Menu
I am using certificates signed by CA file for securing kubernetes API. For that I added my CA file say ca.crt to /etc/pki/ca-trust/source/anchors/ and used the command $ update-ca-trust to add it to the trusted list. I found my certificate in /etc/ssl/certs/ca-bundle.crt file and also in /etc/ssl/certs/ca-bundle.trust.crt file with some appended string of 20 (not exactly) characters. Why there are these two files and what is difference between them ?
351
update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates. crt, a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.
However, what you may or may not know is that there's fundamentally no difference between CER and CRT files. Much like DER files, they're both Base64 (ASCII) format files — they just happen to have two different filename extensions (. cer and . crt).
ca. crt is the CA's public certificate file. Users, servers, and clients will use this certificate to verify that they are part of the same web of trust. Every user and server that uses your CA will need to have a copy of this file.
CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.
@YogeshJilhawar:Tls ca file which is signed by private institute must be added to the ca-bundle files on OS(such as centos7.x),but there is a little different(bwtween ca-bundle.crt with ca-bundle.trust.crt) as following:
ca-bundle.crt contains a list of CA certificates trusted for TLS server authentication usage without distrust information.
ca-bundle.trust.crt contains a list of CA certificates which includes trust (and/or distrust) flags specific to certificate usage.
Both files contain CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format.
What's more,ca-trust-source contains low priority source configurations but ca-trust/source contains high priority source configurations.Good luck!
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
