6.0 IP Fabric used the CA bundle shipped with
node.js. This led to confusion as the system utilities were not aware of the new certificates. Starting with release
6.0 we have switched to global cert store as trusted by
Internally this is achieved with passing
Adding a custom certificate
You add certificate by placing
.crt file to
/usr/local/share/ca-certificates and running
update-ca-certificates. We recommend creating a subdirectory in case you are planning to have multiple certificates added.
Certificate has to be in PEM format with
.crt extension, files with other extensions are omitted.
After placing the certificate there, you will need to run
update-ca-certificates command to link the certificate to the Trusted Root Certificate Store. Running it should give you output similar to the following:
Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
.crt is nothing more than a PEM certificate with a custom extension. If you need to convert you certificate, you can use
openssl command line tool to do so. It is typically pretty clever in guessing input format:
openssl x509 -in my_custom_ca.der -out /usr/local/share/ca-certificates/my_custom_ca.crt
Deleting a custom certificate
- Delete appropriate files / directories from