21 Aug 2011 sdodji   » (Master)

How to install a digital CA certificate on Red Hat based GNU/Linux distributions

This is just as a reminder for myself, as I keep forgetting about this stuff.

If like me you run a server with services that depends on SSL and need to install a certificate issued by a Certificate Authority (CA) like CACert, this might be interesting to you as well.

On Red Hat based systems the CA certificate for SSL is usually installed in the /etc/pki/tls/certs directory. The certificate is basically just dropped there in a file which name is its hash – built with the openssl program.

I wrote the shell scriptlet http://dodji.seketeli.net/install-ca-cert.txt. Download it, save it as install-ca-cert.sh and turn it into an executable.

Then, assuming your certificate is in a file named your-ca.crt, install it by doing:

sudo ./install-ca-cert.sh ./your-ca.crt

Voila. I don't know how that works on other distributions, though.

Update

A wise person taught me about the c_rehash utility from openssl, that does the same thing as my dirty script above. To use it, you need to install the openssl-perl package. Thank you, Daniël.

Syndicated 2011-08-21 14:25:00 (Updated 2011-08-22 08:27:27) from Dodji

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!