Installing a Root Certificate Authority on Fedora 26

This post documents the process of installing a Root Certification Authority on Fedora 26.

Adding a Root Certification Authority to Fedora 26

First you must obtain the PEM file for your root certificate. This will either need to be created by you or will be given to you by your organisation. This is the certificate file that we are going to add to the store. Once this file has been added and the machine updated to use it, it will treat this as a Root Certificate Authority (root CA).

This means that programs on your computer that use the operating systems certificate store will accept certificates signed by the newly added Root CA.

Once you have your file you need to copy it into the CA trust folder for Fedora. This is located in:

/etc/pki/ca-trust/source/anchors

Once this has been updated the operating system needs to be informed that it has been placed there. This can be accomplished by running the following command.

sudo update-ca-trust

Now that I have run this command Fedora will accept anything that has been signed by this certificate authority. For most applications, no further steps will need to be taken.

Additional steps needed for Firefox and some other applications

Firefox has its own certificate store which means adding this certificate to the operating system certificate store will not work.

To allow Firefox to work with the new certificate you need to go into the options and add the certificate manually.

For other applications that use a custom certificate store you will also need to follow a similar process.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.