[CentOS] Adding CA/Root SSL / TLS Certificate, HTTPS

Tue Jan 15 06:26:36 UTC 2013
Bry8 Star <bry8star at yahoo.com>

I need to add my own and other/new self-signed ca/root cert in CentOS
pki database/system, for all/most type of apps to use.

Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from
https://fedoraproject.org/keys site, which is using root cert with
following info:
CN = GeoTrust Global CA
O = GeoTrust Inc.
MD5  f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5
I have tried:
wget https://fedoraproject.org/static/DE7F38BD.txt
But 'wget' showed following warning, its not able to verify cert &
failing to download file over HTTPS :
[wget msg] ...
Connecting to fedoraproject.org||:443... connected.
ERROR: certificate common name *.fedoraproject.org
To connect to fedoraproject.org insecurely, use --no-check-certificate.
[end of wget msg]

Also tried:
rpm --import https://fedoraproject.org/static/DE7F38BD.txt

but no new gpg key inside
the /etc/pki/rpm-gpg directory


(as I need to add OTHER self-signed root cert in CentOS pki database,
for all apps to use).

so that wget, rpm or other apps can use them without warning.

if a self-signed CA/root cert is added in
then would it allow apps which use nssdb, to use the new root cert
automatically ?
how to manually add new root cert inside cert8.db or cert9.db ?
is it using sqlite ?

and, if a self-signed CA/root cert is added inside
or in
then would that allow apps which use it to automatically use this/these
CA-bundles ?
what apps can be used to manually add more CA/root certs in those bundles ?
can OpenSSL or GnuTLS be used to print out root cert in the format
(compatible with and) which can be added inside those CA-bundles ?

Thank you (in advance),
-- Bright Star.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130115/ee84e29e/attachment-0003.sig>