[SOLVED]ca-bundle.crt not updating

General support questions
Post Reply
Penguin2023
Posts: 2
Joined: 2023/04/03 14:45:16

[SOLVED]ca-bundle.crt not updating

Post by Penguin2023 » 2023/04/03 15:07:43

Hi guys,
Im a new linux administrator and I am facing an issue with self signed certificates.

Im using CentOS 7 and have self signed certificates for different web applications.
The certificates are all signed by an internal root CA.

I am in charge of deploying the root CA on servers.

The issue im facing is that some servers do not want to save this root CA in the ca-bundle.crt file. No output to my commands. Nothing revelant in /var/log/messages

What I have done :
check the rootCA.crt file has the

Code: Select all

X509 Basic Constrains CA : TRUE
put the rootCA.crt file in the

Code: Select all

/etc/pki/ca-trust/source/anchors
run the command

Code: Select all

update-ca-trust extract
check the

Code: Select all

/etc/ssl/certs/ca-bundle.crt
I can see the root CA populated in the ca-bundle file on most of the servers.
But for a reason I don't know, this rootCA is not populated on some servers while the modified date of the ca-bundle.crt file is updated , and I don't know what to do.

It is not recommended to add the rootCA manually in the /etc/ssl/certs/ca-bundle.crt plus, the file is read only.
I have copied/pasted the /etc/ssl/certs/ca-bundle.crt from a good server to a server with the issue.
That works until I re-run the update-ca-trust extract command. Then my rootCA disappears from the /etc/ssl/certs/ca-bundle.crt file.

Any idea for troubleshooting this ?

Any help is welcome.
Thank you.
Last edited by Penguin2023 on 2023/05/10 14:29:59, edited 1 time in total.

Penguin2023
Posts: 2
Joined: 2023/04/03 14:45:16

Re: ca-bundle.crt not updating

Post by Penguin2023 » 2023/05/10 14:28:57

After weeks of pain, finaly got a solution.
Not the best, but working : reset the list of trusted certificates.

After that, I can add and update certificates as usual.

Post Reply