[CentOS] Adding CA/Root SSL / TLS Certificate, HTTPS

Bry8 Star bry8star at yahoo.com
Tue Jan 15 06:26:36 UTC 2013


Hi,
I need to add my own and other/new self-signed ca/root cert in CentOS
pki database/system, for all/most type of apps to use.

Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from
https://fedoraproject.org/keys site, which is using root cert with
following info:
CN = GeoTrust Global CA
O = GeoTrust Inc.
C= US
MD5  f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5
I have tried:
wget https://fedoraproject.org/static/DE7F38BD.txt
But 'wget' showed following warning, its not able to verify cert &
failing to download file over HTTPS :
[wget msg] ...
Connecting to fedoraproject.org|85.236.55.6|:443... connected.
ERROR: certificate common name *.fedoraproject.org
fedoraproject.org
To connect to fedoraproject.org insecurely, use --no-check-certificate.
[end of wget msg]

Also tried:
rpm --import https://fedoraproject.org/static/DE7F38BD.txt

but no new gpg key inside
the /etc/pki/rpm-gpg directory

HOW TO MANUALLY ADD CA/ROOT CERT IN CENTOS ?

(as I need to add OTHER self-signed root cert in CentOS pki database,
for all apps to use).

so that wget, rpm or other apps can use them without warning.

if a self-signed CA/root cert is added in
/etc/nssdb/cert8.db
then would it allow apps which use nssdb, to use the new root cert
automatically ?
how to manually add new root cert inside cert8.db or cert9.db ?
is it using sqlite ?

and, if a self-signed CA/root cert is added inside
/etc/pki/tls/certs/ca-bundle.trust.crt
or in
/etc/pki/tls/certs/ca-bundle.crt
then would that allow apps which use it to automatically use this/these
CA-bundles ?
what apps can be used to manually add more CA/root certs in those bundles ?
can OpenSSL or GnuTLS be used to print out root cert in the format
(compatible with and) which can be added inside those CA-bundles ?

Thank you (in advance),
-- Bright Star.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130115/ee84e29e/attachment.sig>


More information about the CentOS mailing list