Install CA certificates on Linux systems

Download the 5 certificates into a temporary directory (i.e. /tmp), use names as specified here.
Use the right mouse key to click the links, from the context menu choose “Save as”.

telekom.crt

https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/rootcert.crt
 

dfn.crt

https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/intermediatecacert.crt
 

hsm-ca.crt

https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/cacert.crt
 

iukca3.crt

Download aus CMS
 

zefica.crt

Download aus CMS
 

Run

openssl x509 -inform der -in telekom.crt -out telekom.pem
openssl x509 -inform der -in dfn.crt -out dfn.pem
openssl x509 -inform der -in hsm-ca.crt -out hsm-ca.pem
cp iukca3.crt iukca3.pem
cp zefica.crt zefica.pem

to convert or copy the files to PEM file format.

• Install ca-certificates package

     yum -y install ca-certificates 

• Activate package

     update-ca-trust force-enable 

• Copy PEM files to /etc/pki/ca-trust/source/anchors
  Create the /etc/pki/ca-trust/source/anchors directory if not yet present.
  Copy the PEM files created in the previous step into the directory.
• Integrate certificates into the system's certificate set

     update-ca-trust 

• PEM-Dateien nach /etc/pki/ca-trust/source/anchors kopieren
  Create the /etc/pki/ca-trust/source/anchors directory if not yet present.
  Copy the PEM files created in the previous step into the directory.
• Integrate certificates into the system's certificate set

     update-ca-trust 

• Copy PEM files to /usr/local/share/ca-certificates
  Create the /usr/local/share/ca-certificates directory if not yet present.
  Copy the PEM files created in the previous step into the directory, change the file name suffix to “*.crt”.
• Integrate certificates into the system's certificate set

    update-ca-certificates