Results 1 to 6 of 6

Thread: How to import root CA into system wide trusted store?

  1. #1

    Default How to import root CA into system wide trusted store?

    Hello,

    I have my company's CA root.crt certificate and I would like to import into openSUSE 11.2 so every application could trust this authority. Is there any instruction for this procedure?

    You know, something like you can do in Windows: just click certificate and there is a button "Install certificate"

    Where is system certificate store in openSUSE?

  2. #2

    Default Re: How to import root CA into system wide trusted store?

    Here is a solution

    OpenSSL based apps

    All openssl's root certificates are stored here: /etc/ssl/certs
    To import cert you need:
    1 .get cert's hash:

    openssl x509 -noout -hash -in ca-certificate-file

    2. create a symbolic link so the certificate can be found by openSSL:

    ln -s my_ca.crt `openssl x509 -hash -noout -in my_ca.crt`.0

    (if cert with such hash already exists add .1 instead of .0 and so on)

    Test installation:

    wget https://your_signed_website


    Java based apps

    use keytool to create your certificate store, like:

    keytool -import -alias mycert -file mycert.pem

    This will create a new keystore (if not exist before) in your user's home dir

    Default Java system's keystore is located in: $JAVA_HOME/lib/secutiry/cacerts


    HTH

  3. #3

    Default Re: How to import root CA into system wide trusted store?

    As for 13.1 there is much easier procedure now:

    Code:
    # cp *.pem /etc/pki/trust/anchors/
    # update-ca-certificates 
    2 added, 0 removed.
    That's it! Execute "curl https://my.corporate.ssl.site/" to verify that it does not fail

    Found here: https://github.com/openSUSE/ca-certificates

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,934
    Blog Entries
    2

    Default Re: How to import root CA into system wide trusted store?

    Quote Originally Posted by tosiara View Post
    Hello,

    I have my company's CA root.crt certificate and I would like to import into openSUSE 11.2 so every application could trust this authority. Is there any instruction for this procedure?

    You know, something like you can do in Windows: just click certificate and there is a button "Install certificate"

    Where is system certificate store in openSUSE?
    The other suggestions are very good...
    However, it does make a difference what you mean by "so every application could trust this authority."
    If you mean what I think you mean, it likely means your company is using Windows Active Directory(or other network security like LDAP or less often NIS), and if this is so the simplest approach probably should be to simply join your openSUSE box to your company's Domain. From then on, you should be able to login with your AD User account and be automatically authenticated to access and run any Domain resources (files, apps, network connections, more). Joining a company's network security (like AD, LDAP or NIS) is best done by simply running the proper applet in YAST.

    Otherwise, as has been described and suggested, you can import the certificate for SSL access. But AFAIK that won't cover anything that's not SSL (eg SSH, Kerberos, more). And, on Linux you can store certs in many different stores, eg Gnome Keyring, OpenSSL, possibly more.

    TSU

  5. #5

    Default Re: How to import root CA into system wide trusted store?

    I have bundle of CRT files (you can see them http://www.nsc.vrm.lt/downloads_en.htm ).
    How to import/install them all to be usable system-wide (in FireFox, Chromium, LibreOffice, KDE, GNOME...) in openSUSE 13.2/42.1?

    I already tried copy them to /etc/pki/trust/anchors/ and run update-ca-certificates, but this program reported nothing.

  6. #6

    Default Re: How to import root CA into system wide trusted store?

    Quote Originally Posted by embar- View Post
    I have bundle of CRT files (you can see them http://www.nsc.vrm.lt/downloads_en.htm ).
    How to import/install them all to be usable system-wide (in FireFox, Chromium, LibreOffice, KDE, GNOME...) in openSUSE 13.2/42.1?

    I already tried copy them to /etc/pki/trust/anchors/ and run update-ca-certificates, but this program reported nothing.
    Firefox has its own certificate store. Options -> Advanced -> Certificates

    Can you post at least a screenshot of an error?
    I do use some Lithuanian certificates, but only RC and SSC, not VRM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •