Sunday, 21 August 2011

How to install a digital CA certificate on Red Hat based GNU/Linux distributions

This is just as a reminder for myself, as I keep forgetting about this stuff.

If like me you run a server with services that depends on SSL and need to install a certificate issued by a Certificate Authority (CA) like CACert, this might be interesting to you as well.

On Red Hat based systems the CA certificate for SSL is usually installed in the /etc/pki/tls/certs directory. The certificate is basically just dropped there in a file which name is its hash – built with the openssl program.

I wrote the shell scriptlet Download it, save it as and turn it into an executable.

Then, assuming your certificate is in a file named your-ca.crt, install it by doing:

sudo ./ ./your-ca.crt

Voila. I don't know how that works on other distributions, though.


A wise person taught me about the c_rehash utility from openssl, that does the same thing as my dirty script above. To use it, you need to install the openssl-perl package. Thank you, Daniël.


Daniël van Eeden said...

Why not use OpenSSL's c_rehash?

Dodji said...

Thank you Daniël. I didn't know about that utility. I have updated the post accordingly.

Guillem Jover said...

On Debian based systems this is done by the update-ca-certificates program from the ca-certificates package (

Anonymous said...


viagra said...

Excellent post.I want to thank you for this informative read, I really appreciate sharing this great post. Keep up your work.

Rakesh Singh said...

Digital certificate is an electronic document that uses a digital signature to bind a public key with identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
Digital Certificate for Security

sharepoint digital signature said...

Nice and informative article. I love it. I love it so much, that the greedy visual-data gnome in me wants more !

Digital Signature said...

Thanks For sharing Digital Signature Related Story