Score:0

How to install SSL certificate to system-wide trust on SUSE

in flag

I know this qualifies as one of the most asked questions in SF (and also possibly in SO), but (this time) I've done my homework: I've read and tried this and this without any luck.

So, I have my shiny new base-64 (cer) certificate singed by my corporate CA, now I need to add it to my server to be able to happily curl with SSL. I copy the file to /usr/share/pki/trust/anchors, make sure its 644 and owned by root. Then I run update-ca-certificates and I get nothing back (where in all the examples I've seen you're supposed to get a friendly message back confirming stuff).

I go sniff in /var/lib/ca-certificates and I dont see my certificate anywhere, neither under pem/ or in the ca-bundle.pem

What am I doing wrong here?

Score:0
in flag

So, first things first; I should not go sniffing around where I should not. Behind the scenes update-ca-certs calls trust. So when I do a trust list I see my Cert there. What I was missing was adding the whole chain to my trust, so also the root and intermediate CAs. Once that was done curl was happy.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.