https://briansnelson.com/index.php?action=history&feed=atom&title=How_to_add_trusted_root_certificatesHow to add trusted root certificates - Revision history2026-06-04T07:10:07ZRevision history for this page on the wikiMediaWiki 1.24.1https://briansnelson.com/index.php?title=How_to_add_trusted_root_certificates&diff=845&oldid=prevBrian: Created page with "==How to add trusted root Certificates== If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must ad..."2015-06-06T15:46:44Z<p>Created page with "==How to add trusted root Certificates== If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must ad..."</p>
<p><b>New page</b></p><div>==How to add trusted root Certificates==<br />
<br />
If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.<br />
<br />
Use the following steps to add or remove trusted root certificates to/from a server.<br />
<br />
===Mac OS X===<br />
<br />
====Add====<br />
Use command:<br />
<br />
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt<br />
<br />
====Remove====<br />
Use command:<br />
<br />
sudo security delete-certificate -c "<name of existing certificate>"<br />
<br />
===Windows===<br />
<br />
====Add====<br />
Use command:<br />
<br />
certutil -addstore -f "ROOT" new-root-certificate.crt<br />
<br />
====Remove====<br />
Use command:<br />
<br />
certutil -delstore "ROOT" serial-number-hex<br />
<br />
===Ubuntu, Debian===<br />
<br />
====Add====<br />
Copy your CA to dir /usr/local/share/ca-certificates/<br />
<br />
Use command:<br />
<br />
sudo cp new.crt /usr/local/share/ca-certificates/new.crt<br />
<br />
Update the CA store:<br />
<br />
sudo update-ca-certificates<br />
<br />
====Remove====<br />
Remove your CA.<br />
<br />
Update the CA store:<br />
<br />
sudo update-ca-certificates --fresh<br />
<br />
===Centos 6 ===<br />
<br />
====Add====<br />
Install the ca-certificates package:<br />
<br />
yum install ca-certificates<br />
<br />
Enable the dynamic CA configuration feature:<br />
<br />
update-ca-trust enable<br />
<br />
Add it as a new file to /etc/pki/ca-trust/source/anchors/:<br />
<br />
cp new.crt /etc/pki/ca-trust/source/anchors/<br />
<br />
Use command:<br />
<br />
update-ca-trust extract<br />
<br />
===Centos 5 ===<br />
<br />
====Add====<br />
Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt<br />
<br />
cat new.crt >> /etc/pki/tls/certs/ca-bundle.crt</div>Brian