Entrust
From Leo's Notes
Last edited on 11 April 2024, at 19:45.
Entrust is a certificate authority.
Troubleshooting[edit | edit source]
The Entrust Root Certification Authority (G2) doesn't appear to be part of the system root CA. As a result, if you try to wget or curl to a resource using certificates signed by Entrust, you'll get an error like the one below.
# wget -O - https://somewhere.ucalgary.ca/
--2022-03-29 16:58:39-- https://somewhere.ucalgary.ca/
Resolving somewhere.ucalgary.ca (somewhere.ucalgary.ca)... 10.43.144.134
Connecting to somewhere.ucalgary.ca (somewhere.ucalgary.ca)|10.43.144.134|:443... connected.
ERROR: cannot verify somewhere.ucalgary.ca's certificate, issued by ‘CN=Entrust Certification Authority - L1K,OU=(c) 2012 Entrust\\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\\, Inc.,C=US’:
Unable to locally verify the issuer's authority.
To connect to somewhere.ucalgary.ca insecurely, use `--no-check-certificate'.
To fix this, you'll need to install the root and chain certificates that are provided by Entrust at https://www.entrust.com/resources/certificate-solutions/tools/root-certificate-downloads.
Installing certificates[edit | edit source]
On RHEL based systems:
# wget https://web.entrust.com/root-certificates/entrust_l1k.cer -O /usr/share/pki/ca-trust-source/anchors/entrust_l1k.cer
# wget https://web.entrust.com/root-certificates/entrust_g2_ca.cer -O /usr/share/pki/ca-trust-source/anchors/entrust_g2_ca.cer
# wget https://web.entrust.com/root-certificates/entrust_l1m_sha2.cer -O /usr/share/pki/ca-trust-source/anchors/entrust_l1m_sha2.cer
# update-ca-trust extract
On Ubuntu:
# wget https://web.entrust.com/root-certificates/entrust_l1k.cer -O /usr/share/ca-certificates/entrust_l1k.cer
# wget https://web.entrust.com/root-certificates/entrust_g2_ca.cer -O /usr/share/ca-certificates/entrust_g2_ca.cer
# wget https://web.entrust.com/root-certificates/entrust_l1m_sha2.cer -O /usr/share/ca-certificates/entrust_l1m_sha2.cer
# update-ca-certificates