Adding Trusted Root Certificate to the Servers

If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted root certificate manually.

Use the following steps to add or remove trusted root certificates to/from a server.

Mac OS X

AddUse command: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
RemoveUse command: sudo security delete-certificate -c “<name of existing certificate>”


AddUse command: certutil -addstore -f “ROOT” new-root-certificate.crt
RemoveUse command: certutil -delstore “ROOT” serial-number-hex

Linux (Ubuntu, Debian)

AddCopy your CA to dir /usr/local/share/ca-certificates/ Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt Update the CA store: sudo update-ca-certificates
RemoveRemove your CA. Update the CA store: sudo update-ca-certificates --fresh

Linux (CentOs 6)

AddInstall the ca-certificates package: yum install ca-certificates Enable the dynamic CA configuration feature: update-ca-trust force-enable Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp foo.crt /etc/pki/ca-trust/source/anchors/ Use command: update-ca-trust extract

Linux (CentOs 5)

AddAppend your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt

About mahyar

OrcID: 0000-0001-8875-3362 PhD Candidate (National Academy of Sciences of Ukraine - Institute for Telecommunications and Global Information) MCP - MCSA - MCSE - MCTS MCITP: Enterprise AdministratorCCNA, CCNP (R&S , Security)ISO/IEC 27001 Lead Auditor

Check Also

HOWTO: Repair a broken Ext4 Superblock in Ubuntu

This has happened to me a few times, and it’s not a nice problem to …