A little how-to on adding and trusting a certificate authority on Ubuntu (and possibly Debian, though I haven't checked).

Preparing

First obtain a copy of the CA's certificate file in PEM format.

You can check if a certificate file is in this format by opening it in a text editor of your choice. When opened, if you see regular text characters (and not random symbols) and the file starts -----BEGIN CERTIFICATE----- and ends -----END CERTIFICATE-----, it's in PEM format.

From here onwards, I'm assuming your certificate file is called ca.crt, if it isn't, change the commands accordingly.

If you want to view the contents of the certificate, you can do so as follows with OpenSSL

$ openssl x509 -in ca.crt -text

Installing and Trusting the CA

Copy the certificate file to /usr/share/ca-certificates, or a subdirectory of it.

# cp ca.crt /usr/share/ca-certificates

Then reconfigure the ca-certificates package to trust it.

# dpkg-reconfigure ca-certificates

This will launch a text-based wizard asking you if you want to trust new certificate authorities. It's best to select ask in case a rogue CA has made it's way in there without your knowledge.

Screenshot_20181126_180046

Use the arrow keys to select ask and press enter to confirm. Next you will be shown a list of CAs, any with a star in the brackets ([*]) on the left are trusted. To to toggle trust, press space. After trusting your new CA, press enter to confirm and the new CA will be installed.