The recommended way of doing that on RHEL 6+ systems is to use update-ca-trust tool, which is now installed by default.
# cat /etc/pki/ca-trust/source/README
This directory /etc/pki/ca-trust/source/ contains CA certificates and
trust settings in the PEM file format. The trust settings found here will be
interpreted with a high priority - higher than the ones found in
QUICK HELP: To add a certificate in the simple PEM or DER file formats to the
list of CAs trusted on the system:
Copy it to the
subdirectory, and run the
If your certificate is in the extended BEGIN TRUSTED file format,
then place it into the main source/ directory instead.
Please refer to the update-ca-trust(8) manual page for additional information
Therefore, you only need to drop your crt file to the
/etc/pki/ca-trust/source/anchors/ and to run the tool. Work done. This is safe to do, you don't need to do any backups. Full manual page can be found here: https://www.mankier.com/8/update-ca-trust