Skip to content

how to update CA root on Centos

For RHEL 6 or later, you should be using update-ca-trust, as lzap describes in his answer below.

— For older versions of Fedora, CentOS, Redhat:

Curl is using the system-default CA bundle is stored in /etc/pki/tls/certs/ca-bundle.crt . Before you change it, make a copy of that file so that you can restore the system default if you need to. You can simply append new CA certificates to that file, or you can replace the entire bundle.

Are you also wondering where to get the certificates? I (and others) recommend curl.haxx.se/ca . In one line:

curl https://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt