Hi, I need to add my own and other/new self-signed ca/root cert in CentOS pki database/system, for all/most type of apps to use. Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from https://fedoraproject.org/keys site, which is using root cert with following info: CN = GeoTrust Global CA O = GeoTrust Inc. C= US MD5 f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 I have tried: wget https://fedoraproject.org/static/DE7F38BD.txt But 'wget' showed following warning, its not able to verify cert & failing to download file over HTTPS : [wget msg] ... Connecting to fedoraproject.org|85.236.55.6|:443... connected. ERROR: certificate common name *.fedoraproject.org fedoraproject.org To connect to fedoraproject.org insecurely, use --no-check-certificate. [end of wget msg] Also tried: rpm --import https://fedoraproject.org/static/DE7F38BD.txt but no new gpg key inside the /etc/pki/rpm-gpg directory HOW TO MANUALLY ADD CA/ROOT CERT IN CENTOS ? (as I need to add OTHER self-signed root cert in CentOS pki database, for all apps to use). so that wget, rpm or other apps can use them without warning. if a self-signed CA/root cert is added in /etc/nssdb/cert8.db then would it allow apps which use nssdb, to use the new root cert automatically ? how to manually add new root cert inside cert8.db or cert9.db ? is it using sqlite ? and, if a self-signed CA/root cert is added inside /etc/pki/tls/certs/ca-bundle.trust.crt or in /etc/pki/tls/certs/ca-bundle.crt then would that allow apps which use it to automatically use this/these CA-bundles ? what apps can be used to manually add more CA/root certs in those bundles ? can OpenSSL or GnuTLS be used to print out root cert in the format (compatible with and) which can be added inside those CA-bundles ? Thank you (in advance), -- Bright Star.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
