certutil -A -d /etc/httpd/alias/ -n "GlobalSign" -t "CT,," -a -i wildcard_domain.crt

[root@web01 ~]# certutil -L -d /etc/httpd/alias
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
cacert                                                       CTu,Cu,Cu
Server-Cert                                                  u,u,u
GlobalSign-Intermediate                                      CT,,
GlobalSign                                                   CTu,u,u
alpha            
                                        u,pu,u

解决方案：

将crt文件转换为PEM格式

从原始证书创建pem文件

openssl x509 -inform PEM -in ./ssl.crt/example.com.GlobalSign-2010.crt > /root/example.com.GlobalSign-2010.pem
openssl x509 -inform PEM -in ./ssl.crt/intermediate.GlobalSign.crt > /root/intermediate.GlobalSign.crt.pem

将PEM证书连接到单个文件、根crt和链crt中

cat /root/example.com.GlobalSign-2010.pem /root/intermediate.GlobalSign.crt.pem > /root/example.com-GlogalSign-2010.pem

以PKCS12格式导出PEM证书和私钥

openssl pkcs12 -export -in example.com-GlogalSign-2010.pem -inkey ./ssl.key/example.com.GlobalSign.key -out /root/example.com-Globalsign.p12 -name Example-GlobalSign

在NSS数据库中导入PKCS12(.p12(证书

pk12util -i /root/example.com-Globalsign.p12 -d /etc/httpd/alias

您可以使用以下命令验证您的证书

certutil -L -d /etc/httpd/alias -n Example-GlobalSign

注意：将Example-GlobalSign昵称放在nss.conf配置文件中，然后Voila！！