How to add trusted root certificates
From Brian Nelson Ramblings
Contents
How to add trusted root Certificates
If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.
Use the following steps to add or remove trusted root certificates to/from a server.
Mac OS X
Add
Use command:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
Remove
Use command:
sudo security delete-certificate -c "<name of existing certificate>"
Windows
Add
Use command:
certutil -addstore -f "ROOT" new-root-certificate.crt
Remove
Use command:
certutil -delstore "ROOT" serial-number-hex
Ubuntu, Debian
Add
Copy your CA to dir /usr/local/share/ca-certificates/
Use command:
sudo cp new.crt /usr/local/share/ca-certificates/new.crt
Update the CA store:
sudo update-ca-certificates
Remove
Remove your CA.
Update the CA store:
sudo update-ca-certificates --fresh
Centos 6
Add
Install the ca-certificates package:
yum install ca-certificates
Enable the dynamic CA configuration feature:
update-ca-trust enable
Add it as a new file to /etc/pki/ca-trust/source/anchors/:
cp new.crt /etc/pki/ca-trust/source/anchors/
Use command:
update-ca-trust extract
Centos 5
Add
Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt
cat new.crt >> /etc/pki/tls/certs/ca-bundle.crt