1. Download the CA certificate in PEM format
If it was not available in PEM, then determine which format it is (here: DER), then convert it:
$ openssl x509 -in ca-cerificate-file.crt -inform DER -out ca-cerificate-file.pem -outform PEM
2. Check the fingerprint
$ openssl x509 -noout -fingerprint -in ca-certificate-file
3. Copy the CA cert frile into /etc/openssl/certs folder
Then cd there.
4. Install the certificate
ln -s my_ca.crt `openssl x509 -hash -noout -in my_ca.crt`.0
5. Verify a server which is signed by your new CA
openssl s_client -connect {HOSTNAME}:{PORT} -showcerts
- Log in to post comments
Link