I have a PEM certificate that I just downloaded from a webserver. I want to install it system-wide so I can curl the server without it complaining about a missing certificate.
I tried putting the file in /etc/ssl/certs, but nothing happened.
Add a comment |
4 Answers
As already mentioned SUSE supports ca-certificates starting with openSUSE 13.1 / SLES 12.
The difference to debian/Ubuntu is the directory for your certififcates. The SLES man page to update-ca-certificates has these directories:
FILES /usr/share/pki/trust/anchors Directory of CA certificate trust anchors. /usr/share/pki/trust/blacklist Directory of blacklisted CA certificates /etc/pki/trust/anchors Directory of CA certificate trust anchors for use by the admin /etc/pki/trust/blacklist Directory of blacklisted CA certificates for use by the admin The openSUSE package mentions these:
- Packages are expected to install their CA certificates in /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead of /usr/share/ca-certificates/<vendor> now. The anchors subdirectory is for regular pem files, the directory one above for pem files in openssl's 'trusted' format. 
- 3Then run
sudo update-ca-certificatesafterwards.wisbucky– wisbucky2019-08-12 23:41:41 +00:00Commented Aug 12, 2019 at 23:41
I would take a look for a package called ca-certificates (that's the name it goes by on Red Hat distros). All of the main distros bundle certificates and they're generally in the same location.
Since SuSE uses RPM packages as well I'd guess you could do a query like this to find the name of the package that provides certificates:
$ rpm -aq | grep -i cert ca-certificates-2010.63-3.el6_1.5.noarch With the name of this package I can then rpm -qi <package name> to find out more info about it:
$ rpm -qi ca-certificates-2010.63-3.el6_1.5.noarch Name : ca-certificates Relocations: (not relocatable) Version : 2010.63 Vendor: CentOS Release : 3.el6_1.5 Build Date: Fri 23 Sep 2011 03:39:46 PM EDT Install Date: Sat 15 Dec 2012 02:34:14 PM EST Build Host: c6b5.bsys.dev.centos.org Group : System Environment/Base Source RPM: ca-certificates-2010.63-3.el6_1.5.src.rpm Size : 1353134 License: Public Domain Signature : RSA/SHA1, Mon 26 Sep 2011 12:17:03 AM EDT, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.mozilla.org/ Summary : The Mozilla CA root certificate bundle Description : This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet PKI. This command will list its contents:
$ rpm -ql ca-certificates-2010.63-3.el6_1.5.noarch /etc/pki/java /etc/pki/java/cacerts /etc/pki/tls /etc/pki/tls/cert.pem /etc/pki/tls/certs /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.trust.crt /etc/ssl /etc/ssl/certs This last command will show you where the certificates are getting stored.
YaST
If you don't want to manually do this I believe you can use YaST to add CA certificates as well. Here's a tutorial titled: Chapter 15. Managing X.509 Certification that should guide you through that process.
- The listed package search command only searches installed packages, not available (SUSE users will have better luck using
zypper -n search certto find packages). And listing the contents of the package does not tell you what the directories the package creates are for, just that they exist. The documentation linked to, when it existed (I'll fix the link in a sec), provides instructions on how to create a new CA, not manage imported CAs. All that said, this is not really a "bad" answer, as it provides good "how I'd figure this out" steps; it just does not belong as the top answer.dannysauer– dannysauer2019-02-07 20:25:18 +00:00Commented Feb 7, 2019 at 20:25
I installed:
ca-certificates-cacert ca-certificates-mozilla and it solved the issue.
-
ca-certficates-mozillashould beca-certificates-mozilla.ismailarilik– ismailarilik2017-01-19 12:49:18 +00:00Commented Jan 19, 2017 at 12:49
I believe you can use update-ca-certificates provided by ca-certificates, try these ubuntu instructions and update this answer if required
https://superuser.com/questions/437330/how-do-you-add-a-certificate-authority-ca-to-ubuntu
- On openSUSE you should copy to
/usr/share/ca-certificatesinstead of/usr/local/share/ca-certificates.To1ne– To1ne2014-07-10 07:08:25 +00:00Commented Jul 10, 2014 at 7:08 - On OpenSUSE Leap 42.1 I've found:
/usr/lib/ca-certificatesdavid.perez– david.perez2016-06-29 07:55:55 +00:00Commented Jun 29, 2016 at 7:55 - 2See the answer @Christian posted for the current appropriate directory (
/usr/share/pki/trust/anchors).dannysauer– dannysauer2019-02-07 20:42:01 +00:00Commented Feb 7, 2019 at 20:42