Sunday 21 August 2011

How to install a digital CA certificate on Red Hat based GNU/Linux distributions

This is just as a reminder for myself, as I keep forgetting about this stuff.

If like me you run a server with services that depends on SSL and need to install a certificate issued by a Certificate Authority (CA) like CACert, this might be interesting to you as well.

On Red Hat based systems the CA certificate for SSL is usually installed in the /etc/pki/tls/certs directory. The certificate is basically just dropped there in a file which name is its hash – built with the openssl program.

I wrote the shell scriptlet http://dodji.seketeli.net/install-ca-cert.txt. Download it, save it as install-ca-cert.sh and turn it into an executable.

Then, assuming your certificate is in a file named your-ca.crt, install it by doing:

sudo ./install-ca-cert.sh ./your-ca.crt

Voila. I don't know how that works on other distributions, though.

Update

A wise person taught me about the c_rehash utility from openssl, that does the same thing as my dirty script above. To use it, you need to install the openssl-perl package. Thank you, Daniël.

7 comments:

Daniël van Eeden said...

Why not use OpenSSL's c_rehash?

Dodji said...

Thank you Daniël. I didn't know about that utility. I have updated the post accordingly.

Guillem Jover said...

On Debian based systems this is done by the update-ca-certificates program from the ca-certificates package (http://packages.debian.org/sid/ca-certificates).

viagra said...

Hello
Excellent post.I want to thank you for this informative read, I really appreciate sharing this great post. Keep up your work.

Unknown said...

Digital certificate is an electronic document that uses a digital signature to bind a public key with identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
Digital Certificate for Security

sharepoint digital signature said...

Nice and informative article. I love it. I love it so much, that the greedy visual-data gnome in me wants more !

Mehra said...

Thanks for sharing such nice blog post. If you are getting bored and want your lonely night turn into joyful, instant get in touch with most reputed escort agency https://www.elitemanchesterescorts.co.uk/locations/ringway-escorts/.