Check if RHEL certs have been updated

Question

I have a sample .pem file placed in /etc/pki/ca-trust/source/anchors, and I have run update-ca-trust, but I'm not sure how I can check if the command actually worked. I tried to cat /etc/pki/tls/certs/ca-bundle.crt for the contents of my sample .pem but no luck.

How can I make sure that my certs have been updated?

To downvoters, could you please give suggestions as to what I can elaborate upon to improve my question?

EDIT

Checking /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt has also not shown anything, so I will assume that my sample cert was not actually added.

Try to run **`update-ca-trust extract`* with the extra option `extract` as that should provide more verbose error reporting. — HBruijn, May 16 '16 at 21:27
@HBruijn Just did that, got no output. Does it create a log file? — jackwise, May 17 '16 at 13:12

score 3 · Answer 1 · answered May 30 '18 at 17:06

Run this command to see what certs are actually inside the CA bundle on the server.

openssl x509 -text -noout -in /etc/ssl/certs/ca-bundle.crt

You can also use the above command, but substitute the path to your added CA cert, to examine the CA certificate you added.

Check if RHEL certs have been updated

1 Answers1