Im a new linux administrator and I am facing an issue with self signed certificates.
Im using CentOS 7 and have self signed certificates for different web applications.
The certificates are all signed by an internal root CA.
I am in charge of deploying the root CA on servers.
The issue im facing is that some servers do not want to save this root CA in the ca-bundle.crt file. No output to my commands. Nothing revelant in /var/log/messages
What I have done :
check the rootCA.crt file has the
Code: Select all
X509 Basic Constrains CA : TRUE
Code: Select all
/etc/pki/ca-trust/source/anchors
Code: Select all
update-ca-trust extract
Code: Select all
/etc/ssl/certs/ca-bundle.crt
But for a reason I don't know, this rootCA is not populated on some servers while the modified date of the ca-bundle.crt file is updated , and I don't know what to do.
It is not recommended to add the rootCA manually in the /etc/ssl/certs/ca-bundle.crt plus, the file is read only.
I have copied/pasted the /etc/ssl/certs/ca-bundle.crt from a good server to a server with the issue.
That works until I re-run the update-ca-trust extract command. Then my rootCA disappears from the /etc/ssl/certs/ca-bundle.crt file.
Any idea for troubleshooting this ?
Any help is welcome.
Thank you.