Install CA certificates on Linux systems
Download
If WiFi is already set up, you only need the final 2 of the 5 following certificates, otherwise you need all of them. Save the certificates in a temporary directory (i.e. C:\Temp), use the names as specified here:
telekom.crt
https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/rootcert.crt
dfn.crt
https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/intermediatecacert.crt
hsm-ca.crt
https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/cacert.crt
iukca3.crt
Download aus CMS
zefica.crt
Download aus CMS
Use the right mouse key to clock on a link, from the context menu chose “Save as”.
Convert certificates to PEM file format
Run
openssl x509 -inform der -in telekom.crt -out telekom.pem openssl x509 -inform der -in dfn.crt -out dfn.pem openssl x509 -inform der -in hsm-ca.crt -out hsm-ca.pem cp iukca3.crt iukca3.pem cp zefica.crt zefica.pem
to convert or copy the files to PEM file format.
RHEL 6 and Clones
- Install ca-certificates package
yum -y install ca-certificates
- Activate package
update-ca-trust force-enable
- Copy PEM files to /etc/pki/ca-trust/source/anchors
Create the /etc/pki/ca-trust/source/anchors directory if not yet present.
Copy the PEM files created in the previous step into the directory. - Integrate certificates into the system's certificate set
update-ca-trust
RHEL 7 and Clones
- PEM-Dateien nach /etc/pki/ca-trust/source/anchors kopieren
Create the /etc/pki/ca-trust/source/anchors directory if not yet present.
Copy the PEM files created in the previous step into the directory. - Integrate certificates into the system's certificate set
update-ca-trust
Debian and derivatives (i.e. Ubuntu)
- Copy PEM files to /usr/local/share/ca-certificates
Create the /usr/local/share/ca-certificates directory if not yet present.
Copy the PEM files created in the previous step into the directory, change the file name suffix to “*.crt”. - Integrate certificates into the system's certificate set
update-ca-certificates