I recently have had to install some certificates on my machines to maintain network access. Two .crt files were provided.
The Rocky 9 (rhel) machines: Rename 2 .crt to .pem, copy to:
/etc/pki/ca-trust/source/anchors
Run:
sudo update-ca-trust extract
Done. Check a random website in Chrome and it loads fine. Git clones a test repo no problem. Only issue I can find is python apparently doesn’t use the system CA store, so I’ve got to figure that one out.
BUT!
I’m not so familiar with it, but I have two Ubuntu 24.04 LTS machines running some specialized software and the vendor only supports Ubuntu.
Copy 2 .crt files to:
/usr/local/share/ca-certificates
Run:
update-ca-certificates
Output includes that 2 new were found
Check a random website in Chrome “Your connection is not private” yet the certificate viewer looks the same as in Rocky. Can’t clone a git repo.
I’ve tried this on a fresh installed vm, and then right on a freshly booted livecd image on a desktop machine, same result. This is driving me nuts! Rocky must do SOMETHING different WRT CAs or is there an extra step in Ubuntu? I’ve also tried adding them with:
dpkg-reconfigure ca-certificates
And putting them in a subfolder (“extra”) of /usr/local/share/ca-certificates to avail.
Anyone familiar with both that can help me out here? There must be some configuration difference between them or something???
Rocky 9 has openssl 3.2.2
Ubuntu 24.04 has 3.0.13