How to import root CA into system wide trusted store?

Hello,

I have my company’s CA root.crt certificate and I would like to import into openSUSE 11.2 so every application could trust this authority. Is there any instruction for this procedure?

You know, something like you can do in Windows: just click certificate and there is a button “Install certificate”

Where is system certificate store in openSUSE?

Here is a solution

OpenSSL based apps

All openssl’s root certificates are stored here: /etc/ssl/certs
To import cert you need:
1 .get cert’s hash:

openssl x509 -noout -hash -in ca-certificate-file

  1. create a symbolic link so the certificate can be found by openSSL:

ln -s my_ca.crt openssl x509 -hash -noout -in my_ca.crt.0

(if cert with such hash already exists add .1 instead of .0 and so on)

Test installation:

wget https://your_signed_website

Java based apps

use keytool to create your certificate store, like:

keytool -import -alias mycert -file mycert.pem

This will create a new keystore (if not exist before) in your user’s home dir

Default Java system’s keystore is located in: $JAVA_HOME/lib/secutiry/cacerts

HTH

As for 13.1 there is much easier procedure now:

# cp *.pem /etc/pki/trust/anchors/
# update-ca-certificates 
2 added, 0 removed.

That’s it! Execute “curl https://my.corporate.ssl.site/” to verify that it does not fail

Found here: https://github.com/openSUSE/ca-certificates

The other suggestions are very good…
However, it does make a difference what you mean by “so every application could trust this authority.”
If you mean what I think you mean, it likely means your company is using Windows Active Directory(or other network security like LDAP or less often NIS), and if this is so the simplest approach probably should be to simply join your openSUSE box to your company’s Domain. From then on, you should be able to login with your AD User account and be automatically authenticated to access and run any Domain resources (files, apps, network connections, more). Joining a company’s network security (like AD, LDAP or NIS) is best done by simply running the proper applet in YAST.

Otherwise, as has been described and suggested, you can import the certificate for SSL access. But AFAIK that won’t cover anything that’s not SSL (eg SSH, Kerberos, more). And, on Linux you can store certs in many different stores, eg Gnome Keyring, OpenSSL, possibly more.

TSU

I have bundle of CRT files (you can see them http://www.nsc.vrm.lt/downloads_en.htm ).
How to import/install them all to be usable system-wide (in FireFox, Chromium, LibreOffice, KDE, GNOME…) in openSUSE 13.2/42.1?

I already tried copy them to /etc/pki/trust/anchors/ and run update-ca-certificates, but this program reported nothing.

Firefox has its own certificate store. Options -> Advanced -> Certificates

Can you post at least a screenshot of an error?
I do use some Lithuanian certificates, but only RC and SSC, not VRM