Proper way to add certs?

asked 2019-06-23 19:44:09 +0300

bionade24 gravatar image

updated 2019-06-26 19:29:53 +0300

Hello, I tried the method to put my own cert into /etc/pki/tls/certs and symlink it - openssl accepts the cert and the method specified in /etc/pki/ca-trust/source/anchors/README, but the Cert neither works nor it shows up in the settings. What do I wrong/ What is the proper way to import a cert? The cert is just a self-generated cert.

Edit; When I try the mentioned method with openssl, I get a cert error on the mail App afterwards until I delete the cert.

edit retag flag offensive close delete


Did you run the update-ca-certificates or update-ca-trust after adding a certificate? (I don't know which one is correct for SFOS)

daneos ( 2019-06-23 21:11:01 +0300 )edit

update-ca-certificates is called update-ca-trust on SFOS (as far as I know). Of course, I ran it.

bionade24 ( 2019-06-23 21:43:35 +0300 )edit

I also tried the TLS topic in here:

bionade24 ( 2019-06-25 22:51:35 +0300 )edit

In this thread, there are hints that there may be just another (or a couple of other) certificate stores to take into account. I'd guess that Android Support may also have its own certificate store, as well as native QT apps.

Maus ( 2019-06-27 13:41:03 +0300 )edit

QT native Apps normally use the system's store and I ensured myself that the App I need uses the system's store. The Qt error seems to be only on macOS. My cert also doesn't appear on the certificate storage. I think I'll swap the cert on server side, that would be a lot easier.

bionade24 ( 2019-06-27 14:15:46 +0300 )edit