Adding CA/Root SSL / TLS Certificate, HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,
I need to add my own and other/new self-signed ca/root cert in CentOS
pki database/system, for all/most type of apps to use.

Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from
https://fedoraproject.org/keys site, which is using root cert with
following info:
CN = GeoTrust Global CA
O = GeoTrust Inc.
C= US
MD5  f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5
I have tried:
wget https://fedoraproject.org/static/DE7F38BD.txt
But 'wget' showed following warning, its not able to verify cert &
failing to download file over HTTPS :
[wget msg] ...
Connecting to fedoraproject.org|85.236.55.6|:443... connected.
ERROR: certificate common name *.fedoraproject.org
fedoraproject.org
To connect to fedoraproject.org insecurely, use --no-check-certificate.
[end of wget msg]

Also tried:
rpm --import https://fedoraproject.org/static/DE7F38BD.txt

but no new gpg key inside
the /etc/pki/rpm-gpg directory

HOW TO MANUALLY ADD CA/ROOT CERT IN CENTOS ?

(as I need to add OTHER self-signed root cert in CentOS pki database,
for all apps to use).

so that wget, rpm or other apps can use them without warning.

if a self-signed CA/root cert is added in
/etc/nssdb/cert8.db
then would it allow apps which use nssdb, to use the new root cert
automatically ?
how to manually add new root cert inside cert8.db or cert9.db ?
is it using sqlite ?

and, if a self-signed CA/root cert is added inside
/etc/pki/tls/certs/ca-bundle.trust.crt
or in
/etc/pki/tls/certs/ca-bundle.crt
then would that allow apps which use it to automatically use this/these
CA-bundles ?
what apps can be used to manually add more CA/root certs in those bundles ?
can OpenSSL or GnuTLS be used to print out root cert in the format
(compatible with and) which can be added inside those CA-bundles ?

Thank you (in advance),
-- Bright Star.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux