import self signed certificate in redhat

Question

How can I import a self-signed certificate in Red-Hat Linux.

I\'m not an expert with respect to certificates and find it difficult to find the right answer through g

Answer 1

I don't know of a way to import a specific site-cert into OpenSSL's trust db (I wish I did!), but since you're talking about a self-signed cert we can approach it by importing your cert as new trusted CA cert. Warning though: you're also going to be trusting any sites that are signed by that cert.

Find and download the cert

You can download a self-signed cert directly from a site quickly with:

openssl s_client -connect server:443 <<<'' | openssl x509 -out /path/file

Note that you should only do this in the case of a self-signed cert (as mentioned in the original question). If the cert is signed by some other CA, you can't run with the above; instead, you will need to find the appropriate CA cert and download that.

Import the cert and make it trusted

The update-ca-trust command was added in Fedora 19 and RHEL6 via RHEA-2013-1596. If you have it, your steps are dumb-simple (but require root/sudo):

1. copy the CA cert to /etc/pki/ca-trust/source/anchors/
2. update-ca-trust enable; update-ca-trust extract
3. (Note that the enable command isn't necessary in RHEL7 & modern Fedora)

If you don't have update-ca-trust, it's only a little harder (and still requires root/sudo):

1. cd /etc/pki/tls/certs
2. copy the CA cert here
3. ln -sv YOURCERT $(openssl x509 -in YOURCERT -noout -hash).0

PS: The question mentioned Red Hat, but for anyone looking at doing the same with something besides Fedora/RHEL, wiki.cacert.org/FAQ/ImportRootCert might be helpful.