各系统添加根证书

如果要发送或接收由根颁发机构签名的消息，但服务器上未安装这些颁发机构，则必须手动添加受信任的根证书。
使用以下步骤向服务器添加或删除可信根证书。

Mac OS X

• 增加 sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
• 删除 sudo security delete-certificate -c "<name of existing certificate>"

Windows

• 增加 certutil -addstore -f "ROOT" new-root-certificate.crt
• 删除 certutil -delstore "ROOT" serial-number-hex

Linux (Ubuntu, Debian)

• 增加
  • Copy your CA to dir /usr/local/share/ca-certificates/
  • Use command: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
  • Update the CA store: sudo update-ca-certificates
• 删除
  • Remove your CA.
  • Update the CA store: sudo update-ca-certificates --fresh

Linux (CentOs 7)

• 增加
  • cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
  • 如果是其他Linux发行版，该文件的位置可能是下面这些，视情况而定：
    • /etc/ssl/certs/ca-certificates.crt
    • /etc/ssl/ca-bundle.pem
    • /etc/ssl/cert.pem
    • /usr/local/share/certs/ca-root-nss.crt
    • /etc/init.d/docker restart

Linux (CentOs 6)

• 增加
  • Install the ca-certificates package: yum install ca-certificates
  • Enable the dynamic CA configuration feature: update-ca-trust force-enable
  • Add it as a new file to /etc/pki/ca-trust/source/anchors/: cp foo.crt /etc/pki/ca-trust/source/anchors/
  • Use command: update-ca-trust

Linux (CentOs 5)

• 增加
  • Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt