你好,我们现在是使用的centos6.5,根据文档查询grep "DigiCert Global Root" /etc/pki/tls/certs/ca-bundle.crt显示
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
不包含g2根证书,由于操作系统版本比较老,下载出来的DigiCert Global Root G2根证书和原来根证书格式不同,我应该怎么操作添加g2证书呢?另外,这个添加g2证书影响需php或者nginx或者apache的配置吗,还用为修改那些设置吗?
以下操作建议先在测试环境更新验证,确认无误后再在正式环境更新
------
请先更新ca-certificate并查看是否有G2根证书:
1、yum update ca-certificates
2、grep "DigiCert Global Root" /etc/pki/tls/certs/ca-bundle.crt
以上命令没能获取G2根证书请再手动添加:
1. 下载G2的pem格式 https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem
2. 导入证书
echo "# DigiCert Global Root G2" >> /etc/pki/tls/certs/ca-bundle.crt
cat DigiCertGlobalRootG2.crt.pem >> /etc/pki/tls/certs/ca-bundle.crt
先更新ca-certificate并查看是否有G2根证书:
1、yum update ca-certificates
2、grep "DigiCert Global Root" /etc/pki/tls/certs/ca-bundle.crt
显示
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
这样就算已经增加了g2根证书了吗?还需要额外重启nginx或者apache这些吗