A Linux administrator receives an internal root CA certificate file named corp_root_CA.pem that must be trusted by every TLS-aware application on a freshly installed Red Hat Enterprise Linux 9 server. Which procedure correctly installs this certificate as a system-wide trusted root CA?
Append the certificate to /etc/ssl/certs/ca-bundle.crt and restart affected services.
Run openssl x509 -addtrust to import the certificate directly into /etc/ssl/certs and reload systemd.
Copy the PEM file to /etc/pki/ca-trust/source/anchors/ and run update-ca-trust extract.
Copy the certificate to /usr/local/share/ca-certificates/ and run update-ca-certificates.
Red Hat-based distributions use the consolidated system-wide trust store located under /etc/pki/ca-trust and /usr/share/pki/ca-trust-source. Trust anchors (root certificates) are placed in the anchors sub-directory and the trust database is then regenerated. Copying the PEM file to /etc/pki/ca-trust/source/anchors/ and running update-ca-trust extract adds the certificate to every application that relies on the default CA bundle. Manually editing ca-bundle.crt, using the Debianāspecific /usr/local/share/ca-certificates path with update-ca-certificates, or attempting to import the certificate with an openssl command do not update the RHEL system trust store and therefore do not meet the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a PEM file, and why is it important for TLS?
Open an interactive chat with Bash
What does the `update-ca-trust extract` command do?
Open an interactive chat with Bash
What is the difference between `/etc/pki/ca-trust/source/anchors/` and `/etc/ssl/certs/ca-bundle.crt`?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access