1. Download the CA certificate in PEM format
If it was not available in PEM, then determine which format it is (here: DER), then convert it:
$ openssl x509 -in ca-cerificate-file.crt -inform DER -out ca-cerificate-file.pem -outform PEM
2. Check the fingerprint
$ openssl x509 -noout -fingerprint -in ca-certificate-file
3. Copy the CA cert frile into /etc/openssl/certs folder
Then cd there.