Entrust is a certificate authority.
Troubleshooting[edit | edit source]
The Entrust Root Certification Authority (G2) doesn't appear to be part of the system root CA. As a result, if you try to
curl to a resource using certificates signed by Entrust, you'll get an error like the one below.
# wget -O - https://somewhere.ucalgary.ca/ --2022-03-29 16:58:39-- https://somewhere.ucalgary.ca/ Resolving somewhere.ucalgary.ca (somewhere.ucalgary.ca)... 10.43.144.134 Connecting to somewhere.ucalgary.ca (somewhere.ucalgary.ca)|10.43.144.134|:443... connected. ERROR: cannot verify somewhere.ucalgary.ca's certificate, issued by ‘CN=Entrust Certification Authority - L1K,OU=(c) 2012 Entrust\\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\\, Inc.,C=US’: Unable to locally verify the issuer's authority. To connect to somewhere.ucalgary.ca insecurely, use `--no-check-certificate'.
To fix this, you'll need to install the root and chain certificates that are provided by Entrust at https://www.entrust.com/resources/certificate-solutions/tools/root-certificate-downloads.
Installing certificates[edit | edit source]
On RHEL based systems:
# wget https://web.entrust.com/root-certificates/entrust_l1k.cer -O /usr/share/pki/ca-trust-source/anchors/entrust_l1k.cer # wget https://web.entrust.com/root-certificates/entrust_g2_ca.cer -O /usr/share/pki/ca-trust-source/anchors/entrust_g2_ca.cer # update-ca-trust extract
# wget https://web.entrust.com/root-certificates/entrust_l1k.cer -O /usr/share/ca-certificates/entrust_l1k.cer # wget https://web.entrust.com/root-certificates/entrust_g2_ca.cer -O /usr/share/ca-certificates/entrust_g2_ca.cer # update-ca-certificates