Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is difference between /etc/ssl/certs/ca-bundle.crt and /etc/ssl/certs/ca-bundle.trust.crt in centos7?

Tags:

ssl

centos7

I am using certificates signed by CA file for securing kubernetes API. For that I added my CA file say ca.crt to /etc/pki/ca-trust/source/anchors/ and used the command $ update-ca-trust to add it to the trusted list. I found my certificate in /etc/ssl/certs/ca-bundle.crt file and also in /etc/ssl/certs/ca-bundle.trust.crt file with some appended string of 20 (not exactly) characters. Why there are these two files and what is difference between them ?

like image 351
Yogesh Jilhawar Avatar asked May 13 '16 13:05

Yogesh Jilhawar

People also ask

What is ETC SSL Certs CA bundle CRT?

update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates. crt, a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.

What is the difference between CER and CRT file?

However, what you may or may not know is that there's fundamentally no difference between CER and CRT files. Much like DER files, they're both Base64 (ASCII) format files — they just happen to have two different filename extensions (. cer and . crt).

What is ca-certificates CRT?

ca. crt is the CA's public certificate file. Users, servers, and clients will use this certificate to verify that they are part of the same web of trust. Every user and server that uses your CA will need to have a copy of this file.

What is bundle file in SSL?

CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.

1 Answers

@YogeshJilhawar:Tls ca file which is signed by private institute must be added to the ca-bundle files on OS(such as centos7.x),but there is a little different(bwtween ca-bundle.crt with ca-bundle.trust.crt) as following:

ca-bundle.crt contains a list of CA certificates trusted for TLS server authentication usage without distrust information.

ca-bundle.trust.crt contains a list of CA certificates which includes trust (and/or distrust) flags specific to certificate usage.

Both files contain CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format.

What's more,ca-trust-source contains low priority source configurations but ca-trust/source contains high priority source configurations.Good luck!

like image 80
aeolus Avatar answered Sep 19 '22 15:09

aeolus
Sign in to Comment

Related questions

Managing SSL certs for a multi-tenant website
SSL Authentication with Certificates: Should the Certificates have a hostname?
Using libcurl & SSL
Unable to trust a self signed certificate on iphone
Some understanding gaps about Public Key Infrastructure workflow
Android 2.3.4 SSL problem
In Python 3.2, I can open and read an HTTPS web page with http.client, but urllib.request is failing to open the same page
What URLs on an https page need to be https?
IIS 7 How to map a client certificate with a user account in a database?
Application Initialization Module for IIS 7.5 issue
HttpWebRequest doesn't seem to be sending a client SSL certificate
Installing an ssl certificate with godaddy [closed]
Trying to implement HTTPS on selected pages which are making POST request
What is the most efficient code to detect and redirect SNI supported browsers?
Groovy SSL signature verification: signature length not correct?
How to use spiderable with a meteor app hosted on modulus.io
Using curl with certificate that has no password
How to disable SSLv3.0 and use TLS1.0 in Gunicorn
Libcurl stops working, SSL connect error
Handshake failed due to invalid Upgrade header in Tomcat deployed in EBS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!