%general-entities; ]> $LastChangedBy$ $Date$ ca-bundle.crt The ca-bundle.crt file contains public certificates from trusted root certificate authorities (CAs). CAs guarantee the authenticity of a host by issuing certificates that contain both the name of the host and the owner's name, and are signed using the CA's private key. In turn, a matching public key is provided by the CA that can be used to verify the authenticity of any SSL certificate that is signed by that CA. The list of CA certificates (with public keys) included in ca-bundle.crt are provided by mozilla.org, and undergo an annual investigation and auditing process, so that they can be trusted for general use. The list of certificates is stored in PEM format, and is generated from a DER formatted file, certdata.txt, that ships with Mozilla products. A script provided by RedHat converts the upstream certdata.txt from DER to PEM format, so that it is usable by applications that utilize SSL/TLS encryption. Additional trusted CAs can be added to the ca-bundle.crt by appending the CA's public certificate (in PEM format) to the file. Download a recent version of ca-bundle.crt and place it into the /etc/ssl/certs directory and make the file world readable by issuing the following commands as the root user: install -v -d /etc/ssl/certs && install -m644 ca-bundle.crt /etc/ssl/certs