Add Certificate Authorities on Ubuntu
A little how-to on adding and trusting a certificate authority on Ubuntu (and possibly Debian, though I haven't checked).
Preparing
First obtain a copy of the CA's certificate file in PEM format.
You can check if a certificate file is in this format by opening it in a text editor of your choice. When opened, if you see regular text characters (and not random symbols) and the file starts -----BEGIN CERTIFICATE-----
and ends -----END CERTIFICATE-----
, it's in PEM format.
From here onwards, I'm assuming your certificate file is called ca.crt
, if it isn't, change the commands accordingly.
If you want to view the contents of the certificate, you can do so as follows with OpenSSL
$ openssl x509 -in ca.crt -text
Installing and Trusting the CA
Copy the certificate file to /usr/share/ca-certificates
, or a subdirectory of it.
# cp ca.crt /usr/share/ca-certificates
Then reconfigure the ca-certificates
package to trust it.
# dpkg-reconfigure ca-certificates
This will launch a text-based wizard asking you if you want to trust new certificate authorities. It's best to select ask
in case a rogue CA has made it's way in there without your knowledge.
Use the arrow keys to select ask
and press enter to confirm. Next you will be shown a list of CAs, any with a star in the brackets ([*]
) on the left are trusted. To to toggle trust, press space. After trusting your new CA, press enter to confirm and the new CA will be installed.