On Wed, Dec 13, 2023 at 09:47:41PM -0500, Jeffrey Walton wrote:
> On Wed, Dec 13, 2023 at 7:55 PM Pocket <poc...@columbus.rr.com> wrote:
> >
> > What formats does certs need to be to work with update-ca-certificates?
> >
> > PEM or DER?
> 
> PEM

Well lets look at man update-ca-certificates, shall we?

"Certificates must have a .crt extension..."




> 
> > I have just finished writing some scripts to generate certs for my email
> > server and nginx server.
> >
> > [...]
> > Will pem format type certs work?
> 
> Yes.
> 
> You should also place the certificates in
> /usr/local/share/ca-certificates . Make the directory if it does not
> exist. And then run update-ca-certificates from the directory.
> 

again from the manual:
"It reads the file /etc/ca-certificates.conf. Each line gives a pathname
       of a CA certificate under  /usr/share/ca-certificates  that  should  be
       trusted.  Lines that begin with "#" are comment lines and thus ignored.
       Lines that begin with "!" are deselected, causing the  deactivation  of
       the CA certificate in question. Certificates must have a .crt extension
       in order to be included by update-ca-certificates."


It is not enough to just put them in that directory. You also have to
update /etc/ca-certificates.conf


-H



-- 
Henning Follmann           | hfollm...@itcfollmann.com

Reply via email to