How do I install a system-wide SSL certificate on openSUSE?
As already mentioned SUSE supports ca-certificates starting with openSUSE 13.1 / SLES 12.
The difference to debian/Ubuntu is the directory for your certififcates. The SLES man page to update-ca-certificates
has these directories:
FILES
/usr/share/pki/trust/anchors
Directory of CA certificate trust anchors.
/usr/share/pki/trust/blacklist
Directory of blacklisted CA certificates
/etc/pki/trust/anchors
Directory of CA certificate trust anchors for use by the admin
/etc/pki/trust/blacklist
Directory of blacklisted CA certificates for use by the admin
The openSUSE package mentions these:
- Packages are expected to install their CA certificates in
/usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead
of /usr/share/ca-certificates/<vendor> now. The anchors subdirectory is for
regular pem files, the directory one above for pem files in
openssl's 'trusted' format.
I would take a look for a package called ca-certificates
(that's the name it goes by on Red Hat distros). All of the main distros bundle certificates and they're generally in the same location.
Since SuSE uses RPM packages as well I'd guess you could do a query like this to find the name of the package that provides certificates:
$ rpm -aq | grep -i cert
ca-certificates-2010.63-3.el6_1.5.noarch
With the name of this package I can then rpm -qi <package name>
to find out more info about it:
$ rpm -qi ca-certificates-2010.63-3.el6_1.5.noarch
Name : ca-certificates Relocations: (not relocatable)
Version : 2010.63 Vendor: CentOS
Release : 3.el6_1.5 Build Date: Fri 23 Sep 2011 03:39:46 PM EDT
Install Date: Sat 15 Dec 2012 02:34:14 PM EST Build Host: c6b5.bsys.dev.centos.org
Group : System Environment/Base Source RPM: ca-certificates-2010.63-3.el6_1.5.src.rpm
Size : 1353134 License: Public Domain
Signature : RSA/SHA1, Mon 26 Sep 2011 12:17:03 AM EDT, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : http://www.mozilla.org/
Summary : The Mozilla CA root certificate bundle
Description :
This package contains the set of CA certificates chosen by the
Mozilla Foundation for use with the Internet PKI.
This command will list its contents:
$ rpm -ql ca-certificates-2010.63-3.el6_1.5.noarch
/etc/pki/java
/etc/pki/java/cacerts
/etc/pki/tls
/etc/pki/tls/cert.pem
/etc/pki/tls/certs
/etc/pki/tls/certs/ca-bundle.crt
/etc/pki/tls/certs/ca-bundle.trust.crt
/etc/ssl
/etc/ssl/certs
This last command will show you where the certificates are getting stored.
YaST
If you don't want to manually do this I believe you can use YaST to add CA certificates as well. Here's a tutorial titled: Chapter 15. Managing X.509 Certification that should guide you through that process.