Sunday, 21 August 2011

How to install a digital CA certificate on Red Hat based GNU/Linux distributions

This is just as a reminder for myself, as I keep forgetting about this stuff.

If like me you run a server with services that depends on SSL and need to install a certificate issued by a Certificate Authority (CA) like CACert, this might be interesting to you as well.

On Red Hat based systems the CA certificate for SSL is usually installed in the /etc/pki/tls/certs directory. The certificate is basically just dropped there in a file which name is its hash – built with the openssl program.

I wrote the shell scriptlet http://dodji.seketeli.net/install-ca-cert.txt. Download it, save it as install-ca-cert.sh and turn it into an executable.

Then, assuming your certificate is in a file named your-ca.crt, install it by doing:

sudo ./install-ca-cert.sh ./your-ca.crt

Voila. I don't know how that works on other distributions, though.

Update

A wise person taught me about the c_rehash utility from openssl, that does the same thing as my dirty script above. To use it, you need to install the openssl-perl package. Thank you, Daniël.

7 comments:

Daniël van Eeden said...

Why not use OpenSSL's c_rehash?

Dodji said...

Thank you Daniël. I didn't know about that utility. I have updated the post accordingly.

Guillem Jover said...

On Debian based systems this is done by the update-ca-certificates program from the ca-certificates package (http://packages.debian.org/sid/ca-certificates).

Anonymous said...

Thanks

viagra said...

Hello
Excellent post.I want to thank you for this informative read, I really appreciate sharing this great post. Keep up your work.

Rakesh Singh said...

Digital certificate is an electronic document that uses a digital signature to bind a public key with identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
Digital Certificate for Security

sharepoint digital signature said...

Nice and informative article. I love it. I love it so much, that the greedy visual-data gnome in me wants more !