If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.
Use the following steps to add or remove trusted root certificates to/from a server.
Use command: sudo security delete-certificate -c “<name of existing certificate>”
Windows
Function
Method
Add
Use command: certutil -addstore -f “ROOT” new-root-certificate.crt
Remove
Use command: certutil -delstore “ROOT” serial-number-hex
Linux (Ubuntu, Debian)
Function
Method
Add
Copy your CA to dir /usr/local/share/ca-certificates/ Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt Update the CA store: sudo update-ca-certificates
Remove
Remove your CA. Update the CA store: sudo update-ca-certificates --fresh
Linux (CentOs 6)
Function
Method
Add
Install the ca-certificates package: yum install ca-certificates Enable the dynamic CA configuration feature: update-ca-trust force-enable Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp foo.crt /etc/pki/ca-trust/source/anchors/ Use command: update-ca-trust extract
Linux (CentOs 5)
Function
Method
Add
Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt