usr/share/ssl/certs/ca-bundle.crt |
ToB64
openssl base64 -A -in certificate.crt
Export a private key
openssl rsa -in grafeaskey2.key -out grafeaskey2.pem
Trust in certificates ./*.pem /etc/pki/ca-trust/source/anchors/ update-ca-trust force-enable update-ca-trust extract