debian
sudo mkdir /usr/share/ca-certificates/extra
sudo cp self-signed-ca.crt /usr/share/ca-certificates/extra/self-signed-ca.crt
sudo echo "extra/self-signed-ca.crt" >> /etc/ca-certificates.conf
sudo /usr/sbin/update-ca-certificates
centos
yum install -y ca-certificates
cp self-signed-ca.cert /etc/pki/ca-trust/source/anchors/
update-ca-trust force-enable
/usr/bin/update-ca-trust
alpine
/usr/sbin/update-ca-certificates
注:虽然alpine下命令
update-ca-certificates命令和debian下的名字相同,但是代码是不同的,alpine中的update-ca-certificates没有--verbose和--fresh参数
openSUSE
注:虽然openSUSE下也有命令
/usr/sbin/update-ca-certificates,但它是一段脚本,和debian、alpine下的又有不同的地方。得出虽然各个linux发行版都有这么个ca的机制,但实现的方法、包、命令、维护的作者可能各不同。
p11-kit
utilities for keeping system
ca-certificatesand OpenJDK CA certificates in sync
## debian
apt install p11-kit
## alpine
apk add p11-kit-trust
## centos
yum install p11-kit-trust
- https://github.com/docker-library/openjdk/blob/master/11/jdk/buster/Dockerfile
- https://github.com/docker-library/openjdk/blob/master/11/jdk/oraclelinux7/Dockerfile
ref
- https://wiki.mozilla.org/CA
- What is the recommended way to add a new root certificate?
- How to add Certificate Authority file in CentOS 7
- https://github.com/gliderlabs/docker-alpine/issues/260
- Adding trusted root certificates to the server
- Installing a root/CA Certificate
- https://manpages.ubuntu.com/manpages/jammy/man8/update-ca-certificates.8.html
- Mozilla Root Store Policy
- How to make Firefox trust system CA certificates?
- NSS:Root certs
- https://src.fedoraproject.org/rpms/ca-certificates
- Common CA Database
- alpine/ca-certificates