Appending to Certificate Bundle

When one needs to add an extra certificate to a certificate bundle, the first idea might be something like this:

cat example.pem >> /etc/ssl/certs/ca-bundle.crt

And that will work - if you are a root user. However, if you are just a sudoer, or God-forbid a cloud-user, you might find yourself up the creek without a paddle.

You see, sudo won't simply do as it operates on the source and not the destination:

sudo cat example.pem >> /etc/ssl/certs/ca-bundle.crt
-bash: /etc/ssl/certs/ca-bundle.crt: Permission denied

You might want to play with tee, but depending on your exact permissions that might fail also.

cat example.pem | sudo tee -a /etc/ssl/certs/ca-bundle.crt

However, one command that never fails is vi as it has quite a lot of code to work out writing to read-only files. And conveniently, we can script it too:

sudo ex +"r /opt/install/ca.pem" -scwq! /etc/ssl/certs/ca-bundle.crt

Yep, we essentially start vi, read the extra content into it, and then force-save it all.

Leave a Reply

Your email address will not be published. Required fields are marked *