In CoreOS if you want to add CA certificate to the list of trusted CA”s in the system, there are 2 options.
Using “/usr/share/pki/ca-trust-source/” directory:
/usr/share/pki/ca-trust-source/ contains CA certificates and trust settings in the PEM file format. The trust settings found in this directory will be interpreted with a low priority.
To add a certificate in this in this directory, get the PEM or DER file of the cert, and copy it to /usr/share/pki/ca-trust-source/anchors/ subdirectory and run update-ca-trust.
PS: You would need sudo access to do so.
Using “/etc/pki/ca-trust/source/” directory:
/etc/pki/ca-trust/source/ also contains CA certificates and trust settings in the PEM file format. The trust settings found in this directory will be interpreted with a high priority – higher than the ones found in
/usr/share/pki/ca-trust-source/.
To add a certificate in this in this directory, get the PEM or DER file of the cert, and copy it to /usr/share/pki/ca-trust-source/anchors/ subdirectory and run update-ca-trust.
PS: You would need sudo access to do so.
Once the cert have been updated you can confirm them by running
sudo trust list --filter=ca-anchors | grep "my-ca-authrity"Thank you.