Adding a root authority certificate to a server that does not already have the cert may be added to the server manually.

CentOS 6

Install the ca-certificates package:

yum install ca-certificates

Enable the dynamic CA configuration feature:

update-ca-trust force-enable

Add it as a new file to /etc/pki/ca-trust/source/anchors/:

cp foo.crt /etc/pki/ca-trust/source/anchors/

Use command:

update-ca-trust extract

CentOS 7

CentOS 7.0 and later include a shared store for certificate authorities. Read the manual for additional information.

man update-ca-trust

Previous versions of CentOS modifying the distributed certificate bundles like /etc/pki/tls/certs/ca-bundle.trust.crt was the appropriate way of adding additional trusted certificate authorities.

These additional trusted certificate authorities must be ported forward to the CentOS 7.0 system manually. You can place them as certificate (PEM or DER) files in the following directory:

/etc/pki/ca-trust/source/anchors

And then run the following command

update-ca-trust

Source(s)

• http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
• http://www.nethserver.org/go7/CentOS6_7/system/ca-certificates/solution.txt