开发机上跑着Charles, 同时本机又有程序想通过Charles来抓包, 需要tls证书被信任才行(依赖的库强制校验证书). 所以才有这个需求。
此方法通用,适用于安装任何root ca.
charles root ca installation
cd ~/.charles/ca
# 先将der格式的证书转换成pem格式
openssl x509 -inform DER -in charles-proxy-ssl-proxying-certificate.cer -out charles-proxy-ssl-proxying-certificate.crt
# 复制转换好的ca到/etc/pki/ca-trust/source/anchors/
cp /home/ttys3/.charles/ca/charles-proxy-ssl-proxying-certificate.crt /etc/pki/ca-trust/source/anchors/charles-ca.crt
# 执行
update-ca-trust extract
# verify
❯ openssl verify /etc/pki/ca-trust/source/anchors/charles-ca.crt
/etc/pki/ca-trust/source/anchors/charles-ca.crt: OK
refs
https://access.redhat.com/solutions/1519813
ubuntu: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate