Zum Inhalt springenZur Hauptnavigation springenZur Suche springen

Install CA certificates on Linux systems

Download

Download the 5 certificates into a temporary directory (i.e. /tmp), use names as specified here.
Use the right mouse key to click the links, from the context menu choose “Save as”.

telekom.crt

https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/rootcert.crt
 

dfn.crt

https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/intermediatecacert.crt
 

hsm-ca.crt

https://pki.pca.dfn.de/fh-schmalkalden-ca/pub/cacert/cacert.crt
 

iukca3.crt

Download aus CMS
 

zefica.crt

Download aus CMS
 


Convert certificates to PEM file format

Run

 

openssl x509 -inform der -in telekom.crt -out telekom.pem
openssl x509 -inform der -in dfn.crt -out dfn.pem
openssl x509 -inform der -in hsm-ca.crt -out hsm-ca.pem
cp iukca3.crt iukca3.pem
cp zefica.crt zefica.pem

 

to convert or copy the files to PEM file format.


RHEL 6 and Clones

  • Install ca-certificates package
       yum -y install ca-certificates 
  • Activate package
       update-ca-trust force-enable 
  • Copy PEM files to /etc/pki/ca-trust/source/anchors
    Create the /etc/pki/ca-trust/source/anchors directory if not yet present.
    Copy the PEM files created in the previous step into the directory.
  • Integrate certificates into the system's certificate set
       update-ca-trust 

RHEL 7 and Clones

  • PEM-Dateien nach /etc/pki/ca-trust/source/anchors kopieren
    Create the /etc/pki/ca-trust/source/anchors directory if not yet present.
    Copy the PEM files created in the previous step into the directory.
  • Integrate certificates into the system's certificate set
       update-ca-trust 

Debian and derivatives (i.e. Ubuntu)

  • Copy PEM files to /usr/local/share/ca-certificates
    Create the /usr/local/share/ca-certificates directory if not yet present.
    Copy the PEM files created in the previous step into the directory, change the file name suffix to “*.crt”.
  • Integrate certificates into the system's certificate set
      update-ca-certificates