You can use a system-wide CA database to ensure that any applications that use the database trust any of the certificates that are stored on it. You can import the certificates that you create for SSL between the Logstash and LFA servers into this type of database. This step is optional.
About this task
Procedure
- To copy the certificate to the system-wide database, enter the following command:
$ sudo cp mycert.pem /usr/share/ca-certificates/<cert_name>.crtwhere <cert_name> is the name of the cert that you want to import. - Add the names of the files that you import to the CA certificate configuration manually or you can use a command.To add the CA certificates with a command, enter the following command:
sudo dpkg-reconfigure ca-certificatesTo manually add the certificate names, edit the /etc/ca-certificates.conf file. Add the list of certificate names at the end of the code after the last hashtag (#). For example:# This file lists certificates that you wish to use or to ignore to be # installed in /etc/ssl/certs. # update-ca-certificates(8) will update /etc/ssl/certs by reading this file. # # This is autogenerated by dpkg-reconfigure ca-certificates. # certificates shoule be installed under /usr/share/ca-certificates # and files with extension '.crt' is recognized as available certs. # # line begins with # is comment. # line begins with ! is certificate filename to be deselected. # <cert_name>.crt example.com/example.com.crtwhere <cert_name>.crt is the certificate file that you want to import. - To update the system-wide database, enter the following command:
$ sudo update-ca-certificates
Results
You imported your CA certificates into the system-wide database. All the applications that use the database can now trust this certificate.
Reference: Importing a certificate into the system-wide CA database – IBM Documentation
Comments are closed