The whole day I’m trying to import my active directory Root CA. I tried it with .pem and .crt, tried it in several folders, but when ever I use sudo update-ca-trust and open a website signed with this ca it always shows that the side is untrusted.
I imported this cert in several other systems, always without any problem, but I’m absolutely lost in cachyos. It’s a totally new installed system, only thing I did so far is joined it into my ad. Login with ad-account works without any problem.
I rly hope, someone is able to show me the trick.
System is 7.0.1-1-cachyos with kde plasmalogin.
Thax in advance,
D0se.
Use the Correct Anchor Directory
For Arch-based systems, the system-wide trust anchors are managed via p11-kit. Move your certificate to this specific location:
- Path:
/etc/ca-certificates/trust-source/anchors/
Ensure the certificate is in PEM format. While the extension can be .crt or .pem, the internal content must be base64 encoded text (starting with -----BEGIN CERTIFICATE-----).
# Move the cert to the anchors folder
sudo cp your-root-ca.crt /etc/ca-certificates/trust-source/anchors/
# Update the trust store
sudo update-ca-trust
Hopefully that will work for you.
I believe some browser do not use the system certificates but their own lists.