centos6

# yum install ca-certificates  (패키지가 없는 경우)
# update-ca-trust force-enable
# cp USERTrust RSA Certification Authority.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust extract

centos5

cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt

root ca 업데이트 작업 (리눅스6)

• ca-certificates 업데이트 (사설 아래 명령어 1줄로 끝나는 경우가 많을듯 함)

yum update ca-certificates

# 인증서 업데이트 (추가)
update-ca-trust enable
cp RootCA(AAA).crt /etc/pki/ca-trust/source/anchors/  
cp RootCA(USERTrust).crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

rootCA(AAA).crt RootCA(USERTrust).crt 특정한 rootca 인증서 파일

• 아래 메세지는 이미 인증서가 존재한다는것 같음 (굳이 위의 인증서 업데이트 작업이 필요없음)

p11-kit: duplicate 'AAA Certificate Services' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'USERTrust RSA Certification Authority' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'AAA Certificate Services' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'USERTrust RSA Certification Authority' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'AAA Certificate Services' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'USERTrust RSA Certification Authority' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'AAA Certificate Services' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'USERTrust RSA Certification Authority' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'AAA Certificate Services' certificate found in: ca-bundle.legacy.crt  
p11-kit: duplicate 'USERTrust RSA Certification Authority' certificate found in: ca-bundle.legacy.crt

메세지는 이미 ca-bundle.legacy.crt 에 중복되는 인증서가 존재한다는 의미인듯
경로는 /etc/pki/ca-trust/source/ca-bundle.legacy.crt

인증서 업데이트전에 아래 명령어로 인증서 존재 여부를 먼저 확인해보는것도 나쁘지 않음

cd /etc/pki/tls/certs/  
cat ca-bundle.crt | grep -i "aaa certificate services"  
cat ca-bundle.crt | grep -i "usertrust rsa certification authority"  
cat ca-bundle.crt | grep -i "comodo rsa certification authority"

존재하지 않는 경우 아무것도 출력되지 않음