PKI Certificate Tutorials - Herong's Tutorial Examples - v1.13, by Herong Yang
"update-ca-trust" to Add CA Certificate
This section provides a tutorial example on adding new CA certificates to Trust Store using the 'update-ca-trust' command on Red Hat-based computers.
"update-ca-trust" command can be used to add a new root CA certificate to the Trust Store. This can be done in 3 steps:
1. Place the new root CA certificates in one of the 6 input directories based on trust status and priorities:
For example, I want to add my ZZ-Root-CA.crt as trusted with lower priority:
herong$ sudo cp ZZ-Root-CA.crt /usr/share/pki/ca-trust-source/anchors/
2. Run the "update-ca-trust" command to scan those 6 input directories and update the Trust Store.
herong$ sudo update-ca-trust
3. Verify the PEM bundle file in the Trust Store:
herong$ more ZZ-Root-CA.pem -----BEGIN CERTIFICATE----- MIIB+zCCAYKgAwIBAgIJAIZgMcdaWuMDMAkGByqGSM49BAEwIjELMAkGA1UEBhMC WloxEzARBgNVBAMTClpaIFJvb3QgQ0EwHhcNMjQxMTI0MTMwNzA4WhcNMjQxMjI0 MTMwNzA4WjAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMKWlogUm9vdCBDQTB2MBAG ... herong$ grep \ 'MTMwNzA4WjAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMKWlogUm9vdCBDQTB2MBAG' \ /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem MTMwNzA4WjAiMQswCQYDVQQGEwJaWjETMBEGA1UEAxMKWlogUm9vdCBDQTB2MBAG
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File
Linux Trust Store for CA Certificates
ca-certificates - Linux CA Certificate Package
►update-ca-trust Command on Red Hat Computers
What Is update-ca-trust Command
/etc/pki/ Directory and Symbolic Links
►"update-ca-trust" to Add CA Certificate
"update-ca-trust" to Remove CA Certificate
"update-ca-trust" to Distrust CA Certificate
"update-ca-trust" vs "trust" on Red Hat Computers