Cara menambahkan sertifikat CA root pada berbagai system Operasi Linux

[root@ocpnode3 core]# curl https://registry.ocp-lab.wachid.web.id/v2/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
[root@ocpnode3 core]#

[root@ocpnode1 core]# nano CAroot.crt
[root@ocpnode1 core]#
[root@ocpnode1 core]# cp CAroot.crt /etc/pki/ca-trust/source/anchors/
[root@ocpnode1 core]# update-ca-trust extract
[root@ocpnode1 core]#

[root@ocpnode3 core]# cat CAroot.crt
-----BEGIN CERTIFICATE-----
MIIDazCCAlOgAwIBAgIURWB2B1OeweLd0ux5QeUlfLGSrbMwDQYJKoZIhvcNAQEL
BQAwRTEkMCIGA1UEAwwbZ2l0bGFiLm9jcC1sYWIuZGVwaHViLmdvLmlkMQswCQYD
VQQGEwJJRDEQMA4GA1UEBwwHSmFrYXJ0YTAeFw0yMzA3MDkwMDMwMDNaFw0yNjA0
MDQwMDMwMDNaMEUxJDAiBgNVBAMMG2dpdGxhYi5vY3AtbGFiLmRlcGh1Yi5nby5p
ZDELMAkGA1UEBhMCSUQxEDAOBgNVBAcMB0pha2FydGEwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC+60S2+O4jNlyx2AdX1MiHutRcrbvAa3DZz/zPnJ1O
ZnGBrH5vXfGHnf4B6XDh28YTBfl8ZwY0As0LKqpvlJQR0UGs96QuiIfUIaLLjmnD
BO215S/PmaTf4VS+QwHCm1e/2MHDugpd7fJMYnjcNJt6Zd3KVkp0iOKfegXPJxJd
FaPxy23HBr04K82Tl7SpGdnyTicU7YYfZFDx46vtntjVMdtgLvUOPmqSrqTv0L5o
y30HP41ke/qYVKJXbp7kvffye9U5cg+0BJ2MWLgzWC0daUeU5c0txX3haPSBDhXg
i1H5UM2M/Cn4JYoN11kKRlbjToy8MvZF+Marj+g8TOJ/AgMBAAGjUzBRMB0GA1Ud
DgQWBBTvxqxr6nCSTiVFysCPvGFCD2LvDDAfBgNVHSMEGDAWgBTvxqxr6nCSTiVF
ysCPvGFCD2LvDDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA8
z57weHLA28527iGn0hNROIvPickp0ARkD6++iSEotG2L1Dnk+ZaxT3RSumDxEwBf
2ev+m8J79WrFRqBvQ8bGrvQYYmktTnOksFF7mAGcZLQfsLCh4vuMT5WCMjEM4EYt
shAAhJ81VOM4xZAThEKGzRMZRNrRADzxGVjr4qf7d6aBJlFtYM+FvtfhCkoMmx7l
/H9FPb23eJDAu6k+De31yMUwIf9NV8kBStY6iBFGcGI28bf2dMCcMxeA9ABMyuqJ
WJqEgiR3uPd3UYdk/bn2MxROsdIx1ky/+SaUkbDHWwDtx5pyAya8+0uhAkk9vobj
FM+Wt0bgdeKKZHLav58O
-----END CERTIFICATE-----

[root@ocpnode3 core]#

[root@ocpnode3 core]# curl https://registry.ocp-lab.wachid.web.id/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
[root@ocpnode3 core]#

root@masadmin:/home/masadmin# curl https://gitlab.ocp-lab.wachid.web.id/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@masadmin:/home/masadmin#

root@masadmin:/home/masadmin# nano CA-root-gitlab.crt
root@masadmin:/home/masadmin#
root@masadmin:/home/masadmin# cp CA-root-gitlab.crt /usr/local/share/ca-certificates/CA-root-gitlab.crt
root@masadmin:/home/masadmin#

root@masadmin:/home/masadmin# update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@masadmin:/home/masadmin#

root@masadmin:/home/masadmin# curl https://gitlab.ocp-lab.wachid.web.id/
<html><body>You are being <a href="https://gitlab.ocp-lab.wachid.web.id/users/sign_in">redirected</a>.</body></html>
root@masadmin:/home/masadmin#
root@masadmin:/home/masadmin#