Ubuntu, SLES, Debian
Tested under Ubuntu and SLES 11 so far.
apt-get install ... or similar
# Step 0: Convert the Certificate to PEM format openssl x509 -inform der -in certificate.cer -out certificate.pem # Step 0.5: Make sure there is only 1 Certificate in the File grep 'BEGIN.* CERTIFICATE' certificate.pem | wc -l # should output `1` # Step 1: Verify it's the correct Certificate openssl x509 -noout -fingerprint -in certificate.pem # Step 2: Copy the File to /etc/ssl/certs # Do I really have to explain that? If you can't do that on your own you # probably shouldn't be installing CA-Certificates anyway... # Step 3: Find out the Hash of your Cert openssl x509 -noout -hash -in certificate.pem # Step 4: Inside /etc/ssl/certs, link your certificate to "hash.0" ln -s certificate.pem `openssl x509 -hash -noout -in certificate.pem`.0
yum install ... or similar
# Enable the CA configuration feature update-ca-trust enable # Add the new certificate to `/etc/pki/ca-trust/source/anchors` cp certificate.cer /etc/pki/ca-trust/source/anchors/ # update the CA certs update-ca-trust extract
And that’s it!