6.0, IP Fabric used the CA bundle shipped with
led to confusion as system utilities were not aware of new certificates.
6.0, we have switched to global cert store trusted by
Internally, this is achieved by passing
Adding a custom certificate
You can add a certificate by placing its
.crt file in the
/usr/local/share/ca-certificates directory and running the following command:
We recommend creating a subdirectory in case you are going to add multiple certificates:
The certificate has to be in PEM format with
.crt extension. Files with
other extensions are omitted.
After placing the certificate in the directory, you will need to run the
update-ca-certificates command to link the certificate to the
Certificate Store. Running it should give you an output similar to the
Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
.crt is nothing more than a PEM certificate with a custom extension.
If you need to convert your certificate, you can use the
tool to do so:
openssl x509 -in my_custom_ca.der -out /usr/local/share/ca-certificates/my_custom_ca.crt
openssl is typically pretty good at guessing the input format.
Deleting a custom certificate
- Remove relevant files/subdirectories from