Ubuntu: Add missing CA certificate

addcert.sh

# good reference: https://wiki.ubuntuusers.de/CA/

# download missing cert DigiCertHighAssuranceEVRootCA.crt 
wget --no-check-certificate https://dl.cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt

# convert to pem format
openssl x509 -inform DER -outform PEM -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem.crt

# copy to /usr/local/share/ca-certificates
cp DigiCertHighAssuranceEVRootCA.pem.crt /usr/local/share/ca-certificates/

# update ca-certificate configuration 
update-ca-certificates

# above command results:
# 1. generate /etc/ssl/certs/ca-certificates.crt bundle
# 2. add symlink in /etc/ssl/certs to /usr/local/share/ca-certificates/DigiCertHighAssuranceEVRootCA.pem.crt

# If php openssl ist still not working, check correct symlinks
php -r "var_dump(openssl_get_cert_locations());"

# array(8) {
#   ["default_cert_file"]=>
#   string(21) "/usr/lib/ssl/cert.pem"
#   ["default_cert_file_env"]=>
#   string(13) "SSL_CERT_FILE"
#   ["default_cert_dir"]=>
#   string(18) "/usr/lib/ssl/certs"
#   ["default_cert_dir_env"]=>
#   string(12) "SSL_CERT_DIR"
#   ["default_private_dir"]=>
#   string(20) "/usr/lib/ssl/private"
#   ["default_default_cert_area"]=>
#   string(12) "/usr/lib/ssl"
#   ["ini_cafile"]=>
#   string(0) ""
#   ["ini_capath"]=>
#   string(0) ""
# }

# /usr/lib/ssl/cert.pem should exist
# /usr/lib/ssl/certs should be symlink to /etc/ssl/certs
# /usr/lib/ssl/private should be symlink to /etc/ssl/private

# this workes for me
# symlinking /usr/lib/ssl/cert.pem -> /etc/ssl/certs/ca-certificates.crt