I'm trying to install the public CA certificate of a 3rd party service, onto a Debian instance. I'm doing this so that the SSL certificate of the 3rd party service that I'm connecting to can be validated as a trusted authority.
I have a public .pem certificate. I've copied it into /usr/local/share/ca-certificates on the instance. I then create a .crt version of the certificate using openssl like this:
openssl x509 -outform der -in MYCERTIFICATE.pem -out MYCERTIFICATE.crt
I then run an update of ca-certificates using sudo update-ca-certificates (from within the /usr/local/share/ca-certificates directory).
If I then view the certificates in /etc/ssl, I see MYCERTIFICATE.pem listed, but if I inspect all of the 'subject' headings in the ca-certificates.crt using the following, I don't see the subject line of my certificate listed:
awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt
If my understanding is correct, I should see the subject of my certificate listed here for it to be recognised as a certificate that needs to be referenced in order to verify the certificate being supplied by the 3rd party service I'm connecting to? Is this correct, and if so, why isn't my certificate being listed in ca-certificates.crt?
0 Answers