update certificate store

 

RedHat:

cp ca-bundle.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust

 

Ubuntu:

cp ca-bundle.crt /usr/local/share/ca-certificates/
update-ca-certificates

 

通过curl -vL --head jd.com 找出OS默认ca-bundle

RHEL:

 

 

Ubuntu:

 

 

openssl verify -CAfile /etc/kubernetes/pki/ca.crt apiserver.crt