{"id":8963,"date":"2022-10-25T22:32:53","date_gmt":"2022-10-25T20:32:53","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=8963"},"modified":"2025-12-22T14:30:25","modified_gmt":"2025-12-22T13:30:25","slug":"linux-place-own-custom-certificates-in-etc-ssl-certs","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/linux-place-own-custom-certificates-in-etc-ssl-certs\/","title":{"rendered":"Linux: Place own\/custom certificates in \/etc\/ssl\/certs"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_8963 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_8963')){$('.twoclick_social_bookmarks_post_8963').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Linux%3A%20Place%20own%2Fcustom%20certificates%20in%20%2Fetc%2Fssl%2Fcerts\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Asometimes%20it%20is%20necessary%20to%20add%20an%20own%20root%2Fintermediate%20CA%20top%20your%20machine%20CA%20store.%0D%0A%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/linux-place-own-custom-certificates-in-etc-ssl-certs\\\/\",\"post_id\":8963,\"post_title_referrer_track\":\"Linux%3A+Place+own%2Fcustom+certificates+in+%2Fetc%2Fssl%2Fcerts\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>sometimes it is necessary to add an own root\/intermediate CA top your machine CA store.<\/p>\n<p><!--more--><br \/>\nIt consists of three steps. Get the certificate, generate a hash of the ceritificate  and create an symlink hash -> certificate.<\/p>\n<p>For example the <a href=\"https:\/\/www.quovadisglobal.com\/wp-content\/files\/media\/quoVadisglobalsslicag3-pem.pem\" rel=\"noopener\" target=\"_blank\">QuoVadis Global SSL ICA G3 <\/a> certificate.<\/p>\n<p>Get the certificate in pem (base64) format<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # wget https:\/\/www.quovadisglobal.com\/wp-content\/files\/media\/quoVadisglobalsslicag3-pem.pem -O \/etc\/ssl\/certs\/quoVadis_global_ssl_ica_g3.pem\r\n<\/pre>\n<p>If you have a certificate in binary or rather in der format you must convert it to pem format.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # openssl x509 -inform der -in \/home\/quoVadis_global_ssl_ica_g3.crt -out \/etc\/ssl\/certs\/quoVadis_global_ssl_ica_g3.pem\r\n<\/pre>\n<p>Generate the hash<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # openssl x509 -hash -noout -in \/etc\/ssl\/certs\/quoVadis_global_ssl_ica_g3.pem\r\n35e514f6\r\n<\/pre>\n<p>and create an symlink hash to certificate (append .0 to the hash)<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # ln -s \/etc\/ssl\/certs\/quoVadis_global_ssl_ica_g3.pem \/etc\/ssl\/certs\/35e514f6.0\r\n35e514f6\r\n<\/pre>\n<p>Test (my_uoVadis_global_ssl_ica_g3_signed_certificate.pem is a certificate signed by QuoVadis Global SSL ICA G3)<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev:~\/ #  openssl verify -verbose -CApath \/etc\/ssl\/certs -verbose my_uoVadis_global_ssl_ica_g3_signed_certificate.pem\r\nmy_uoVadis_global_ssl_ica_g3_signed_certificate.pem: OK\r\n<\/pre>\n<p>In redhat\/centos copy certificate(s) to \/etc\/pki\/ca-trust\/source\/anchors\/ and run update-ca-trust<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@centdev:~\/ #  cp \/home\/quoVadis_global_ssl_ica_g3.crt \/etc\/pki\/ca-trust\/source\/anchors\/\r\nroot@centdev:~\/ #  update-ca-trust extract\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, sometimes it is necessary to add an own root\/intermediate CA top your machine CA store.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,1036],"tags":[1903,146,84,224],"class_list":["post-8963","post","type-post","status-publish","format-standard","hentry","category-linux","category-openssl","tag-etc-ssl-certs","tag-add","tag-certificate","tag-linux-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=8963"}],"version-history":[{"count":4,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8963\/revisions"}],"predecessor-version":[{"id":10147,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8963\/revisions\/10147"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=8963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=8963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=8963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}