Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • Deleting CAs From System-wide Trust-list

    Posted on

    In our enterprise, one of the security lockdowns applied to Windows systems is the removal of all but a few, especially-trusted public CAs (along with adding internal CAs to the trust-list).

    It's easy enough to add CAs to the host-wide trust-list, but I'm having a heck of a time finding adequate tutelage via Google. I'd tried using 

    certutil
    to do it, but 
    certutil
    keeps telling me that the bundle file generated by the update-ca-trust tool is in an unusable format.

    Our systems auditors haven't come hunting, yet, for us to align the Red Hat systems' CA trusts with our Windows systems (probably because the verification tools in OpenSSL tend to suck - particularly when it comes to bundles). But, if they do come for my Red Hat systems, I want to have a easily scriptable fix ready to go.

    Halp?

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat