// , Use the openssl command to get output from /etc/ssl/certs/ca-bundle.crt
Anyway, I tried the following, mostly copied from https://unix.stackexchange.com/a/97249/48498, and it seemed to work if I changed the filename to account for CentOS 6:
If you don't want to have to bother with the --insecure flag or its analogues on cURL, wget, Git, etc, you can add a CA root certificate, self-signed certificate, or certificate chain to your trust store as follows:
1.
Follow the instructions to download the .crt, .pem, or .cer of your choice.
2.
Obtain the certificate you want to trust through whatever mechanism you use, often by downloading it from a central repository or by extracting it from an SSL handshake with openssl s_client -showcerts -connect some.host.that.uses.that.root:443, or such, and copy it to the following folder on the target CentOS 6 host:
/etc/pki/ca-trust/source/anchors/
Run the following commands while logged in to the target host:
$ sudo update-ca-trust enable; sudo update-ca-trust extract
Verify the results on the Red Hat based OS, e.g.:
$ awk -v cmd='openssl x509 -noout -subject' '
/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.crt
This should yield a long list of responses of the form:
subject= /C=US/O=MyCorp/CN=root-ca-2048
Step #4 in the above answers this question, and the other steps provide context for the unwary.
