When one needs to add an extra certificate to a certificate bundle, the first idea might be something like this:
cat example.pem >> /etc/ssl/certs/ca-bundle.crt
And that will work – if you are a root user. However, if you are just a sudoer, or God-forbid a
cloud-user, you might find yourself up the creek without a paddle.
sudo won’t simply do as it operates on the source and not the destination:
sudo cat example.pem >> /etc/ssl/certs/ca-bundle.crt
-bash: /etc/ssl/certs/ca-bundle.crt: Permission denied
You might want to play with
tee, but depending on your exact permissions that might fail also.
cat example.pem | sudo tee -a /etc/ssl/certs/ca-bundle.crt
However, one command that never fails is
vi as it has quite a lot of code to work out writing to read-only files. And conveniently, we can script it too:
sudo ex +"r /opt/install/ca.pem" -scwq! /etc/ssl/certs/ca-bundle.crt
Yep, we essentially start
vi, read the extra content into it, and then force-save it all.