A service of Daily Data, Inc.
Contact Form

Unix Server Tech Knowledge Base

User Tools

Site Tools

Trace: Install CA on workstations Create Internal CA
software:openssl:installca

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
software:openssl:installca [2025/10/19 17:51] rodolicosoftware:openssl:installca [2025/10/19 18:38] (current) rodolico
Line 132: Line 132:
  
  
-==== Automated for RedHat or Debian ====+===== Automated for Unix =====
  
-The following script is suitable for use from a centralized server which has root access via ssh to multiple Linux machines. This is written for something like an Ansible server.+The following script is suitable for use from a centralized server which has root access via ssh to multiple Unix machines. This is written for something like an Ansible server
 + 
 +It will detect Debian and RedHat based Linux, and FreeBSD Unix.
  
 It will It will
Line 175: Line 177:
     if [ -f /etc/debian_version ]; then     if [ -f /etc/debian_version ]; then
         echo "Detected Debian/Devuan system."         echo "Detected Debian/Devuan system."
-        # Copy the CA certificate+        # Install the CA certificate
         cp /tmp/ca.pem /usr/local/share/ca-certificates/         cp /tmp/ca.pem /usr/local/share/ca-certificates/
-        # Update CA certificates 
         update-ca-certificates         update-ca-certificates
 +    
     elif [ -f /etc/redhat-release ]; then     elif [ -f /etc/redhat-release ]; then
         echo "Detected Red Hat/CentOS system."         echo "Detected Red Hat/CentOS system."
-        # Copy the CA certificate+        # Install the CA certificate
         cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/         cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/
-        # Update CA certificates 
         update-ca-trust         update-ca-trust
 +    
 +    elif [ "$(uname)" = "FreeBSD" ]; then
 +        echo "Detected FreeBSD system."
 +        # Install the CA certificate
 +        cp /tmp/ca.pem /usr/local/share/certs/ca.pem
 +        c_rehash /usr/local/share/certs/
 +    
     else     else
         echo "Unsupported OS. Exiting."         echo "Unsupported OS. Exiting."
         exit 1         exit 1
     fi     fi
 +
     echo "CA certificates updated successfully."     echo "CA certificates updated successfully."
 EOF EOF
Line 196: Line 205:
 </code> </code>
  
 +===== MacOS =====
 +
 +MacOS is based on FreeBSD and could likely be detected by the generic script under the previous section, but I'll show manual here.
 +
 +==== GUI ====
 +
 +  - Open Finder, then navigate to Applications | Utilities | Keychain Access.
 +  - Open File | Import Items
 +  - Find your certificate and select Open
 +  - Choose which keychain to import it to
 +    - System - Available to all users
 +    - login - Available only to the current user
 +  - Locate the new Cert in the keychain and double click to open it
 +  - Expand the **Trust** section
 +  - Change //When using this certificate// to **Always Trust**
 +  - Close and save, answering yes to all questions
 +
 +
 +==== Command Line ====
 +
 +To install rapidly, simply open Terminal (Finder | Applications | Utilities | Terminal ) and issue the following command. You'll need to make sure you know where the PEM file is.
 +
 +<code sh>
 +sudo security add-trust-anchor -d -r trustAsRoot -k /Library/Keychains/System.keychain /path/to/ca.pem
 +</code>
software/openssl/installca.1760914296.txt.gz · Last modified: 2025/10/19 17:51 by rodolico