Reputation: 6323
What is difference between /etc/ssl/certs/ca-bundle.crt and /etc/ssl/certs/ca-bundle.trust.crt in centos7?
I am using certificates signed by CA file for securing kubernetes API. For that I added my CA file say ca.crt to /etc/pki/ca-trust/source/anchors/ and used the command $ update-ca-trust to add it to the trusted list.
I found my certificate in /etc/ssl/certs/ca-bundle.crt and also in /etc/ssl/certs/ca-bundle.trust.crt with some appended string of about twenty characters.
Why there are these two files and what is difference between them?
Upvotes: 13
Views: 25825
Answers (1)
Reputation: 99
@YogeshJilhawar:Tls ca file which is signed by private institute must be added to the ca-bundle files on OS(such as centos7.x),but there is a little different(bwtween ca-bundle.crt with ca-bundle.trust.crt) as following:
ca-bundle.crt contains a list of CA certificates trusted for TLS server authentication usage without distrust information.
ca-bundle.trust.crt contains a list of CA certificates which includes trust (and/or distrust) flags specific to certificate usage.
Both files contain CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format.
What's more,ca-trust-source contains low priority source configurations but ca-trust/source contains high priority source configurations.Good luck!
Upvotes: 6
Related Questions
- Difference between pem, crt, key files
- SSL_CERT_DIR and SSL_CERT_FILE openssl env variable on Linux
- Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"
- Docker container SSL certificates
- Trust Store vs Key Store - creating with keytool
- How to do a https request with bad certificate?
- How to install SSL certificate locally for logging into Pivotal Cloud Foundry