How to import a certificate on SUSE Linux Enterprise Server
This document (000021657) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Micro
SUSE Linux Enterprise Server
Situation
Sometimes an end user needs to import a proxy server or other internal certificate in to SLES, otherwise they will encounter a certificate error as below:
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.Resolution
Place the desired .pem or .crt file to be imported in to /etc/pki/trust/anchors/ directory, then execute update-ca-certificates command to update the system certificates.
All certificates are located in /etc/ssl/certs/ so you can check whether this certificate has been imported successfully or not:
ll /etc/ssl/certs/ | grep <keyword of that certificate>Execute c_rehash or update-ca-certificates to re-generate the certificate hash in the /etc/ssl/certs/ directory.
Additionally, one can also use the trust anchor <your certificate> command to import a certificate in to SLES.
One can use the trust list command to verify whether the certificate have been imported or not.
Cause
Additional Information
Here is a script for checking the certificate chains to a HTTPS server:
#!/bin/bash
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <hostname>"
exit 1
fi
HOSTNAME=$1
CERTS=$(echo | openssl s_client -connect "$HOSTNAME:443" -servername "$HOSTNAME" -showcerts 2>&1)
CERT_COUNT=$(echo "$CERTS" | grep -- '-----BEGIN CERTIFICATE-----' | wc -l)
echo "Total Certificates Found: $CERT_COUNT"
for i in $(seq 1 $CERT_COUNT); do
CERT=$(echo "$CERTS" | grep -m 2 -A 9999 -- '-----BEGIN CERTIFICATE-----' | grep -B200 -- '-----END CERTIFICATE-----')
HASH=$(echo "$CERT" | openssl x509 -noout -hash)
IHASH=$(echo "$CERT" | openssl x509 -noout -issuer_hash)
DATES=$(echo "$CERT" | openssl x509 -noout -dates | tr '\n' ' ')
SUBJECT=$(echo "$CERT" | openssl x509 -noout -subject)
echo "Certificate $i:"
echo " Certificate Hash: $HASH"
echo " Issuer Hash: $IHASH"
echo " Certificate Name: $SUBJECT"
echo " Validity: $DATES"
CERTS=$(echo "$CERTS" | grep -A 9999 -- '-----END CERTIFICATE-----' | tail -n +2)
doneTo use this script, execute sh certs_info.sh <server>, for example, sh certs_info.sh scc.suse.com will show all the certificates found while connect to scc.suse.com.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021657
- Creation Date: 25-Dec-2024
- Modified Date:25-Sep-2025
-
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Micro
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
