update-ca-trust not adding certificates to ca-bundle

Solution Verified - Updated -


  • All the PEM/CRT/CER formatted certificates placed in /etc/pki/ca-trust/source/anchors/ don't get added to the individual certificate bundles/stores (/etc/pki/tls/certs/ca-bundle.crt) using update-ca-trust.
# cp /root/certs/<certname>.cer /etc/pki/ca-trust/source/anchors/
# update-ca-trust extract
# cd /etc/pki/tls/certs/
# openssl x509 -in ca-bundle.crt -text -noout

When checking I will only see one of the certificates, not always the same one though.


  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • ca-certificates

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In