各系統添加根證書

如果要發送或接收由根頒發機構簽名的消息，但服務器上未安裝這些頒發機構，則必須手動添加受信任的根證書。
使用以下步驟向服務器添加或刪除可信根證書。

Mac OS X

• 增加 sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
• 刪除 sudo security delete-certificate -c "<name of existing certificate>"

Windows

• 增加 certutil -addstore -f "ROOT" new-root-certificate.crt
• 刪除 certutil -delstore "ROOT" serial-number-hex

Linux (Ubuntu, Debian)

• 增加
  • Copy your CA to dir /usr/local/share/ca-certificates/
  • Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
  • Update the CA store: sudo update-ca-certificates
• 刪除
  • Remove your CA.
  • Update the CA store: sudo update-ca-certificates --fresh

Linux (CentOs 7)

• 增加
  • cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
  • 如果是其他Linux發行版，該文件的位置可能是下面這些，視情況而定：
    • /etc/ssl/certs/ca-certificates.crt
    • /etc/ssl/ca-bundle.pem
    • /etc/ssl/cert.pem
    • /usr/local/share/certs/ca-root-nss.crt
    • /etc/init.d/docker restart

Linux (CentOs 6)

• 增加
  • Install the ca-certificates package: yum install ca-certificates
  • Enable the dynamic CA configuration feature: update-ca-trust force-enable
  • Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp foo.crt /etc/pki/ca-trust/source/anchors/
  • Use command: update-ca-trust

Linux (CentOs 5)

• 增加
  • Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt