Add Certificate Authorities on Ubuntu
A little how-to on adding and trusting a certificate authority on Ubuntu (and possibly Debian, though I haven't checked).
First obtain a copy of the CA's certificate file in PEM format.
You can check if a certificate file is in this format by opening it in a text editor of your choice. When opened, if you see regular text characters (and not random symbols) and the file starts
-----BEGIN CERTIFICATE----- and ends
-----END CERTIFICATE-----, it's in PEM format.
From here onwards, I'm assuming your certificate file is called
ca.crt, if it isn't, change the commands accordingly.
If you want to view the contents of the certificate, you can do so as follows with OpenSSL
$ openssl x509 -in ca.crt -text
Installing and Trusting the CA
Copy the certificate file to
/usr/share/ca-certificates, or a subdirectory of it.
# cp ca.crt /usr/share/ca-certificates
Then reconfigure the
ca-certificates package to trust it.
# dpkg-reconfigure ca-certificates
This will launch a text-based wizard asking you if you want to trust new certificate authorities. It's best to select
ask in case a rogue CA has made it's way in there without your knowledge.
Use the arrow keys to select
ask and press enter to confirm. Next you will be shown a list of CAs, any with a star in the brackets (
[*]) on the left are trusted. To to toggle trust, press space. After trusting your new CA, press enter to confirm and the new CA will be installed.