Install self generated CA certificate into Linux OS

Install self generated CA certificate into Linux OS

To trust self generated CA from client system, following steps can be used.

Retrieve CA certificate from server

Copy from CA certificate using browser

Click on lock icron beside address bar of browser, then view certificates.

Copy from server,

The self generated CA certificate normally can be found in server, such as

Run command to retrieve from service

Following command will print out CA certificate, remove unnecessary lines, such as DONE, if any.

Note: I haven't validated the certificate retrieved using this method.

openssl s_client -showcerts -connect [server_address]:[port] < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

Install CA certificate

Copy CA certificate into /usr/local/share/ca-certificates directory, such as, then run update-ca-certificates command to update system CA, then restart impacted service.

cp <> /usr/local/share/ca-certificates
systemctl restart <service>

Note: the certificate file name must be .crt

Test CA

Run following command, should return 0 (ok) as below.

openssl s_client -connect server_address:443 -CApath /etc/ssl/certs

Verify return code: 0 (ok)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

The reCAPTCHA verification period has expired. Please reload the page.