Adding a Custom CA Trusted Certificates

---

This workflow details the steps required to add a CA certificate to the A hosts Trusted Certificates.

Assumptions

The following assumptions are made for the usage of this runbook:

• You have sudo access

• The host where these commands to run from has ca-certificates package installed.

  • Alpine Based OS apk add ca-certificates

  • Debian based OS apt install ca-certificates

Workflow

1. If the certificate is currently in pem format, convert it to an x509 certificate.

   • sudo openssl x509 -inform PEM -in /<certificate path>/ca_cert.pem -out /usr/local/share/ca-certificates/<dns name here>.crt

     This will convert pem certificate /<certificate path>/ca_cert.pem and save it to /usr/local/share/ca-certificates/<dns name here>.crt

2. If certificate not in path /usr/local/share/ca-certificates/ or a sub-directory of, copy the certificate there

3. Recommended flush the current trusted certificates sudo update-ca-certificates --fresh

4. Update the host trusted certificates with sudo update-ca-certificates

About:

This page is part of our Project ITIL Runbooks.

Page Metadata

Version: ToDo: place files short git commit here
Date Created: 2024-02-26
Date Edited: 2024-02-26

Contribution:

Would You like to contribute to our ITIL Runbooks project? You can assist in the following ways:

• Edit This Page If there is a mistake or a way you can improve it.
• Add a Page to the Manual if you would like to add an item to our manual
• Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.

 

ToDo: Add the page list of contributors