Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 10-25-2011, 02:28 AM   #1
LQ Newbie
Registered: May 2010
Posts: 12

Rep: Reputation: 0
How to add new Root CA into ca-bundle.crt

Hello. I got an email from a customer saying that they will be switching to verisign certificates, and I need to add the new Root Certificate to my server. So I saved the text of the new root cert as newroot.crt. But how do I add it to /usr/share/ssl/certs/ca-bundle.crt?

I used cat newroot.crt >> ./ca-bundle.crt, but that just results in the base64 encoded text of newroot.crt being appended to the end of ca-bundle.crt. There isn't any of that descriptive text above the entry like serial number, validity, CN, etc. (is that stuff necessary?)

I've got to get this done before the end of October so any help would be much appreciated. Thanks.
Old 10-25-2011, 03:35 AM   #2
Registered: Jan 2010
Location: Melbourne, IA, USA
Distribution: Ubuntu
Posts: 93

Rep: Reputation: 8
My first question is what are they using the certs for and how does this involve you?

(is that stuff necessary?)
Not that I'm aware, but I'm not an expert.

As long as the rest of the file is composed of certs in pem format then you should be ok with what you did.

pem has "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"

Like I said, I'm not an expert but my guess is that your customer has you chasing ghosts.
Old 10-25-2011, 04:32 AM   #3
LQ Newbie
Registered: May 2010
Posts: 12

Original Poster
Rep: Reputation: 0
Hi Rustek,

It's for TLS between our 2 email servers. I have to update the ca-bundle.crt file because its based off a cert bundle that dates back to 2000! So it's a good idea for me to update the cert bundle with the new Verisign Root CA.

I suspect you may be right about the validity, seriel number , etc being unnessary. Anyway, I found the answer on another thread. The command is:

openssl x509 -in <yourCA>.crt -text >> /usr/share/ssl/certs/ca-bundle.crt



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Is it necessary to add root to sudoers? Mr. Alex Linux - Newbie 5 01-08-2011 12:50 PM
CRT overscan...hack X or just add a black border? I don't know how to do either... Daravon Linux - General 0 01-28-2009 02:49 PM
File /etc/pki/tls/certs/ca-bundle.crt conflicts Setya Fedora 1 08-13-2008 10:28 AM
Can't add root to logon screen Deke1955 Mandriva 2 09-21-2005 06:52 PM
still cant add users even though root AmdMhz Linux - Software 2 01-31-2004 11:27 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:29 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration