Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Add CA cert to local trust store on CentOS, Debian or Ubuntu
  • Open a webpage that uses the CA with Firefox
  • Click the lock-icon in the addressbar -> show information -> show certificate
  • the certificate viewer will open
  • click details and choose the certificate of the certificate-chain, you want to import to CentOS
  • click "Export..." and save it as .crt file
  • Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
  • run update-ca-trust extract
  • test it with wget https://thewebsite.org

On debian and ubuntu the directory is /usr/local/share/ca-certificates/ and the command to update is update-ca-certificates

At least on ubuntu:
Be sure that the filename ends with .crt and that its content starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----

@chapinese100
Copy link

chapinese100 commented Dec 3, 2019

Excellent post!! thanks.

@BFriedmanWorx
Copy link

BFriedmanWorx commented Apr 30, 2020

For self-signed certs on dev laptops, don't forget to restart your web browser (chrome) so it can see the changes you just made to CentOS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment