分类
devops

How to add CA root certification (self-signed)


Last Updated on 2022-01-12

debian

sudo mkdir /usr/share/ca-certificates/extra
sudo cp self-signed-ca.crt /usr/share/ca-certificates/extra/self-signed-ca.crt
sudo echo "extra/self-signed-ca.crt" >> /etc/ca-certificates.conf
sudo /usr/sbin/update-ca-certificates

centos

yum install -y ca-certificates
cp self-signed-ca.cert /etc/pki/ca-trust/source/anchors/
update-ca-trust force-enable
/usr/bin/update-ca-trust

alpine

/usr/sbin/update-ca-certificates

注:虽然alpine下命令update-ca-certificates命令和debian下的名字相同,但是代码是不同的,alpine中的update-ca-certificates 没有--verbose--fresh参数

openSUSE

注:虽然openSUSE下也有命令/usr/sbin/update-ca-certificates,但它是一段脚本,和debian、alpine下的又有不同的地方。得出虽然各个linux发行版都有这么个ca的机制,但实现的方法、包、命令、维护的作者可能各不同。

p11-kit

utilities for keeping system ca-certificates and OpenJDK CA certificates in sync

## debian
apt install p11-kit
## alpine
apk add p11-kit-trust
## centos
yum install p11-kit-trust

ref