开发机上跑着Charles, 同时本机又有程序想通过Charles来抓包, 需要tls证书被信任才行(依赖的库强制校验证书). 所以才有这个需求。

此方法通用,适用于安装任何root ca.

charles root ca installation

cd ~/.charles/ca

# 先将der格式的证书转换成pem格式
openssl x509 -inform DER -in charles-proxy-ssl-proxying-certificate.cer -out charles-proxy-ssl-proxying-certificate.crt

# 复制转换好的ca到/etc/pki/ca-trust/source/anchors/
cp /home/ttys3/.charles/ca/charles-proxy-ssl-proxying-certificate.crt /etc/pki/ca-trust/source/anchors/charles-ca.crt

# 执行
update-ca-trust extract

# verify
❯ openssl verify /etc/pki/ca-trust/source/anchors/charles-ca.crt
/etc/pki/ca-trust/source/anchors/charles-ca.crt: OK

refs

https://access.redhat.com/solutions/1519813

ubuntu: https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate