Skip to content

Adding a Custom CA Trusted Certificates

This workflow details the steps required to add a CA certificate to the A hosts Trusted Certificates.


The following assumptions are made for the usage of this runbook:

  • You have sudo access

  • The host where these commands to run from has ca-certificates package installed.

    • Alpine Based OS apk add ca-certificates

    • Debian based OS apt install ca-certificates


  1. If the certificate is currently in pem format, convert it to an x509 certificate.

    • sudo openssl x509 -inform PEM -in /<certificate path>/ca_cert.pem -out /usr/local/share/ca-certificates/<dns name here>.crt

      This will convert pem certificate /<certificate path>/ca_cert.pem and save it to /usr/local/share/ca-certificates/<dns name here>.crt

  2. If certificate not in path /usr/local/share/ca-certificates/ or a sub-directory of, copy the certificate there

  3. Recommended flush the current trusted certificates sudo update-ca-certificates --fresh

  4. Update the host trusted certificates with sudo update-ca-certificates


This page is part of our Project ITIL Runbooks.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2024-02-26
Date Edited: 2024-02-26


Would You like to contribute to our ITIL Runbooks project? You can assist in the following ways:


ToDo: Add the page list of contributors