update-ca-trust not adding certificates to ca-bundle

Solution Verified - Updated -

Issue

  • All the PEM/CRT/CER formatted certificates placed in /etc/pki/ca-trust/source/anchors/ don't get added to the individual certificate bundles/stores (/etc/pki/tls/certs/ca-bundle.crt) using update-ca-trust.

  • For RHEL7/8

# cp /root/certs/<certname>.cer /etc/pki/ca-trust/source/anchors/
# update-ca-trust extract
# cd /etc/pki/tls/certs/
# openssl x509 -in ca-bundle.crt -text -noout
  • For RHEL6
# cp /root/certs/<certname>.cer /etc/pki/ca-trust/source/anchors/
# update-ca-trust enable
# cd /etc/pki/tls/certs/
# openssl x509 -in ca-bundle.crt -text -noout

When checking I will only see one of the certificates, not always the same one though.

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • ca-certificates

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In