How to add trusted root certificates

From Brian Nelson Ramblings
Jump to: navigation, search

How to add trusted root Certificates

If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.

Use the following steps to add or remove trusted root certificates to/from a server.

Mac OS X

Add

Use command:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt

Remove

Use command:

sudo security delete-certificate -c "<name of existing certificate>"

Windows

Add

Use command:

certutil -addstore -f "ROOT" new-root-certificate.crt

Remove

Use command:

certutil -delstore "ROOT" serial-number-hex

Ubuntu, Debian

Add

Copy your CA to dir /usr/local/share/ca-certificates/

Use command:

sudo cp new.crt /usr/local/share/ca-certificates/new.crt

Update the CA store:

sudo update-ca-certificates

Remove

Remove your CA.

Update the CA store:

sudo update-ca-certificates --fresh

Centos 6

Add

Install the ca-certificates package:

yum install ca-certificates

Enable the dynamic CA configuration feature:

update-ca-trust enable

Add it as a new file to /etc/pki/ca-trust/source/anchors/:

cp new.crt /etc/pki/ca-trust/source/anchors/

Use command:

update-ca-trust extract

Centos 5

Add

Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt

cat new.crt >> /etc/pki/tls/certs/ca-bundle.crt