cat /etc/pki/ca-trust/source/README
<![CDATA[
=============================================================================
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
list of CAs trusted on the system:
Copy it to the
/etc/pki/ca-trust/source/anchors/
subdirectory, and run the
update-ca-trust
command.
If your certificate is in the extended BEGIN TRUSTED file format,
then place it into the main source/ directory instead.
=============================================================================
]]>
Trust a certificate
<![CDATA[
cp /path/to/certificate /etc/pki/ca-trust/source/.
update-ca-trust
]]>
Test
<![CDATA[
openssl s_client -verify 5 -connect <serverurl>:<port>
or
gnutls-cli -p <port> <serverurl>
or
curl --head https://<serverurl>:<port>
]]>
Remove trust
<![CDATA[
rm /etc/pki/ca-trust/source/myCertificate
update-ca-trust
]]>