Installing a Root Certificate Authority on Fedora 28

This post documents the process of installing a Root Certification Authority on Fedora 28.

Adding a Root Certificate Authority to Fedora 28

First you must obtain the PEM file for your root certificate. This will either need to be created by you or will be given to you by your organisation. This is the certificate file that we are going to add to the store. Once this file has been added and the machine updated to use it, it will treat this as a Root Certificate Authority (root CA).

This means that programs on your computer that use the operating systems certificate store will accept certificates signed by the newly added Root CA.

Once you have your file you need to copy it into the CA trust folder for Fedora. This is located in:

/etc/pki/ca-trust/source/anchors

Once this has been updated the operating system needs to be informed that it has been placed there. This can be accomplished by running the following command.

sudo update-ca-trust

Now that I have run this command Fedora will accept anything that has been signed by this certificate authority. For most applications, no further steps will need to be taken.