ml-eds/addcert.sh

## addcert.sh
# good reference: https://wiki.ubuntuusers.de/CA/

# download missing cert DigiCertHighAssuranceEVRootCA.crt
wget --no-check-certificate https://dl.cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt

# convert to pem format
openssl x509 -inform DER -outform PEM -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem.crt

# copy to /usr/local/share/ca-certificates
cp DigiCertHighAssuranceEVRootCA.pem.crt /usr/local/share/ca-certificates/

# update ca-certificate configuration
update-ca-certificates

# above command results:
# 1. generate /etc/ssl/certs/ca-certificates.crt bundle
# 2. add symlink in /etc/ssl/certs to /usr/local/share/ca-certificates/DigiCertHighAssuranceEVRootCA.pem.crt

# If php openssl ist still not working, check correct symlinks
php -r "var_dump(openssl_get_cert_locations());"

# array(8) {
#   ["default_cert_file"]=>
#   string(21) "/usr/lib/ssl/cert.pem"
#   ["default_cert_file_env"]=>
#   string(13) "SSL_CERT_FILE"
#   ["default_cert_dir"]=>
#   string(18) "/usr/lib/ssl/certs"
#   ["default_cert_dir_env"]=>
#   string(12) "SSL_CERT_DIR"
#   ["default_private_dir"]=>
#   string(20) "/usr/lib/ssl/private"
#   ["default_default_cert_area"]=>
#   string(12) "/usr/lib/ssl"
#   ["ini_cafile"]=>
#   string(0) ""
#   ["ini_capath"]=>
#   string(0) ""
# }

# /usr/lib/ssl/cert.pem should exist
# /usr/lib/ssl/certs should be symlink to /etc/ssl/certs
# /usr/lib/ssl/private should be symlink to /etc/ssl/private

# this workes for me
# symlinking /usr/lib/ssl/cert.pem -> /etc/ssl/certs/ca-certificates.crt
	# good reference: https://wiki.ubuntuusers.de/CA/

	# download missing cert DigiCertHighAssuranceEVRootCA.crt
	wget --no-check-certificate https://dl.cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt

	# convert to pem format
	openssl x509 -inform DER -outform PEM -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem.crt

	# copy to /usr/local/share/ca-certificates
	cp DigiCertHighAssuranceEVRootCA.pem.crt /usr/local/share/ca-certificates/

	# update ca-certificate configuration
	update-ca-certificates

	# above command results:
	# 1. generate /etc/ssl/certs/ca-certificates.crt bundle
	# 2. add symlink in /etc/ssl/certs to /usr/local/share/ca-certificates/DigiCertHighAssuranceEVRootCA.pem.crt

	# If php openssl ist still not working, check correct symlinks
	php -r "var_dump(openssl_get_cert_locations());"

	# array(8) {
	# ["default_cert_file"]=>
	# string(21) "/usr/lib/ssl/cert.pem"
	# ["default_cert_file_env"]=>
	# string(13) "SSL_CERT_FILE"
	# ["default_cert_dir"]=>
	# string(18) "/usr/lib/ssl/certs"
	# ["default_cert_dir_env"]=>
	# string(12) "SSL_CERT_DIR"
	# ["default_private_dir"]=>
	# string(20) "/usr/lib/ssl/private"
	# ["default_default_cert_area"]=>
	# string(12) "/usr/lib/ssl"
	# ["ini_cafile"]=>
	# string(0) ""
	# ["ini_capath"]=>
	# string(0) ""
	# }

	# /usr/lib/ssl/cert.pem should exist
	# /usr/lib/ssl/certs should be symlink to /etc/ssl/certs
	# /usr/lib/ssl/private should be symlink to /etc/ssl/private

	# this workes for me
	# symlinking /usr/lib/ssl/cert.pem -> /etc/ssl/certs/ca-certificates.crt