maniankara/import-ca-certs-local-ubuntu-debian-redhat.md

Last active August 9, 2023 12:23

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/maniankara/d5973f6d513c300dfafc18af88b2ea48.js"></script>
Save maniankara/d5973f6d513c300dfafc18af88b2ea48 to your computer and use it in GitHub Desktop.

Download ZIP

Importing CA certs to your local Ubuntu/Debian

Raw

import-ca-certs-local-ubuntu-debian-redhat.md

Problem

Command

curl https://testhost

Certificate unknown authority error

: x509: certificate signed by unknown authority

Fix:

Download the CA cert

openssl s_client -showcerts -verify 5 -connect testhost:443 | sed -n -e '/-.BEGIN/,/-.END/ p' >tls-ca.crt

Make sure its a CA certificate

openssl x509 -noout -text -in ./tls-ca.crt | grep --after-context=2 "X509v3 Basic Constraints" | grep "CA:TRUE"

Copy the certificate and update the local store

Debian/ubuntu

sudo cp tls-ca.crt   /usr/local/share/ca-certificates/
sudo update-ca-certificates

Redhat Enterprise linux (8)

sudo cp tls-ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

Verify if the bundle contains the imported cert

Redhat Enterprise linux (8)

openssl x509 -text -noout -in /etc/pki/tls/certs/ca-bundle.crt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment