Adding certificates to the trusted CAs

Adding certificates to the trusted CAs

Different Linux distributions have their own ways and locations of storing trusted CAs and self-signed certificates. Table below for quick reference.

DistributionImport locationUpdate utility
Debian
Ubuntu
Raspberry Pi OS
Kali Linux
/usr/local/share/ca-certificatesupdate-ca-certificates
RHEL
Fedora
Amazon Linux
AlmaLinux
CentOS
Rocky Linux
/etc/pki/ca-trust/source/anchorsupdate-ca-trust
Arch Linux/etc/ca-certificates/trust-source/anchorstrust anchor --store <cert file> or update-ca-trust

Read more

Troubleshooting SSL or TLS Certificates

Checking local certificates
## Issued and expiration dates
openssl x509 -in cert.pem -noout -dates

## SANs or other extentions
openssl x509 -in cert.pem -noout -ext subjectAltName # Shows all domains listed on the certificate
openssl x509 -in cert.pem -noout -ext basicConstraints,keyUsage # Handy for checking CAs

## Full details
openssl x509 -in cert.pem -noout -text
Checking certificates installed on a server
PREREQUISITE - Set hostname and port variables

Set HOST equal to the hostname you want to check the certificate for.

Read more