2 Ways to Install and List Root CA Certificate on Linux

Table of Contents

We have two methods to use update-ca-trust or trust anchor to add a CA certificate on Linux.

We need to install the ca-certificates package first with the command yum install ca-certificates.

Using update-ca-trust to install a CA certificate

  • Copy the CA certificate to the directory /etc/pki/ca-trust/source/anchors/:

# cp rapidSSL-ca.crt /etc/pki/ca-trust/source/anchors/

  • Extract a CA certificate to the list of trusted CA’s:

# update-ca-trust

  • Verify the SSL certificate:

# openssl verify server.crt
server.crt : OK

Using trust anchor to add a CA certificate

  • Run trust anchor –store by specifying CA certificate:

# trust anchor –store ca.crt

  • Check the list of trusted CA’s

# trust list
type: certificate
label: RapidSSL RSA CA 2018
trust: anchor
category: authority

  • verify the server certificate:

# openssl verify server.crt
server.crt : OK

If we want to remove the CA certificate, run trust anchor –remove as follows:

# trust anchor –remove pkcs11:id=%53%ca%17%59%fc%6b%c0%03%21%2f%1a%ae%e4%aa%a8%1c%82%56%da%75
# trust anchor –remove /etc/pki/ca-trust/source/RapidSSL_RSA_CA_2018.p11-kit

List all CA certificates in Linux

Once the ca certificate is added, the certificate is made available through the /etc/pki/ca-trust/extracted tree:

$ ls /etc/pki/ca-trust/extracted
edk2 java openssl pem README

Applications that look to this directory to verify certificates can use any of the formats provided. The update command handles the copies, conversions, and consolidation for the different formats.

The man page for update-ca-trust has more information about the directory structure, formats, and ways that certificates are accessed

We have a quick way to list all of the certificate subjects in the bundle is with the following awk and openssl commands:

$ awk -v cmd=’openssl x509 -noout -subject’ ‘/BEGIN/{close(cmd)};{print | cmd}’ < /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Check SSL Certificate with OpenSSL



Table of Contents

Share on facebook
Share on twitter
Share on linkedin

You might also like